Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

Validate security keys against securitySchemes #72

Open
andreasanta opened this issue Dec 18, 2021 · 1 comment
Open

Validate security keys against securitySchemes #72

andreasanta opened this issue Dec 18, 2021 · 1 comment

Comments

@andreasanta
Copy link

Given the following yaml file

openapi: 3.0.0
info:
  description: Sites 
  title: Sites
  version: 1.0.0
paths:
  /sites/available-sites:
    get:
      summary: "get available sites for current contact"
      responses:
        '200':
          description: 'Success response'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Sites'
        '400':
          description: 'Bad request'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
      security:
        - subscription_key_wrong: []
      tags:
        - Sites
components:
  schemas:
    Sites:
      type: object
      properties:
        sites:
          type: array
          items:
            $ref: '#/components/schemas/Site'
    Site:
      type: object
      properties:
        id:
          type: string
        name:
          type: string
        locationtype:
          type: string
        selfRegistrationDuration:
          type: integer
        additionalInfo:
          $ref: '#/components/schemas/SiteAdditionalInfo'
        address:
          $ref: '#/components/schemas/Address'
        geoCoordinates:
          $ref: '#/components/schemas/GeoCoordinates'
        images:
          type: array
          items:
            type: string
        siteMapImage:
          type: string 
    SiteAdditionalInfo:
      type: object
      properties:
        markdown:
          type: string
        html:
          type: string
    Address:
      type: object
      properties:
        line1:
          type: string
        line2:
          type: string
        line3:
          type: string
        city:
          type: string
        postalCode:
          type: string
        stateOrProvince:
          type: string
        country:
          type: string
    GeoCoordinates:
      type: object
      properties:
        longitude:
          type: number
        latitude:
          type: number
      required:
        - longitude
        - latitude
    Error:
      type: object
      properties:
        errorMessage:
          type: string
          format: string
        errorDetail:
          type: string
          format: string
  securitySchemes:
    subscription_key:
      type: apiKey
      name: Ocp-Apim-Subscription-Key
      in: header

Validation passes, but it should fail because security is referencing a non existent security scheme.
@samueleaton
Copy link

this tool is just a cli wrapper around https://github.com/APIDevTools/swagger-parser so it should probably be moved there

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andreasanta @samueleaton