@redocly/openapi-core 1.0.0-beta.106 → 1.0.0-beta.109

package/src/rules/ajv.ts

@@ -8,7 +8,7 @@ export function releaseAjvInstance() {
   ajvInstance = null;
 }
 
-function getAjv(resolve: ResolveFn, disallowAdditionalProperties: boolean) {
+function getAjv(resolve: ResolveFn, allowAdditionalProperties: boolean) {
   if (!ajvInstance) {
     ajvInstance = new Ajv({
       schemaId: '$id',
@@ -20,7 +20,7 @@ function getAjv(resolve: ResolveFn, disallowAdditionalProperties: boolean) {
       discriminator: true,
       allowUnionTypes: true,
       validateFormats: false, // TODO: fix it
-      defaultAdditionalProperties: !disallowAdditionalProperties,
+      defaultAdditionalProperties: allowAdditionalProperties,
       loadSchemaSync(base: string, $ref: string) {
         const resolvedRef = resolve({ $ref }, base.split('#')[0]);
         if (!resolvedRef || !resolvedRef.location) return false;
@@ -36,9 +36,9 @@ function getAjvValidator(
   schema: any,
   loc: Location,
   resolve: ResolveFn,
-  disallowAdditionalProperties: boolean
+  allowAdditionalProperties: boolean
 ): ValidateFunction | undefined {
-  const ajv = getAjv(resolve, disallowAdditionalProperties);
+  const ajv = getAjv(resolve, allowAdditionalProperties);
 
   if (!ajv.getSchema(loc.absolutePointer)) {
     ajv.addSchema({ $id: loc.absolutePointer, ...schema }, loc.absolutePointer);
@@ -53,9 +53,9 @@ export function validateJsonSchema(
   schemaLoc: Location,
   instancePath: string,
   resolve: ResolveFn,
-  disallowAdditionalProperties: boolean
+  allowAdditionalProperties: boolean
 ): { valid: boolean; errors: (ErrorObject & { suggest?: string[] })[] } {
-  const validate = getAjvValidator(schema, schemaLoc, resolve, disallowAdditionalProperties);
+  const validate = getAjvValidator(schema, schemaLoc, resolve, allowAdditionalProperties);
   if (!validate) return { valid: true, errors: [] }; // unresolved refs are reported
 
   const valid = validate(data, {
@@ -73,7 +73,7 @@ export function validateJsonSchema(
 
   function beatifyErrorMessage(error: ErrorObject) {
     let message = error.message;
-    let suggest = error.keyword === 'enum' ? error.params.allowedValues : undefined;
+    const suggest = error.keyword === 'enum' ? error.params.allowedValues : undefined;
     if (suggest) {
       message += ` ${suggest.map((e: any) => `"${e}"`).join(', ')}`;
     }

package/src/rules/common/__tests__/no-enum-type-mismatch.test.ts

@@ -191,6 +191,7 @@ describe('Oas3 typed enum', () => {
     expect(replaceSourceWithRef(results)).toMatchInlineSnapshot(`
       Array [
         Object {
+          "from": undefined,
           "location": Array [
             Object {
               "pointer": "#/paths/~1some/get/responses/200/content/application~1json/schema",

package/src/rules/common/__tests__/operation-2xx-response.test.ts

@@ -34,7 +34,7 @@ describe('Oas3 operation-2xx-response', () => {
               "source": "foobar.yaml",
             },
           ],
-          "message": "Operation must have at least one \`2xx\` response.",
+          "message": "Operation must have at least one \`2XX\` response.",
           "ruleId": "operation-2xx-response",
           "severity": "error",
           "suggest": Array [],

package/src/rules/common/__tests__/operation-4xx-response.test.ts

@@ -34,7 +34,7 @@ describe('Oas3 operation-4xx-response', () => {
               "source": "foobar.yaml",
             },
           ],
-          "message": "Operation must have at least one \`4xx\` response.",
+          "message": "Operation must have at least one \`4XX\` response.",
           "ruleId": "operation-4xx-response",
           "severity": "error",
           "suggest": Array [],
@@ -43,7 +43,7 @@ describe('Oas3 operation-4xx-response', () => {
     `);
   });
 
