OpenAPI.NET icon indicating copy to clipboard operation
OpenAPI.NET copied to clipboard
verified publisher icon microsoft

Lack of validation on data type

Open iamishan9 opened this issue 2 years ago • 2 comments

Describe the bug When creating an OpenApiDocument v3 using the schemas from v2 objects, the validation on schemas does not happen. In my case, for the file type schema in v2, which does not exist in v3, does not get detected. This results to an invalid Open Api Document.

To Reproduce Steps to reproduce the current behavior: You can use the following sample swagger v2 description for an API:

 "/api/upload": {
      "post": {
        "description": "Upload a file",
        "operationId": "CreateFile",
        "consumes": [ "multipart/form-data" ],
        "produces": [ "text/plain", "application/json", "text/json" ],
        "parameters": [
          {
            "name": "TestFile",
            "in": "formData",
            "description": "The test binary content",
            "required": true,
            "type": "file"
          }
        ],
.....

As seen for the TestFile, the type file is according to OAS v2. However, it does not exist in v3.

Expected behavior Using this schema, if another OpenAPIDocument v3 is being created, I would expect the schema to be validated according to the available types. This includes the file type which does not exist in v3. I would either expect a warning showing that there is unknown data type file or default it to string type.

Screenshots/Code Snippets

var aggregated = new OpenApiDocument();
 foreach (var specification in openApiSpecifications){
             aggregated.Paths.Combine(specification.Paths);
             foreach (var (schemaName, openApiSchema) in specification.Components.Schemas)
                    {
                        if (aggregated.Components.Schemas.TryGetValue(schemaName, out var existingValue))
                        {
                            var existingSchemaMatchesSchemaToAdd = new OpenApiSchemaComparer().Equals(existingValue, openApiSchema);
                            if (!existingSchemaMatchesSchemaToAdd)
                            {
                                throw new OpenApiDuplicateDefinitionException(openApiSchema, schemaName, $"Duplicate schema item with key {schemaName}");
                            }
                        }
                        else
                        {
                            aggregated.Components.Schemas.Add(schemaName, openApiSchema);
                        }
                    }
                }

iamishan9 avatar Mar 10 '23 18:03 iamishan9

Hey @iamishan9 Thanks for calling this out. We don't actually do much validation on the models themselves

e.g. https://github.com/microsoft/OpenAPI.NET/blob/vnext/src/Microsoft.OpenApi/Models/OpenApiSchema.cs#L26

We do most of the validation during reading, which is definitely a shortcoming for people who are constructing models manually. We will factor this into account in during upcoming work and see what we can do to improve the situation.

Darrel

darrelmiller avatar Apr 02 '23 15:04 darrelmiller

Thanks @darrelmiller

iamishan9 avatar Apr 05 '23 08:04 iamishan9