openapi_parser 2.2.0 → 2.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1e38224603546bc8818028b725452113a5c3b62811675e1bc7390aeb9b408a2a
-  data.tar.gz: 6e6b0352a64a35d2a71a001931910d7e15ea4aa3a36a5aebee68f2aa6e6b367e
+  metadata.gz: ee47209ddc3182fdab488acfbda8e2fd628ab0bd0979bd04e60fcbf7f71365f3
+  data.tar.gz: 66a4c16d27ddeffd927ec5df1124572d3c885c3759630f0cae3edb9a122355f8
 SHA512:
-  metadata.gz: 5bc8816e1059379a014e2bfc702068edcc31b6adeddb2f3747094314c01df680cf431774d1fb1bb407497501e454ff4b7571e969f83eec19b6276b3de21d302d
-  data.tar.gz: e0819dbee935685d25793da062afb1dd850adeac72ba25efe917a86e46e46fb23e969f02d0402ab39a5111d765e4501ebdb93d679dc36322ddb69cae3bf6dcb8
+  metadata.gz: 3a7d3ec2c6e75fa903203dbae2a607f152e59e1299ab053df8923b9c8b69539a89dfa98a757481d8cb8dedec7e8e362c1f13f01a7087baff6dd017cd2c3dc3e9
+  data.tar.gz: 19cd5e1d6079c0b69f2ed4e849cc23a0d7b7e67fd780ad4cf2bb430d9ffbe86d4f84c36c8173e74f25905460c51af4d579f2fe19f3db215837ddef763c1fd1da

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 ## Unreleased
 
+## 2.2.2 (2024-11-21)
+* make content-type lookup case-insensitive #178
+
+## 2.2.1 (2024-10-23)
+* revert schemas validation in additionalProperties and remove additionalProperties logic from allof (breaking things for me, will revisit)
+
 ## 2.2.0 (2024-10-23)
 ### Fixed
 * support schemas validation in additionalProperties and remove additionalProperties logic from allof

data/README.md

@@ -4,7 +4,7 @@
 [![Yard Docs](https://img.shields.io/badge/yard-docs-blue.svg)](https://www.rubydoc.info/gems/openapi_parser)
 [![Inch CI](https://inch-ci.org/github/ota42y/openapi_parser.svg?branch=master)](https://inch-ci.org/github/ota42y/openapi_parser)
 
-This is OpenAPI3 parser and validator. 
+This is OpenAPI3 parser and validator.
 
 ## Usage
 
@@ -27,8 +27,8 @@ request_operation.path_params
 # => {"template_name"=>"1"}
 
 # coerce parameter
-root = OpenAPIParser.parse(YAML.load_file('open_api_3/schema.yml'), {coerce_value: true, datetime_coerce_class: DateTime}) 
-request_operation = root.request_operation(:get, '/string_params_coercer') 
+root = OpenAPIParser.parse(YAML.load_file('open_api_3/schema.yml'), {coerce_value: true, datetime_coerce_class: DateTime})
+request_operation = root.request_operation(:get, '/string_params_coercer')
 request_operation.validate_request_parameter({'integer_1' => '1', 'datetime_string' => '2016-04-01T16:00:00+09:00'})
 # => {"integer_1"=>1, "datetime_string"=>#<DateTime: 2016-04-01T16:00:00+09:00 ((2457480j,25200s,0n),+32400s,2299161j)>
 # convert number string to Integer and datetime string to DateTime class
@@ -52,7 +52,7 @@ Or install it yourself as:
     $ gem install openapi_parser
 
 ## Additional features
-OpenAPI Parser's validation based on [OpenAPI spec](https://github.com/OAI/OpenAPI-Specification)  
+OpenAPI Parser's validation based on [OpenAPI spec](https://github.com/OAI/OpenAPI-Specification)
 But we support few useful features.
 
