spectral icon indicating copy to clipboard operation
spectral copied to clipboard
verified publisher icon stoplightio

Issue with undefined core function and custom extensions

Open christosgkoros opened this issue 2 years ago • 1 comments

Describe the bug When searching for custom extensions non-existence under $paths.*.* (verbs) any custom extension (starting with x-) under apath.* (resource name) will trigger the rule

To Reproduce

  1. Given this OpenAPI/AsyncAPI document
openapi: 3.0.3
info:
  version: 1.0.0
  title: Valid Definition
  description: A definition to perform positive test on the full ruleset
  contact:
    name: Test
    email: [email protected]
servers:
  - url: "https://ruleset-beta.tech"

paths:
  /resource:
    x-test: test

and the given rule:

rules:
 test_verb_ext:
  formats:
   - oas3
  given: $.paths[*][*]
  then:
   field: x-custom-extension
   function: undefined
  message: '{{error}}'
  description: test verb custom extension
  severity: warn
  1. Run the Javascript API
const oneRuleSpectral = new Spectral();
        oneRuleSpectral.setRuleset({
          rules: {
            [rule.name]: rule.definition // Creating a ruleset with a single rule.
          }
        });
        const results = await oneRuleSpectral.run(targetDocument);
  1. See error
"x-test" property must be undefined

Expected behavior No error since x-test is not mentioned in the ruleset.

Environment (remove any that are not applicable):

  • Library version: [e.g. 1.18.0]
  • OS: [e.g. MacOS Ventura 13]

Additional context Add any other context about the problem here.

christosgkoros avatar Jun 29 '23 09:06 christosgkoros

I did some tests, and it seems that if given returns an atomic like a string (so not an object), then.field is ignored, and the function is applied to the atomic value.

In the example above, the given path returns the value of x-test, which is a string "test", so the field.then is ignored and the undefined function is applied to this value, so an issue is detected. If we replace the value of x-test with an object, as shown below, the bug doesn't occur. In that case, the returned value is value: value an object, so field is used and as this object doesn't contain the x-custom-extension property, no issue is detected (as expected).

openapi: 3.0.3
info:
  version: 1.0.0
  title: Valid Definition
  description: A definition to perform positive test on the full ruleset
  contact:
    name: Test
    email: [email protected]
servers:
  - url: "https://ruleset-beta.tech"

paths:
  /resource:
    x-test: 
      value: value

The expected behavior would be "if the value found by the given path is not an object and then.field is defined, the then.function is not executed".

Temporary workaround: In that specific case, as this rule aims to ensure that the extension is not present, it can be modified as follow (move the value of field in the given path) to avoid the bug.

rules:
 test_verb_ext:
  formats:
   - oas3
  given: $.paths[*][*].x-custom-extension
  then:
   function: undefined
  message: '{{error}}'
  description: test verb custom extension
  severity: warn

arno-di-loreto avatar Jun 29 '23 18:06 arno-di-loreto