Validating bodies 101 around dating fourth second third time
Depending on the content of the request body, the request should be accepted or rejected consistently.Currently Cinder doesn’t have a consistent request validation layer.
In WSME implementation, the developers should define API parameters for each API.
Request validation should not return information upon successful validation.
In the event a request body is not valid, the validation layer should return the invalid values and/or the values required by the request, of which the end user should know.
jsonschema documentation notes security considerations for both schemas and instances: Better up front input validation will reduce the ability for malicious user input to exploit security bugs.
The extension’s which are there under cinder/api/contrib/ are getting called by v2 as well as v3.