-  it('should not report for present 4xx response', async () => {
+  it('should not report for present 400 response', async () => {
     const document = parseYamlToDocument(
       outdent`
           openapi: 3.0.0
@@ -66,6 +66,29 @@ describe('Oas3 operation-4xx-response', () => {
     expect(replaceSourceWithRef(results)).toMatchInlineSnapshot(`Array []`);
   });
 
+  it('should not report for present 4XX response', async () => {
+    const document = parseYamlToDocument(
+      outdent`
+          openapi: 3.0.0
+          paths:
+            '/test/':
+              put:
+                responses:
+                  4XX:
+                    description: error response
+        `,
+      'foobar.yaml'
+    );
+
+    const results = await lintDocument({
+      externalRefResolver: new BaseResolver(),
+      document,
+      config: await makeConfig({ 'operation-4xx-response': 'error' }),
+    });
+
+    expect(replaceSourceWithRef(results)).toMatchInlineSnapshot(`Array []`);
+  });
+
   it('should report if default is present but missing 4xx response', async () => {
     const document = parseYamlToDocument(
       outdent`
@@ -96,7 +119,7 @@ describe('Oas3 operation-4xx-response', () => {
               "source": "foobar.yaml",
             },
           ],
-          "message": "Operation must have at least one \`4xx\` response.",
+          "message": "Operation must have at least one \`4XX\` response.",
           "ruleId": "operation-4xx-response",
           "severity": "error",
           "suggest": Array [],

package/src/rules/common/__tests__/security-defined.test.ts

@@ -0,0 +1,175 @@
+import { outdent } from 'outdent';
+import { lintDocument } from '../../../lint';
+import { parseYamlToDocument, replaceSourceWithRef, makeConfig } from '../../../../__tests__/utils';
+import { BaseResolver } from '../../../resolve';
+
+describe('Oas3 security-defined', () => {
+  it('should report on securityRequirements object if security scheme is not defined in components', async () => {
+    const document = parseYamlToDocument(
+      outdent`
+          openapi: 3.0.0
+          paths:
+            /pets:
+              get:
+                security:
+                  - some: []`,
+      'foobar.yaml'
+    );
+
+    const results = await lintDocument({
+      externalRefResolver: new BaseResolver(),
+      document,
+      config: await makeConfig({ 'security-defined': 'error' }),
+    });
+
+    expect(replaceSourceWithRef(results)).toMatchInlineSnapshot(`
+      Array [
+        Object {
+          "location": Array [
+            Object {
+              "pointer": "#/paths/~1pets/get/security/0/some",
+              "reportOnKey": true,
+              "source": "foobar.yaml",
+            },
+          ],
+          "message": "There is no \`some\` security scheme defined.",
+          "ruleId": "security-defined",
+          "severity": "error",
+          "suggest": Array [],
+        },
+      ]
+    `);
+  });
+
+  it('should not report if security defined with an empty array', async () => {
+    const document = parseYamlToDocument(
+      outdent`
+          openapi: 3.0.0
+          security: []
+          paths:`,
+      'foobar.yaml'
+    );
+
+    const results = await lintDocument({
+      externalRefResolver: new BaseResolver(),
+      document,
+      config: await makeConfig({ 'security-defined': 'error' }),
+    });
+
+    expect(replaceSourceWithRef(results)).toMatchInlineSnapshot(`Array []`);
+  });
+
+  it('should report if security not defined at all', async () => {
+    const document = parseYamlToDocument(
+      outdent`
+          openapi: 3.0.0
+          paths:
+            /pets:
+              get:
+                requestBody:`,
+      'foobar.yaml'
+    );
+
+    const results = await lintDocument({
+      externalRefResolver: new BaseResolver(),
+      document,
+      config: await makeConfig({ 'security-defined': 'error' }),
+    });
+
+    expect(replaceSourceWithRef(results)).toMatchInlineSnapshot(`
+      Array [
+        Object {
+          "location": Array [
+            Object {
+              "pointer": "#/",
+              "reportOnKey": false,
+              "source": "foobar.yaml",
+            },
+          ],
+          "message": "Every API should have security defined on the root level or for each operation.",
+          "ruleId": "security-defined",
+          "severity": "error",
+          "suggest": Array [],
+        },
+      ]
+    `);
+  });
+
+  it('should report if security not defined for each operation', async () => {
+    const document = parseYamlToDocument(
+      outdent`
+          openapi: 3.0.0
+          paths:
+            /pets:
+                get:
+                  security:
+                    - some: []
+            /cats:
+                get:`,
+      'foobar.yaml'
+    );
+
+    const results = await lintDocument({
+      externalRefResolver: new BaseResolver(),
+      document,
+      config: await makeConfig({ 'security-defined': 'error' }),
+    });
+
+    expect(replaceSourceWithRef(results)).toMatchInlineSnapshot(`
+      Array [
+        Object {
+          "location": Array [
+            Object {
+              "pointer": "#/paths/~1pets/get/security/0/some",
+              "reportOnKey": true,
+              "source": "foobar.yaml",
+            },
+          ],
+          "message": "There is no \`some\` security scheme defined.",
+          "ruleId": "security-defined",
+          "severity": "error",
+          "suggest": Array [],
+        },
+        Object {
+          "location": Array [
+            Object {
+              "pointer": "#/",
+              "reportOnKey": false,
+              "source": "foobar.yaml",
+            },
+          ],
+          "message": "Every API should have security defined on the root level or for each operation.",
+          "ruleId": "security-defined",
+          "severity": "error",
+          "suggest": Array [],
+        },
+      ]
+    `);
+  });
+
+  it('should not report on securityRequirements object if security scheme is defined in components', async () => {
+    const document = parseYamlToDocument(
+      outdent`
+      openapi: 3.0.0
+      paths:
+        /pets:
+          get:
+            security:
+              some: []
+      components:
+        securitySchemes:
+          some:
+            type: http
+            scheme: basic`,
+      'foobar.yaml'
+    );
+
+    const results = await lintDocument({
+      externalRefResolver: new BaseResolver(),
+      document,
+      config: await makeConfig({ 'security-defined': 'error' }),
+    });
+
+    expect(replaceSourceWithRef(results)).toMatchInlineSnapshot(`Array []`);
+  });
+});

