From 7b9fb524f8a48a0b6ed076ffbf5285e1930dfdcc Mon Sep 17 00:00:00 2001
From: Jacob Walls <jwalls@fargeo.com>
Date: Tue, 10 Dec 2024 15:33:04 -0500
Subject: [PATCH] Reject unknown keys

---
 arches/app/models/serializers.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/arches/app/models/serializers.py b/arches/app/models/serializers.py
index 54746e8ddd..87e4f0d0e4 100644
--- a/arches/app/models/serializers.py
+++ b/arches/app/models/serializers.py
@@ -1,6 +1,7 @@
 from copy import deepcopy
 
 from django.db.models import F
+from rest_framework.exceptions import ValidationError
 from rest_framework import fields
 from rest_framework import renderers
 from rest_framework import serializers
@@ -82,6 +83,13 @@ def build_relational_field(self, field_name, relation_info):
             )
         return ret
 
+    def validate(self, data):
+        if hasattr(self, "initial_data") and (
+            unknown_keys := set(self.initial_data) - set(self.fields)
+        ):
+            raise ValidationError({unknown_keys.pop(): "Unexpected field"})
+        return data
+
 
 class ArchesModelSerializer(serializers.ModelSerializer):
     legacyid = serializers.CharField(max_length=255, required=False, allow_null=True)
@@ -143,6 +151,13 @@ class Meta:
             allow_null=True,
         )
 
+    def validate(self, data):
+        if hasattr(self, "initial_data") and (
+            unknown_keys := set(self.initial_data) - set(self.fields)
+        ):
+            raise ValidationError({unknown_keys.pop(): "Unexpected field"})
+        return data
+
     def create(self, validated_data):
         meta = self.__class__.Meta
         instance_without_tile_data = super().create(validated_data)