 ### type validation
@@ -109,4 +109,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the OpenAPIParser project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/openapi_parser/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the OpenAPIParser project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/ota42y/openapi_parser/blob/master/CODE_OF_CONDUCT.md).

data/SECURITY.md

@@ -0,0 +1,6 @@
+## Security contact information
+
+To report a security vulnerability, please contact
+[Tidelift security](https://tidelift.com/security).
+
+Tidelift will coordinate the fix and disclosure.

data/lib/openapi_parser/errors.rb

@@ -160,6 +160,28 @@ module OpenAPIParser
     end
   end
 
+  class LessThanMinProperties < OpenAPIError
+    def initialize(value, reference)
+      super(reference)
+      @value = value
+    end
+
+    def message
+      "#{@reference} #{@value.size} is less than minProperties value"
+    end
+  end
+
+  class MoreThanMaxProperties < OpenAPIError
+    def initialize(value, reference)
+      super(reference)
+      @value = value
+    end
+
+    def message
+      "#{@reference} #{@value.size} is more than maxProperties value"
+    end
+  end
+
   class InvalidPattern < OpenAPIError
     def initialize(value, pattern, reference, example)
       super(reference)

data/lib/openapi_parser/request_operation.rb

@@ -78,7 +78,8 @@ class OpenAPIParser::RequestOperation
     end
 
     def content_type
-      headers['Content-Type'].to_s.split(';').first.to_s
+      content_type_key = headers.keys.detect { |k| k.casecmp?('Content-Type') }
+      headers[content_type_key].to_s.split(';').first.to_s
     end
   end
 end

data/lib/openapi_parser/schema_validator/all_of_validator.rb

@@ -10,6 +10,8 @@ class OpenAPIParser::SchemaValidator
       end
 
       # if any schema return error, it's not valida all of value
+      remaining_keys               = value.kind_of?(Hash) ? value.keys : []
+      nested_additional_properties = false
       schema.all_of.each do |s|
         # We need to store the reference to all of, so we can perform strict check on allowed properties
         _coerced, err = validatable.validate_schema(
@@ -18,9 +20,24 @@ class OpenAPIParser::SchemaValidator
           :parent_all_of => true,
           parent_discriminator_schemas: keyword_args[:parent_discriminator_schemas]
         )
+
+        if s.type == "object"
+          remaining_keys               -= (s.properties || {}).keys
+          nested_additional_properties = true if s.additional_properties
+        else
+          # If this is not allOf having array of objects inside, but e.g. having another anyOf/oneOf nested
+          remaining_keys.clear
+        end
+
         return [nil, err] if err
       end
 
+      # If there are nested additionalProperites, we allow not defined extra properties and lean on the specific
+      # additionalProperties validation
+      if !nested_additional_properties && !remaining_keys.empty?
+        return [nil, OpenAPIParser::NotExistPropertyDefinition.new(remaining_keys, schema.object_reference)]
+      end
+
       [value, nil]
     end
   end

data/lib/openapi_parser/schema_validator/object_validator.rb

@@ -1,5 +1,7 @@
 class OpenAPIParser::SchemaValidator
   class ObjectValidator < Base
+    include ::OpenAPIParser::SchemaValidator::PropertiesNumber
+
     # @param [Hash] value
     # @param [OpenAPIParser::Schemas::Schema] schema
     # @param [Boolean] parent_all_of true if component is nested under allOf
@@ -27,9 +29,9 @@ class OpenAPIParser::SchemaValidator
         coerced, err = if s
                          remaining_keys.delete(name)
                          validatable.validate_schema(v, s)
-                       elsif schema.additional_properties != true && schema.additional_properties != false
-                         validatable.validate_schema(v, schema.additional_properties)
                        else
+                         # TODO: we need to perform a validation based on schema.additional_properties here, if
+                         # additionalProperties are defined
                          [v, nil]
                        end
 
@@ -41,14 +43,16 @@ class OpenAPIParser::SchemaValidator
 
       remaining_keys.delete(discriminator_property_name) if discriminator_property_name
 
-      if !remaining_keys.empty? && !schema.additional_properties
+      if !remaining_keys.empty? && !parent_all_of && !schema.additional_properties
+        # If object is nested in all of, the validation is already done in allOf validator. Or if
+        # additionalProperties are defined, we will validate using that
         return [nil, OpenAPIParser::NotExistPropertyDefinition.new(remaining_keys, schema.object_reference)]
       end
       return [nil, OpenAPIParser::NotExistRequiredKey.new(required_set.to_a, schema.object_reference)] unless required_set.empty?
 