package/src/rules/common/__tests__/spec.test.ts

@@ -31,6 +31,7 @@ describe('Oas3 spec', () => {
     expect(replaceSourceWithRef(results)).toMatchInlineSnapshot(`
       Array [
         Object {
+          "from": undefined,
           "location": Array [
             Object {
               "pointer": "#/",
@@ -44,6 +45,7 @@ describe('Oas3 spec', () => {
           "suggest": Array [],
         },
         Object {
+          "from": undefined,
           "location": Array [
             Object {
               "pointer": "#/paths/~1test/get/parameters/0",
@@ -59,4 +61,81 @@ describe('Oas3 spec', () => {
       ]
     `);
   });
+
+  it('should report with "referenced from"', async () => {
+    const document = parseYamlToDocument(
+      outdent`
+      openapi: 3.0.0
+      components:
+        requestBodies:
+          TestRequestBody:
+            content:
+              application/json:
+                schema:
+                  type: object
+        schemas:
+          TestSchema:
+            title: TestSchema
+            allOf:
+              - $ref: "#/components/requestBodies/TestRequestBody"
+        `,
+      'foobar.yaml'
+    );
+
+    const results = await lintDocument({
+      externalRefResolver: new BaseResolver(),
+      document,
+      config: await makeConfig({ spec: 'error' }),
+    });
+
+    expect(replaceSourceWithRef(results)).toMatchInlineSnapshot(`
+      Array [
+        Object {
+          "from": undefined,
+          "location": Array [
+            Object {
+              "pointer": "#/",
+              "reportOnKey": true,
+              "source": "foobar.yaml",
+            },
+          ],
+          "message": "The field \`paths\` must be present on this level.",
+          "ruleId": "spec",
+          "severity": "error",
+          "suggest": Array [],
+        },
+        Object {
+          "from": undefined,
+          "location": Array [
+            Object {
+              "pointer": "#/",
+              "reportOnKey": true,
+              "source": "foobar.yaml",
+            },
+          ],
+          "message": "The field \`info\` must be present on this level.",
+          "ruleId": "spec",
+          "severity": "error",
+          "suggest": Array [],
+        },
+        Object {
+          "from": Object {
+            "pointer": "#/components/schemas/TestSchema/allOf/0",
+            "source": "foobar.yaml",
+          },
+          "location": Array [
+            Object {
+              "pointer": "#/components/requestBodies/TestRequestBody/content",
+              "reportOnKey": true,
+              "source": "foobar.yaml",
+            },
+          ],
+          "message": "Property \`content\` is not expected here.",
+          "ruleId": "spec",
+          "severity": "error",
+          "suggest": Array [],
+        },
+      ]
+    `);
+  });
 });

