diff --git a/assets/queries/openAPI/3.0/additional_properties_too_permissive/query.rego b/assets/queries/openAPI/3.0/additional_properties_too_permissive/query.rego index 462e36dc4c2..2b900c3823c 100644 --- a/assets/queries/openAPI/3.0/additional_properties_too_permissive/query.rego +++ b/assets/queries/openAPI/3.0/additional_properties_too_permissive/query.rego @@ -3,7 +3,7 @@ package Cx import data.generic.common as common_lib import data.generic.openapi as openapi_lib -# This two rules verifies schema and schemas without allOf, anyOf and oneOf +# These two rules verify schema and schemas without allOf, anyOf and oneOf CxPolicy[result] { doc := input.document[i] openapi_lib.check_openapi(doc) == "3.0" @@ -38,7 +38,7 @@ CxPolicy[result] { } } -#This rules verifies anyOf and oneOf +# These rules verify anyOf and oneOf CxPolicy[result] { doc := input.document[i] openapi_lib.check_openapi(doc) == "3.0" diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/query.rego b/assets/queries/openAPI/general/response_operations_body_schema_undefined/query.rego index 5087f9751ae..5557e6b214a 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/query.rego +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/query.rego @@ -8,62 +8,60 @@ CxPolicy[result] { version := openapi_lib.check_openapi(doc) version != "undefined" - operation := doc.paths[p][op] + operation := doc.paths[path][op] response := operation.responses[code] acceptable_response(code, op) - - key := get_key_by_version(version) - not common_lib.valid_key(response, key) + + results := get_results(response, path, op, code, version, doc)[_] result := { "documentId": doc.id, - "searchKey": sprintf("paths.%s.%s.responses.%s", [p, op, code]), + "searchKey": results.searchKey, "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("paths.%s.%s.responses.%s.%s should be defined", [p, op, code, key]), - "keyActualValue": sprintf("paths.%s.%s.responses.%s.%s is undefined", [p, op, code, key]), - "overrideKey": version, + "keyExpectedValue": results.keyExpectedValue, + "keyActualValue": results.keyActualValue, + "searchLine": results.searchLine, + "overrideKey": results.overrideKey, } } -CxPolicy[result] { - doc := input.document[i] - version := openapi_lib.check_openapi(doc) - version == "3.0" +get_results(response, path, op, code, version, doc) = output { + key := get_key_by_version(version) + not common_lib.valid_key(response, key) + not has_valid_ref(response, doc, version) - operation := doc.paths[path][op] - response := operation.responses[code] - acceptable_response(code, op) + output := [{ + "searchKey": sprintf("paths.%s.%s.responses.%s", [path, op, code]), + "keyExpectedValue": sprintf("paths.%s.%s.responses.%s.%s should be defined", [path, op, code, key]), + "keyActualValue": sprintf("paths.%s.%s.responses.%s.%s is undefined", [path, op, code, key]), + "searchLine": common_lib.build_search_line(["paths", path, op, "responses", code], []), + "overrideKey": version, + }] +} else = output { + version == "3.0" count(response.content) == 0 - result := { - "documentId": doc.id, + output := [{ "searchKey": sprintf("paths.{{%s}}.{{%s}}.responses.{{%s}}.content", [path, op, code]), - "issueType": "MissingAttribute", "keyExpectedValue": sprintf("paths.{{%s}}.{{%s}}.responses.{{%s}}.content should have at least one content-type defined", [path, op, code]), "keyActualValue": sprintf("paths.{{%s}}.{{%s}}.responses.{{%s}}.content has no content-type defined", [path, op, code]), - } -} - -CxPolicy[result] { - doc := input.document[i] - version := openapi_lib.check_openapi(doc) + "searchLine": common_lib.build_search_line(["paths", path, op, "responses", code, "content"], []), + "overrideKey": "3.0", + }] +} else = output { version == "3.0" - operation := doc.paths[path][op] - response := operation.responses[code] - acceptable_response(code, op) - - responses := response.content[content_type] - not common_lib.valid_key(responses, "schema") - - result := { - "documentId": doc.id, + output := [{ "searchKey": sprintf("paths.{{%s}}.{{%s}}.responses.{{%s}}.content.{{%s}}", [path, op, code, content_type]), - "issueType": "MissingAttribute", "keyExpectedValue": sprintf("paths.{{%s}}.{{%s}}.responses.{{%s}}.content.{{%s}}.schema should be defined", [path, op, code, content_type]), "keyActualValue": sprintf("paths.{{%s}}.{{%s}}.responses.{{%s}}.content.