stackOverflowError loading schema file

[mpmiller37]

Getting schema using the api causes 2 warnings and a StackOverflowError, pretty simple example below:
`public class JsonTester {

public static JsonNode getJsonNodeFromStringContent(String content) throws Exception {
    ObjectMapper mapper = new ObjectMapper();
    JsonNode node = mapper.readTree(content);
    return node;
}
public static void main(String[] args) throws Exception {
    String schema = "https://scap.nist.gov/schema/nvd/feed/0.1/nvd_cve_feed_json_0.1_beta.schema";
    String filePath = String.format("file://%s", "C:/temp/feeds/json/cve/1.0/nvdcve-1.0-recent.json");
    
    JsonNode node = getJsonNodeFromStringContent("{\"CVE_data_type\" : \"CVE\",\"CVE_data_format\" : \"MITRE\",\"CVE_data_version\" : \"4.0\",\"CVE_data_numberOfCVEs\" : \"0\",\"CVE_data_timestamp\" : \"2018-08-21T20:41Z\",\"CVE_Items\" : [ ]}");
    
    JsonSchema jschema = null;
    try {
        jschema = JsonSchemaFactory.getInstance().getSchema(new URL(schema));
    }
    catch (Exception ex) {
        System.out.println("error: " + ex.getMessage());
        return;
    }
    
    Set<ValidationMessage> msgs = jschema.validate(node);
    
}

}`

Output:
Validating:
https://scap.nist.gov/schema/nvd/feed/0.1/nvd_cve_feed_json_0.1_beta.schema
file://C:/temp/feeds/json/cve/1.0/nvdcve-1.0-recent.json
[main] WARN com.networknt.schema.JsonMetaSchema - Unknown keyword copyright - you should define your own Meta Schema. If the keyword is irrelevant for validation, just use a NonValidationKeyword
[main] WARN com.networknt.schema.JsonMetaSchema - Could not load validator $ref
error: java.lang.StackOverflowError

I notice that if I use the online validator at: https://www.jsonschemavalidator.net/
It shows No Errors when I paste the schema and json into the specified textboxes.

Any help would be appreciated.

[mpmiller37]

Version 0.1.13

[stevehu]

@mpmiller37 Thanks a lot for bringing it up. I am fixing it.

[mpmiller37]

Hi, any guesstimate concerning a possible time frame for this fix? Thx

[stevehu]

After digging into the codebase, I think we might need to fix the issue by addressing this #63

The stack overflow is caused by self-referenced schema and it only happens when you have the wrong schema deployed. In most of our use cases, we package the schema within the application so it is a controlled risk at the moment unless someone builds an application that accepts schema from the Internet.

[mpmiller37]

Hi Steve, in your last comment, "caused by self-referenced schema" are you talking about schema line 13 "items": {"$ref": "#/definitions/def_node"}?
If so, I'm not sure what you meant by "only happens when you have the wrong schema deployed"? I wasn't sure if you were implying that there is some sort of workaround we could utilize to resolve without waiting for issue #63 to be resolved.
Thanks

[jarrod180]

this problem seems to happen with any schema that has recursive self reference in the schema definition. Unless some other work happens at the same time, I don't see #63 solving this problem?

[stevehu]

@jarrod180 You are right. The recursive self-reference issue is not easy to fix and I have too many high priority tasks in my plate now. I just marked the issue with help wanted label. Let's see if someone from the community can help. Thanks for bringing this issue up again.

[stevehu]

@mpmiller37 The recursive self-reference issue is fixed by @davidvisiedo in #180

I have merged the PR into the master branch and the release is pending. I am wondering if you could help to retest your use case to confirm the fix works. You can wait until the next release is out or build the jar locally from the master branch. Thanks.