package/src/rules/common/assertions/__tests__/utils.test.ts

@@ -70,13 +70,13 @@ describe('Oas3 assertions', () => {
           },
         ];
 
-        const visitors = buildVisitorObject('MediaTypeMap', context, () => {}) as any;
+        const visitors = buildVisitorObject('MediaTypesMap', context, () => {}) as any;
 
         expect(visitors).toMatchInlineSnapshot(`
           Object {
             "Operation": Object {
               "ResponsesMap": Object {
-                "MediaTypeMap": [Function],
+                "MediaTypesMap": [Function],
                 "skip": [Function],
               },
               "skip": [Function],

package/src/rules/common/assertions/asserts.ts

@@ -46,7 +46,7 @@ export const asserts: Asserts = {
     if (typeof value === 'undefined') return { isValid: true }; // property doesn't exist, no need to lint it with this assert
     const values = runOnValue(value) ? [value] : value;
     const regx = regexFromString(condition);
-    for (let _val of values) {
+    for (const _val of values) {
       if (!regx?.test(_val)) {
         return { isValid: false, location: runOnValue(value) ? baseLocation : baseLocation.key() };
       }
@@ -56,7 +56,7 @@ export const asserts: Asserts = {
   enum: (value: string | string[], condition: string[], baseLocation: Location) => {
     if (typeof value === 'undefined') return { isValid: true }; // property doesn't exist, no need to lint it with this assert
     const values = runOnValue(value) ? [value] : value;
-    for (let _val of values) {
+    for (const _val of values) {
       if (!condition.includes(_val)) {
         return {
           isValid: false,
@@ -81,7 +81,7 @@ export const asserts: Asserts = {
   disallowed: (value: string | string[], condition: string[], baseLocation: Location) => {
     if (typeof value === 'undefined') return { isValid: true }; // property doesn't exist, no need to lint it with this assert
     const values = runOnValue(value) ? [value] : value;
-    for (let _val of values) {
+    for (const _val of values) {
       if (condition.includes(_val)) {
         return {
           isValid: false,
@@ -114,7 +114,7 @@ export const asserts: Asserts = {
   casing: (value: string | string[], condition: string, baseLocation: Location) => {
     if (typeof value === 'undefined') return { isValid: true }; // property doesn't exist, no need to lint it with this assert
     const values: string[] = runOnValue(value) ? [value] : value;
-    for (let _val of values) {
+    for (const _val of values) {
       let matchCase = false;
       switch (condition) {
         case 'camelCase':

package/src/rules/common/assertions/index.ts

@@ -3,7 +3,7 @@ import { AssertToApply, buildSubjectVisitor, buildVisitorObject } from './utils'
 import { Oas2Rule, Oas3Rule } from '../../../visitors';
 
 export const Assertions: Oas3Rule | Oas2Rule = (opts: object) => {
-  let visitors: any[] = [];
+  const visitors: any[] = [];
 