{{%s}}.schema is undefined", [path, op, code, content_type]), - } + "searchLine": common_lib.build_search_line(["paths", path, op, "responses", code, "content", content_type], []), + "overrideKey": "3.0", + } | some content_type + responses := response.content[content_type] + not common_lib.valid_key(responses, "schema") + ] } acceptable_response(code, op) { @@ -83,3 +81,40 @@ get_key_by_version(version) = key { key = keys[version] } + +has_valid_ref(obj, doc, version) { + version == "3.0" + ref := get_ref(obj) + + path := split(substring(ref, 2, -1), "/") + type := path[minus(count(path), 2)] + resource := doc.components[type][path[minus(count(path), 1)]] + + is_schema_or_has_schema(resource, type) +} else { + version == "2.0" + ref := get_ref(obj) + + path := split(substring(ref, 2, -1), "/") + type := path[minus(count(path), 2)] + resource := doc[type][path[minus(count(path), 1)]] + + is_schema_or_has_schema(resource, type) +} + +get_ref(obj) = res{ + res := obj["RefMetadata"]["$ref"] # --enable-openapi-refs + res != null +} else = res { + res := obj["$ref"] + res != null +} + +is_schema_or_has_schema(resource, type) { + type == ["schemas","definitions"][_] + resource != null +} else { + common_lib.valid_key(resource, "schema") # swagger 2.0 +} else { + common_lib.valid_key(resource[_][_], "schema") # 3.0 +} \ No newline at end of file diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative1.json b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative1.json index e6c23b3aa8a..038efddea59 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative1.json +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative1.json @@ -26,15 +26,6 @@ } } } - }, - "delete": { - "operationId": "deleteVersion", - "summary": "Deletes API versions", - "responses": { - "204": { - "description": "no content" - } - } } } }, diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive9.json b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative2.json similarity index 51% rename from assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive9.json rename to assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative2.json index a6214c9a4a1..b80db950523 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive9.json +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative2.json @@ -16,16 +16,20 @@ "summary": "List API versions", "responses": { "200": { - "description": "200 response" - } - } - }, - "delete": { - "operationId": "deleteVersion", - "summary": "Deletes API versions", - "responses": { - "204": { - "description": "no content" + "description": "200 response", + "schema": { + "type": "object", + "discriminator": "ApiVersion", + "properties": { + "code": { + "type": "integer", + "format": "int32" + }, + "version": { + "type": "string" + } + } + } } } } diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative3.json b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative3.json index f8cd2f4c7d4..4980cba3207 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative3.json +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative3.json @@ -1,44 +1,37 @@ { - "swagger": "2.0", + "openapi": "3.0.3", "info": { - "title": "Simple API Overview", - "version": "1.0.0", - "contact": { - "name": "contact", - "url": "https://www.google.com/", - "email": "user@gmail.com" - } + "title": "Tariff Setup API", + "version": "1.0.0" }, "paths": { - "/": { - "get": { - "operationId": "listVersionsv2", - "summary": "List API versions", + "/CreateTariffSetup": { + "post": { + "summary": "Creates tariff setups.", + "tags": ["Tariff Setups"], "responses": { - "200": { - "description": "200 response", - "schema": { - "type": "object", - "discriminator": "ApiVersion", - "properties": { - "code": { - "type": "integer", - "format": "int32" - }, - "version": { - "type": "string" - } - } - } + "400": { + "$ref": "#/components/schemas/error" + }, + "500": { + "$ref": "#/components/schemas/error" } } - }, - "delete": { - "operationId": "deleteVersion", - "summary": "Deletes API versions", - "responses": { - "204": { - "description": "no content" + } + } + }, + "components": { + "schemas": { + "error": { + "type": "object", + "properties": { + "code": { + "type": "string", + "example": "ERR_400" + }, + "message": { + "type": "string", + "example": "Invalid request payload" } } } diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative4.json