redocly-cli
redocly-cli copied to clipboard
Redocly
Validate the format of examples
Is your feature request related to a problem? Please describe.
Consider this definition sample:
openapi: 3.0.0
components:
parameters:
foo:
in: query
name: foo
schema:
type: string
format: ipv4
example: wrong
Although the example is wrong, linter doesn't recognise this.
Describe the solution you'd like
It would be great if no-invalid-parameter-examples rule could take format into account as well.
Describe alternatives you've considered None
Additional context
See more details here.
notice that the partial support of format is a pain , because when using in conjonction with oneOf the current implementation make the validation failing in all case when adding a sample as it patches always both item of the oneOf
maturity:
description: Maturity date or tenor
type: string
oneOf:
- format: date
- pattern: ^\d+[YyMmWwDd]|\d+[YyMmWwDd]\d+[YyMmWwDd]
Same issue exists with schema examples.
Maybe we should support format validation one-by-one? Starting with the most obvious formats like date, date-time, pattern?
Maybe we should support format validation one-by-one? Starting with the most obvious formats like date, date-time, pattern?
Redocly CLI relies on AJV for validating examples, and AJV is supposed to be used together with the ajv-formats plugin to validate formats. It should be comparatively easy to start adding some formats.
However, there is a potential security issue of ReDoS attack:
It is recommended NOT to use "format" keyword implementations with untrusted data, as they may use potentially unsafe regular expressions
So the main issue here, I believe, is to assess the potential security impact.