   // As 'Assertions' has an array of asserts,
   // that array spreads into an 'opts' object on init rules phase here

package/src/rules/common/no-ambiguous-paths.ts

@@ -5,7 +5,7 @@ import { Oas2Paths } from '../../typings/swagger';
 
 export const NoAmbiguousPaths: Oas3Rule | Oas2Rule = () => {
   return {
-    PathMap(pathMap: Oas3Paths | Oas2Paths, { report, location }: UserContext) {
+    PathsMap(pathMap: Oas3Paths | Oas2Paths, { report, location }: UserContext) {
       const seenPaths: string[] = [];
 
       for (const currentPath of Object.keys(pathMap)) {

package/src/rules/common/no-identical-paths.ts

@@ -5,7 +5,7 @@ import { Oas2Paths } from '../../typings/swagger';
 
 export const NoIdenticalPaths: Oas3Rule | Oas2Rule = () => {
   return {
-    PathMap(pathMap: Oas3Paths | Oas2Paths, { report, location }: UserContext) {
+    PathsMap(pathMap: Oas3Paths | Oas2Paths, { report, location }: UserContext) {
       const pathsMap = new Map<string, string>();
       for (const pathName of Object.keys(pathMap)) {
         const id = pathName.replace(/{.+?}/g, '{VARIABLE}');

package/src/rules/common/no-invalid-parameter-examples.ts

@@ -1,9 +1,9 @@
 import { UserContext } from '../../walk';
 import { Oas3Parameter } from '../../typings/openapi';
-import { validateExample } from '../utils';
+import { getAdditionalPropertiesOption, validateExample } from '../utils';
 
 export const NoInvalidParameterExamples: any = (opts: any) => {
-  const disallowAdditionalProperties = opts.disallowAdditionalProperties ?? true;
+  const allowAdditionalProperties = getAdditionalPropertiesOption(opts) ?? false;
   return {
     Parameter: {
       leave(parameter: Oas3Parameter, ctx: UserContext) {
@@ -13,7 +13,7 @@ export const NoInvalidParameterExamples: any = (opts: any) => {
             parameter.schema!,
             ctx.location.child('example'),
             ctx,
-            disallowAdditionalProperties
+            allowAdditionalProperties
           );
         }
 
@@ -25,7 +25,7 @@ export const NoInvalidParameterExamples: any = (opts: any) => {
                 parameter.schema!,
                 ctx.location.child(['examples', key]),
                 ctx,
-                false
+                true
               );
             }
           }

package/src/rules/common/no-invalid-schema-examples.ts

@@ -1,9 +1,9 @@
 import { UserContext } from '../../walk';
 import { Oas3_1Schema } from '../../typings/openapi';
-import { validateExample } from '../utils';
+import { getAdditionalPropertiesOption, validateExample } from '../utils';
 
 export const NoInvalidSchemaExamples: any = (opts: any) => {
-  const disallowAdditionalProperties = opts.disallowAdditionalProperties ?? true;
+  const allowAdditionalProperties = getAdditionalPropertiesOption(opts) ?? false;
   return {
     Schema: {
       leave(schema: Oas3_1Schema, ctx: UserContext) {
@@ -14,12 +14,12 @@ export const NoInvalidSchemaExamples: any = (opts: any) => {
               schema,
               ctx.location.child(['examples', schema.examples.indexOf(example)]),
               ctx,
-              disallowAdditionalProperties
+              allowAdditionalProperties
             );
           }
         }
         if (schema.example) {
-          validateExample(schema.example, schema, ctx.location.child('example'), ctx, false);
+          validateExample(schema.example, schema, ctx.location.child('example'), ctx, true);
         }
       },
     },

package/src/rules/common/operation-2xx-response.ts

@@ -7,7 +7,7 @@ export const Operation2xxResponse: Oas3Rule | Oas2Rule = () => {
       const codes = Object.keys(responses);
       if (!codes.some((code) => code === 'default' || /2[Xx0-9]{2}/.test(code))) {
         report({
-          message: 'Operation must have at least one `2xx` response.',
+          message: 'Operation must have at least one `2XX` response.',
           location: { reportOnKey: true },
         });
       }