b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative4.json new file mode 100644 index 00000000000..03ad24090d4 --- /dev/null +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative4.json @@ -0,0 +1,52 @@ +{ + "openapi": "3.0.3", + "info": { + "title": "Tariff Setup API", + "version": "1.0.0" + }, + "paths": { + "/CreateTariffSetup": { + "post": { + "summary": "Creates tariff setups.", + "tags": ["Tariff Setups"], + "responses": { + "400": { + "$ref": "#/components/responses/error" + }, + "500": { + "$ref": "#/components/responses/error" + } + } + } + } + }, + "components": { + "responses": { + "error": { + "description": "Error response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/error" + } + } + } + } + }, + "schemas": { + "error": { + "type": "object", + "properties": { + "code": { + "type": "string", + "example": "ERR_400" + }, + "message": { + "type": "string", + "example": "Invalid request payload" + } + } + } + } + } +} diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative5.json b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative5.json deleted file mode 100644 index d1081b2b021..00000000000 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative5.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "openapi": "3.0.1", - "info": { - "title": "Test", - "description": "test", - "version": "1.0" - }, - "servers": [ - { - "url": "https://example.com", - "description": "Example" - } - ], - "paths": { - "/Header/{SourceID}": { - "get": { - "summary": "Forecast Header Updates", - "description": "Get Forecast Header channel data from MDM for a given source.", - "operationId": "GetForecastHeader", - "parameters": [], - "responses": { - "200": { - "description": "", - "headers": { - "x-test-forecasts-ack-id": { - "schema": { - "type": "string" - } - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ForecastHeaders" - } - }, - "text/plain": { - "schema": { - "$ref": "#/components/schemas/ForecastHeaders" - }, - "examples": { - "default": { - "value": null - } - } - } - } - }, - "204": { - "description": "There are no more updates available." - } - } - } - }, - "/Detail/{SourceID}": { - "get": { - "summary": "Forecast Detail Updates", - "description": "Get Forecast Header channel data from MDM for a given source.", - "operationId": "GetForecastDetail", - "parameters": [], - "responses": { - "200": { - "description": "", - "headers": { - "x-test-forecastdetails-ack-id": { - "schema": { - "type": "string" - } - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ForecastDetails" - } - }, - "text/plain": { - "schema": { - "$ref": "#/components/schemas/ForecastDetails" - }, - "examples": { - "default": { - "value": null - } - } - } - } - }, - "204": { - "description": "There are no more updates available." - } - } - } - } - }, - "components": { - "schemas": { - }, - "securitySchemes": { - "apiKeyHeader": { - "type": "apiKey", - "name": "Ocp-Apim-Subscription-Key", - "in": "header" - } - } - }, - "security": [ - { - "apiKeyHeader": [] - }, - { - "apiKeyQuery": [] - } - ] -} diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative2.yaml b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative5.yaml similarity index 79% rename from assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative2.yaml rename to assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative5.yaml index 8cdf3c32087..e4df03267ce 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative2.yaml +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative5.yaml @@ -16,14 +16,8 @@ paths: description: 200 response content: application/json: - schema: + schema: # schema is defined "$ref": "#/components/schemas/ApiVersion" - delete: - operationId: deleteVersion - summary: Deletes API versions - responses: - "204": - description: no content components: schemas: ApiVersion: diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative4.yaml b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative6.yaml similarity index 76% rename from assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative4.yaml rename to assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative6.yaml index 97a2e7176d6..dfe6e634a73 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative4.yaml +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative6.yaml @@ -14,7 +14,7 @@ paths: responses: "200": description: 200 response - schema: + schema: # schema is defined type: object discriminator: ApiVersion properties: @@ -23,9 +23,3 @@ paths: format: int32 version: type: string - delete: - operationId: deleteVersion - summary: Deletes API versions - responses: - "204": - description: no content diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative7.yaml b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative7.yaml new file mode 100644 index 00000000000..321baab8e45 --- /dev/null +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative7.yaml @@ -0,0 +1,28 @@ +openapi: 3.0.3 +info: + title: Tariff Setup API + version: 1.0.0 + +paths: + /CreateTariffSetup: + post: + summary: Creates tariff setups. + tags: + - Tariff Setups + responses: + "400": + $ref: "#/components/schemas/error" # schema reference is valid + "500": + $ref: "#/components/schemas/error" + +components: + schemas: + error: + type: object + properties: + code: + type: string + example: "ERR_400" + message: + type: string + example: "Invalid request payload" diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative8.yaml b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative8.yaml new file mode 100644 index 00000000000..62d565b98b3 --- /dev/null +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/negative8.yaml @@ -0,0 +1,37 @@ +openapi: 3.0.3 +info: + title: Tariff Setup API + version: 1.0.0 + +paths: + /CreateTariffSetup: + post: + summary: Creates tariff setups. + tags: + - Tariff Setups + responses: + '400': + $ref: '#/components/responses/error' # $ref is valid because responses/error has a schema + '500': + $ref: '#/components/responses/error' + +components: + + responses: + error: + description: Error response + content: + application/json: + schema: + $ref: '#/components/schemas/error' + + schemas: + error: + type: object + properties: + code: + type: string + example: "ERR_400" + message: + type: string + example: "Invalid request payload" diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive1.json b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive1.json index fc5e9d71fa7..c39ccbea381 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive1.json +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive1.json @@ -2,12 +2,7 @@ "openapi": "3.0.0", "info": { "title": "Simple API Overview", - "version": "1.0.0", - "contact": { - "name": "contact", - "url": "https://www.google.com/", - "email": "user@gmail.com" - } + "version": "1.0.0" }, "paths": { "/": { @@ -17,34 +12,16 @@ "responses": { "200": { "description": "200 response" - } - } - }, - "delete": { - "operationId": "deleteVersion", - "summary": "Deletes API versions", - "responses": { - "204": { - "description": "no content" - } - } - } - } - }, - "components": { - "schemas": { - "ApiVersion": { - "type": "object", - "discriminator": { - "propertyName": "ApiVersion" - }, - "properties": { - "code": { - "type": "integer", - "format": "int32" }, - "version": { - "type": "string" + "201": { + "description": "201 response", + "content": {} + }, + "202": { + "description": "202 response", + "content": { + "application/pdf": {} + } } } } diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive10.yaml b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive10.yaml deleted file mode 100644 index 033aee33374..00000000000 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive10.yaml +++ /dev/null @@ -1,22 +0,0 @@ -swagger: "2.0" -info: - title: Simple API Overview - version: 1.0.0 - contact: - name: contact - url: https://www.google.com/ - email: user@gmail.com -paths: - "/": - get: - operationId: listVersionsv2 - summary: List API versions - responses: - "200": - description: 200 response - delete: - operationId: deleteVersion - summary: Deletes API versions - responses: - "204": - description: no content diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive2.json b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive2.json index 21ff4134097..53c1e6c4ee0 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive2.json +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive2.json @@ -1,53 +1,58 @@ { - "openapi": "3.0.0", + "openapi": "3.0.3", "info": { - "title": "Simple API Overview", - "version": "1.0.0", - "contact": { - "name": "contact", - "url": "https://www.google.com/", - "email": "user@gmail.com" - } + "title": "Tariff Setup