       value.merge!(coerced_values.to_h) if @coerce_value
 
-      [value, nil]
+      check_properties_number(value, schema)
     end
   end
 end

data/lib/openapi_parser/schema_validator/properties_number.rb

@@ -0,0 +1,30 @@
+class OpenAPIParser::SchemaValidator
+  module PropertiesNumber
+    # check minProperties and manProperties value by schema
+    # @param [Object] value
+    # @param [OpenAPIParser::Schemas::Schema] schema
+    def check_properties_number(value, schema)
+      include_properties_num = schema.minProperties || schema.maxProperties
+      return [value, nil] unless include_properties_num
+
+      validate(value, schema)
+      [value, nil]
+    rescue OpenAPIParser::OpenAPIError => e
+      return [nil, e]
+    end
+
+    private
+
+      def validate(value, schema)
+        reference = schema.object_reference
+
+        if schema.minProperties && (value.size < schema.minProperties)
+          raise OpenAPIParser::LessThanMinProperties.new(value, reference)
+        end
+
+        if schema.maxProperties && (value.size > schema.maxProperties)
+          raise OpenAPIParser::MoreThanMaxProperties.new(value, reference)
+        end
+      end
+  end
+end

data/lib/openapi_parser/schema_validator/string_validator.rb

@@ -71,6 +71,8 @@ class OpenAPIParser::SchemaValidator
       def validate_date_format(value, schema)
         return [value, nil] unless schema.format == 'date'
 
+        return [nil, OpenAPIParser::InvalidDateFormat.new(value, schema.object_reference)] unless value =~ /^\d{4}-\d{2}-\d{2}$/
+
         begin
           parsed_date = Date.iso8601(value)
         rescue ArgumentError

data/lib/openapi_parser/schema_validator.rb

@@ -1,6 +1,7 @@
 require_relative 'schema_validator/options'
 require_relative 'schema_validator/enumable'
 require_relative 'schema_validator/minimum_maximum'
+require_relative 'schema_validator/properties_number'
 require_relative 'schema_validator/base'
 require_relative 'schema_validator/string_validator'
 require_relative 'schema_validator/integer_validator'

data/lib/openapi_parser/schemas/response.rb

@@ -21,9 +21,11 @@ module OpenAPIParser::Schemas
 
       media_type = select_media_type(response_body.content_type)
       unless media_type
-        raise ::OpenAPIParser::NotExistContentTypeDefinition, object_reference if response_validate_options.strict
+        if response_validate_options.strict && response_body_not_blank(response_body)
+          raise ::OpenAPIParser::NotExistContentTypeDefinition, object_reference
+        end
 
-        return nil
+        return true
       end
 
       options = ::OpenAPIParser::SchemaValidator::Options.new # response validator not support any options
@@ -39,6 +41,11 @@ module OpenAPIParser::Schemas
 
     private
 
+      # @param [OpenAPIParser::RequestOperation::ValidatableResponseBody]
+      def response_body_not_blank(response_body)
+        !(response_body.response_data.nil? || response_body.response_data.empty?)
+      end
+
       # @param [Hash] response_headers
       def validate_header(response_headers)
         return unless headers

data/lib/openapi_parser/version.rb

@@ -1,3 +1,3 @@
 module OpenAPIParser
-  VERSION = '2.2.0'.freeze
+  VERSION = '2.2.2'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openapi_parser
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.2.2
 platform: ruby
 authors:
 - ota42y
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-10-23 00:00:00.000000000 Z
+date: 2024-11-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -142,6 +142,7 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- SECURITY.md
 - Steepfile
 - bin/console
 - bin/setup
@@ -186,6 +187,7 @@ files:
 - lib/openapi_parser/schema_validator/object_validator.rb
 - lib/openapi_parser/schema_validator/one_of_validator.rb
 - lib/openapi_parser/schema_validator/options.rb
+- lib/openapi_parser/schema_validator/properties_number.rb
 - lib/openapi_parser/schema_validator/string_validator.rb
 - lib/openapi_parser/schema_validator/unspecified_type_validator.rb
 - lib/openapi_parser/schemas.rb