Prohibit unknown values?

Question

Can I raise an error with colander, if values are in the payload that are not in the schema? Thus, allowing only whitelisted fields?

This is a sample:

# coding=utf-8
from colander import MappingSchema, String, Length
from colander import SchemaNode


class SamplePayload(MappingSchema):
    name = SchemaNode(String())
    foo  = SchemaNode(Int())


class Sample(MappingSchema):
    type = SchemaNode(String(), validator=Length(max=32))
    payload = SamplePayload()

# This json should not be accepted (and should yield something like: Unknown field in payload: bar

{  
   "type":"foo",
   "payload":{  
      "name":"a name",
      "foo":123,
      "bar":false
   }
}

I don't know about Colander but the API contains [validators](http://docs.pylonsproject.org/projects/colander/en/latest/api.html#validators). Does any of these do what you want? — , Jan 07 '15 at 09:01

Janne Karila · Accepted Answer · 2015-01-07T13:38:35.570

3

Yes, see the docs of colander.Mapping

Creating a mapping with colander.Mapping(unknown='raise') will cause a colander.Invalid exception to be raised when unknown keys are present in the cstruct during deserialization.

According to issue 116 in the tracker, the way to apply this to a Schema object is to override the schema_type method:

class StrictMappingSchema(MappingSchema):
    def schema_type(self, **kw):
        return colander.Mapping(unknown='raise')

class SamplePayload(StrictMappingSchema):
    name = SchemaNode(String())
    foo  = SchemaNode(Int())

edited Jan 07 '15 at 13:38

answered Jan 07 '15 at 09:32

Janne Karila

24,266
6
53
94

This is only referencing to the Mapping Type, right? I want that for the entire schema. – shredding Jan 07 '15 at 10:56
@shredding Perhaps you could add a schema and an example of data that should be rejected to the question. – Janne Karila Jan 07 '15 at 11:04
Thank you! I added an example! – shredding Jan 07 '15 at 11:16

Prohibit unknown values?

1 Answers1