package/src/rules/common/operation-4xx-response.ts

@@ -8,7 +8,7 @@ export const Operation4xxResponse: Oas3Rule | Oas2Rule = () => {
 
       if (!codes.some((code) => /4[Xx0-9]{2}/.test(code))) {
         report({
-          message: 'Operation must have at least one `4xx` response.',
+          message: 'Operation must have at least one `4XX` response.',
           location: { reportOnKey: true },
         });
       }

package/src/rules/common/operation-operationId.ts

@@ -6,7 +6,7 @@ import { Oas3Operation } from '../../typings/openapi';
 
 export const OperationOperationId: Oas3Rule | Oas2Rule = () => {
   return {
-    DefinitionRoot: {
+    Root: {
       PathItem: {
         Operation(operation: Oas2Operation | Oas3Operation, ctx: UserContext) {
           validateDefinedAndNonEmpty('operationId', operation, ctx);

package/src/rules/common/operation-tag-defined.ts

@@ -7,7 +7,7 @@ export const OperationTagDefined: Oas3Rule | Oas2Rule = () => {
   let definedTags: Set<string>;
 
   return {
-    DefinitionRoot(root: Oas2Definition | Oas3Definition) {
+    Root(root: Oas2Definition | Oas3Definition) {
       definedTags = new Set((root.tags ?? []).map((t) => t.name));
     },
     Operation(operation: Oas2Operation | Oas3Operation, { report, location }: UserContext) {

package/src/rules/common/path-not-include-query.ts

@@ -3,7 +3,7 @@ import { UserContext } from '../../walk';
 
 export const PathNotIncludeQuery: Oas3Rule | Oas2Rule = () => {
   return {
-    PathMap: {
+    PathsMap: {
       PathItem(_operation: object, { report, key }: UserContext) {
         if (key.toString().includes('?')) {
           report({

package/src/rules/common/{operation-security-defined.ts → security-defined.ts}

@@ -1,11 +1,11 @@
 import { Oas3Rule, Oas2Rule } from '../../visitors';
 import { Location } from '../../ref-utils';
 import { UserContext } from '../../walk';
-import { Oas2SecurityScheme } from '../../typings/swagger';
-import { Oas3SecurityScheme } from '../../typings/openapi';
+import { Oas2Definition, Oas2Operation, Oas2SecurityScheme } from '../../typings/swagger';
+import { Oas3Definition, Oas3Operation, Oas3SecurityScheme } from '../../typings/openapi';
 
-export const OperationSecurityDefined: Oas3Rule | Oas2Rule = () => {
-  let referencedSchemes = new Map<
+export const SecurityDefined: Oas3Rule | Oas2Rule = () => {
+  const referencedSchemes = new Map<
     string,
     {
       defined?: boolean;
@@ -13,9 +13,11 @@ export const OperationSecurityDefined: Oas3Rule | Oas2Rule = () => {
     }
   >();
 
+  let eachOperationHasSecurity: boolean = true;
+
   return {
     DefinitionRoot: {
-      leave(_: object, { report }: UserContext) {
+      leave(root: Oas2Definition | Oas3Definition, { report }: UserContext) {
         for (const [name, scheme] of referencedSchemes.entries()) {
           if (scheme.defined) continue;
           for (const reportedFromLocation of scheme.from) {
@@ -25,6 +27,14 @@ export const OperationSecurityDefined: Oas3Rule | Oas2Rule = () => {
             });
           }
         }
+
+        if (root.security || eachOperationHasSecurity) {
+          return;
+        } else {
+          report({
+            message: `Every API should have security defined on the root level or for each operation.`,
+          });
+        }
       },
     },
     SecurityScheme(_securityScheme: Oas2SecurityScheme | Oas3SecurityScheme, { key }: UserContext) {
@@ -41,5 +51,10 @@ export const OperationSecurityDefined: Oas3Rule | Oas2Rule = () => {
         }
       }
     },
+    Operation(operation: Oas2Operation | Oas3Operation) {
+      if (!operation?.security) {
+        eachOperationHasSecurity = false;
+      }
+    },
   };
 };