API", + "version": "1.0.0" }, "paths": { - "/": { - "get": { - "operationId": "listVersionsv2", - "summary": "List API versions", - "responses": { - "200": { - "description": "200 response", - "content": { - "application/json": {} - } - } - } - }, - "delete": { - "operationId": "deleteVersion", - "summary": "Deletes API versions", + "/CreateTariffSetup": { + "post": { + "summary": "Creates tariff setups.", + "tags": ["Tariff Setups"], "responses": { - "204": { - "description": "no content" + "400": { + "$ref": "#/components/schemas/missing_component" + }, + "401": { + "$ref": "#/components/responses/error1" + }, + "402": { + "$ref": "#/components/responses/error2" + }, + "403": { + "$ref": "#/components/responses/error3" } } } } }, "components": { + "responses": { + "error1": { + "description": "Error response", + "content": { + "application/json": {} + } + }, + "error2": { + "description": "Error response", + "content": {} + }, + "error3": { + "description": "Error response" + } + }, "schemas": { - "ApiVersion": { + "error": { "type": "object", - "discriminator": { - "propertyName": "ApiVersion" - }, "properties": { "code": { - "type": "integer", - "format": "int32" + "type": "string", + "example": "ERR_400" }, - "version": { - "type": "string" + "message": { + "type": "string", + "example": "Invalid request payload" } } } diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive3.json b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive3.json index e636f20105e..e06c2c764a9 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive3.json +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive3.json @@ -1,5 +1,5 @@ { - "openapi": "3.0.0", + "swagger": "2.0", "info": { "title": "Simple API Overview", "version": "1.0.0", @@ -16,55 +16,7 @@ "summary": "List API versions", "responses": { "200": { - "description": "200 response", - "content": { - "application/pdf": {}, - "application/json": {} - } - } - } - }, - "post": { - "operationId": "listVersionsv2", - "summary": "List API versions", - "responses": { - "200": { - "description": "200 response", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiVersion" - } - } - } - } - } - }, - "delete": { - "operationId": "deleteVersion", - "summary": "Deletes API versions", - "responses": { - "204": { - "description": "no content" - } - } - } - } - }, - "components": { - "schemas": { - "ApiVersion": { - "type": "object", - "discriminator": { - "propertyName": "ApiVersion" - }, - "properties": { - "code": { - "type": "integer", - "format": "int32" - }, - "version": { - "type": "string" + "description": "200 response" } } } diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive4.json b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive4.json index 44e96f7bc8d..4fd6d7d23ff 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive4.json +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive4.json @@ -1,54 +1,29 @@ { - "openapi": "3.0.0", + "swagger": "2.0", "info": { - "title": "Simple API Overview", - "version": "1.0.0", - "contact": { - "name": "contact", - "url": "https://www.google.com/", - "email": "user@gmail.com" - } + "title": "Tariff Setup API", + "version": "1.0.0" }, "paths": { - "/": { - "get": { - "operationId": "listVersionsv2", - "summary": "List API versions", + "/CreateTariffSetup": { + "post": { + "summary": "Creates tariff setups.", + "tags": ["Tariff Setups"], + "produces": ["application/json"], "responses": { - "200": { - "description": "200 response", - "content": {} - } - } - }, - "delete": { - "operationId": "deleteVersion", - "summary": "Deletes API versions", - "responses": { - "204": { - "description": "no content" + "400": { + "$ref": "#/responses/missing_component" + }, + "401": { + "$ref": "#/responses/ErrorResponse" } } } } }, - "components": { - "schemas": { - "ApiVersion": { - "type": "object", - "discriminator": { - "propertyName": "ApiVersion" - }, - "properties": { - "code": { - "type": "integer", - "format": "int32" - }, - "version": { - "type": "string" - } - } - } + "responses": { + "ErrorResponse": { + "description": "Error response" } } } diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive5.yaml b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive5.yaml index 4337c704abd..4713081dfe8 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive5.yaml +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive5.yaml @@ -2,10 +2,6 @@ openapi: 3.0.0 info: title: Simple API Overview version: 1.0.0 - contact: - name: contact - url: https://www.google.com/ - email: user@gmail.com paths: "/": get: @@ -13,22 +9,11 @@ paths: summary: List API versions responses: "200": - description: 200 response - delete: - operationId: deleteVersion - summary: Deletes API versions - responses: - "204": - description: no content -components: - schemas: - ApiVersion: - type: object - discriminator: - propertyName: ApiVersion - properties: - code: - type: integer - format: int32 - version: - type: string + description: 200 response # undefined content field + "201": + description: 201 response + content: {} # empty content field + "202": + description: 202 response + content: + application/pdf: {} # undefined schema diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive6.yaml b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive6.yaml index a375646c8b7..59c5ad53b22 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive6.yaml +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive6.yaml @@ -1,36 +1,45 @@ -openapi: 3.0.0 +openapi: 3.0.3 info: - title: Simple API Overview + title: Tariff Setup API version: 1.0.0 - contact: - name: contact - url: https://www.google.com/ - email: user@gmail.com + paths: - "/": - get: - operationId: listVersionsv2 - summary: List API versions + /CreateTariffSetup: + post: + summary: Creates tariff setups. + tags: + - Tariff Setups responses: - "200": - description: 200 response - content: - application/json: {} - delete: - operationId: deleteVersion - summary: Deletes API versions - responses: - "204": - description: no content + '400': + $ref: '#/components/schemas/missing_component' # incorrect referencing + '401': + $ref: '#/components/responses/error1' # components/responses/error1 is missing schema field + '402': + $ref: '#/components/responses/error2' # components/responses/error2 has an empty content field + '403': + $ref: '#/components/responses/error3' # components/responses/error3 is missing content field + components: + responses: + error1: + description: Error response + content: + application/json: + + error2: + description: Error response + content: + + error3: + description: Error response + schemas: - ApiVersion: + error: type: object - discriminator: - propertyName: ApiVersion properties: code: - type: integer - format: int32 - version: type: string + example: "ERR_400" + message: + type: string + example: "Invalid request payload" diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive7.yaml b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive7.yaml index 96347ef5605..e9c7145bfba 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive7.yaml +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive7.yaml @@ -1,4 +1,4 @@ -openapi: 3.0.0 +swagger: "2.0" info: title: Simple API Overview version: 1.0.0 @@ -13,35 +13,4 @@ paths: summary: List API versions responses: "200": - description: 200 response - content: - application/pdf: {} - application/json: {} - post: - operationId: listVersionsv2 - summary: List API versions - responses: - "200": - description: 200 response - content: - application/json: - schema: - "$ref": "#/components/schemas/ApiVersion" - delete: - operationId: deleteVersion - summary: Deletes API versions - responses: - "204": - description: no content -components: - schemas: - ApiVersion: - type: object - discriminator: - propertyName: ApiVersion - properties: - code: - type: integer - format: int32 - version: - type: string + description: 200 response # undefined schema field (2.0) diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive8.yaml b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive8.yaml index de67a1c2a28..1b8f8f285f9 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive8.yaml +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive8.yaml @@ -1,35 +1,22 @@ -openapi: 3.0.0 +swagger: "2.0" info: - title: Simple API Overview + title: Tariff Setup API version: 1.0.0 - contact: - name: contact - url: https://www.google.com/ - email: user@gmail.com + paths: - "/": - get: - operationId: listVersionsv2 - summary: List API versions + /CreateTariffSetup: + post: + summary: Creates tariff setups. + tags: + - Tariff Setups + produces: + - application/json responses: - "200": - description: 200 response - content: {} - delete: - operationId: deleteVersion - summary: Deletes API versions - responses: - "204": - description: no content -components: - schemas: - ApiVersion: - type: object - discriminator: - propertyName: ApiVersion - properties: - code: - type: integer - format: int32 - version: - type: string + 400: + $ref: "#/responses/missing_component" # incorrect referencing + 401: + $ref: "#/responses/ErrorResponse" # responses/ErrorResponse is missing a schema field + +responses: + ErrorResponse: + description: Error response diff --git a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive_expected_result.json b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive_expected_result.json index 8f1c35ed02e..cdb967a6a54 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/response_operations_body_schema_undefined/test/positive_expected_result.json @@ -1,4 +1,10 @@ [ + { + "queryName": "Response on operations that should have a body has undefined schema (v3)", + "severity": "MEDIUM", + "line": 13, + "filename": "positive1.json" + }, { "queryName": "Response on operations that should have a body has undefined schema (v3)", "severity": "MEDIUM", @@ -8,26 +14,38 @@ { "queryName": "Response on operations that should have a body has undefined schema (v3)", "severity": "MEDIUM", - "line": 21, + "line": 23, + "filename": "positive1.json" + }, + { + "queryName": "Response on operations that should have a body has undefined schema (v3)", + "severity": "MEDIUM", + "line": 13, "filename": "positive2.json" }, { "queryName": "Response on operations that should have a body has undefined schema (v3)", "severity": "MEDIUM", - "line": 21, - "filename": "positive3.json" + "line": 17, + "filename": "positive2.json" + }, + { + "queryName": "Response on operations that should have a body has undefined schema (v3)", + "severity": "MEDIUM", + "line": 20, + "filename": "positive2.json" }, { "queryName": "Response on operations that should have a body has undefined schema (v3)", "severity": "MEDIUM", "line": 22, - "filename": "positive3.json" + "filename": "positive2.json" }, { "queryName": "Response on operations that should have a body has undefined schema (v3)", "severity": "MEDIUM", - "line": 20, - "filename": "positive4.json" + "line": 11, + "filename": "positive5.yaml" }, { "queryName": "Response on operations that should have a body has undefined schema (v3)", @@ -38,37 +56,67 @@ { "queryName": "Response on operations that should have a body has undefined schema (v3)", "severity": "MEDIUM", - "line": 18, - "filename": "positive6.yaml" + "line": 19, + "filename": "positive5.yaml" }, { "queryName": "Response on operations that should have a body has undefined schema (v3)", "severity": "MEDIUM", - "line": 18, - "filename": "positive7.yaml" + "line": 13, + "filename": "positive6.yaml" }, { "queryName": "Response on operations that should have a body has undefined schema (v3)", "severity": "MEDIUM", - "line": 19, - "filename": "positive7.yaml" + "line": 16, + "filename": "positive6.yaml" }, { "queryName": "Response on operations that should have a body has undefined schema (v3)", "severity": "MEDIUM", "line": 17, - "filename": "positive8.yaml" + "filename": "positive6.yaml" + }, + { + "queryName": "Response on operations that should have a body has undefined schema (v3)", + "severity": "MEDIUM", + "line": 19, + "filename": "positive6.yaml" }, { "queryName": "Response on operations that should have a body has undefined schema (v2)", "severity": "MEDIUM", "line": 18, - "filename": "positive9.json" + "filename": "positive3.json" + }, + { + "queryName": "Response on operations that should have a body has undefined schema (v2)", + "severity": "MEDIUM", + "line": 14, + "filename": "positive4.json" + }, + { + "queryName": "Response on operations that should have a body has undefined schema (v2)", + "severity": "MEDIUM", + "line": 17, + "filename": "positive4.json" + }, + { + "queryName": "Response on operations that should have a body has undefined schema (v2)", + "severity": "MEDIUM", + "line": 15, + "filename": "positive7.yaml" }, { "queryName": "Response on operations that should have a body has undefined schema (v2)", "severity": "MEDIUM", "line": 15, - "filename": "positive10.yaml" + "filename": "positive8.yaml" + }, + { + "queryName": "Response on operations that should have a body has undefined schema (v2)", + "severity": "MEDIUM", + "line": 17, + "filename": "positive8.yaml" } ]