diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e65be1d5..f9dbb25b 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -24,7 +24,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@v8 with: - version: v2.1 + version: v2.7 build: name: Build runs-on: ubuntu-latest @@ -32,7 +32,7 @@ jobs: - name: Set up Go 1.x uses: actions/setup-go@v3 with: - go-version: 1.24.7 + go-version: 1.25 id: go - name: Checkout code diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 00a9078d..00000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -# Working memory and debug artifacts -working-memory/ \ No newline at end of file diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..bc7e6fcc --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,14 @@ +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +repos: + + # Run golangci-lint as a pre-commit hook to catch issues before they are pushed + # See https://golangci-lint.run/ for more information + - repo: local + hooks: + - id: golangci-lint + name: Lint Go code + entry: go tool golangci-lint run + language: system + pass_filenames: false + types: [go] \ No newline at end of file diff --git a/README.md b/README.md index 35102e04..f2c20050 100644 --- a/README.md +++ b/README.md @@ -31,8 +31,20 @@ go get github.com/pb33f/libopenapi-validator ## Validate OpenAPI Document ```bash -go run github.com/pb33f/libopenapi-validator/cmd/validate@latest [--regexengine] +go run github.com/pb33f/libopenapi-validator/cmd/validate@latest [--regexengine] [--yaml2json] ``` + +## Install pre-commit hook + +To install the pre-commit hook, run the following command in your terminal: + +```bash +pre-commit install +``` + +### Options + +#### --regexengine 🔍 Example: Use a custom regex engine/flag (e.g., ecmascript) ```bash go run github.com/pb33f/libopenapi-validator/cmd/validate@latest --regexengine=ecmascript @@ -51,6 +63,26 @@ go run github.com/pb33f/libopenapi-validator/cmd/validate@latest --regexengine=e - re2 - unicode +#### --yaml2json +🔍 Convert YAML files to JSON before validation (ℹī¸ Default: false) + +[libopenapi](https://github.com/pb33f/libopenapi/blob/main/datamodel/spec_info.go#L115) passes `map[interface{}]interface{}` structures for deeply nested objects or complex mappings in the OpenAPI specification, which are not allowed in JSON. +These structures cannot be properly converted to JSON by libopenapi and cannot be validated by jsonschema, resulting in ambiguous errors. + +This flag allows pre-converting from YAML to JSON to bypass this limitation of the libopenapi. + +**When does this happen?** +- OpenAPI specs with deeply nested schema definitions +- Complex `allOf`, `oneOf`, or `anyOf` structures with multiple levels +- Specifications with intricate object mappings in examples or schema properties + +Enabling this flag pre-converts the YAML document from YAML to JSON, ensuring a clean JSON structure before validation. + +Example: +```bash +go run github.com/pb33f/libopenapi-validator/cmd/validate@latest --yaml2json +``` + ## Documentation - [The structure of the validator](https://pb33f.io/libopenapi/validation/#the-structure-of-the-validator) diff --git a/cache/cache.go b/cache/cache.go index deedc6b0..7cbdd493 100644 --- a/cache/cache.go +++ b/cache/cache.go @@ -6,6 +6,7 @@ package cache import ( "github.com/pb33f/libopenapi/datamodel/high/base" "github.com/santhosh-tekuri/jsonschema/v6" + "go.yaml.in/yaml/v4" ) // SchemaCacheEntry holds a compiled schema and its intermediate representations. @@ -16,12 +17,13 @@ type SchemaCacheEntry struct { ReferenceSchema string // String version of RenderedInline RenderedJSON []byte CompiledSchema *jsonschema.Schema + RenderedNode *yaml.Node } // SchemaCache defines the interface for schema caching implementations. -// The key is a [32]byte hash of the schema (from schema.GoLow().Hash()). +// The key is a uint64 hash of the schema (from schema.GoLow().Hash()). type SchemaCache interface { - Load(key [32]byte) (*SchemaCacheEntry, bool) - Store(key [32]byte, value *SchemaCacheEntry) - Range(f func(key [32]byte, value *SchemaCacheEntry) bool) + Load(key uint64) (*SchemaCacheEntry, bool) + Store(key uint64, value *SchemaCacheEntry) + Range(f func(key uint64, value *SchemaCacheEntry) bool) } diff --git a/cache/cache_test.go b/cache/cache_test.go index 75b10590..16be42ec 100644 --- a/cache/cache_test.go +++ b/cache/cache_test.go @@ -29,9 +29,8 @@ func TestDefaultCache_StoreAndLoad(t *testing.T) { CompiledSchema: &jsonschema.Schema{}, } - // Create a test key (32-byte hash) - var key [32]byte - copy(key[:], []byte("test-schema-hash-12345678901234")) + // Create a test key (uint64 hash) + key := uint64(0x123456789abcdef0) // Store the schema cache.Store(key, testSchema) @@ -49,8 +48,7 @@ func TestDefaultCache_LoadMissing(t *testing.T) { cache := NewDefaultCache() // Try to load a key that doesn't exist - var key [32]byte - copy(key[:], []byte("nonexistent-key-12345678901234")) + key := uint64(0xdeadbeef) loaded, ok := cache.Load(key) assert.False(t, ok, "Should not find non-existent key") @@ -60,7 +58,7 @@ func TestDefaultCache_LoadMissing(t *testing.T) { func TestDefaultCache_LoadNilCache(t *testing.T) { var cache *DefaultCache - var key [32]byte + key := uint64(0) loaded, ok := cache.Load(key) assert.False(t, ok) @@ -71,7 +69,7 @@ func TestDefaultCache_StoreNilCache(t *testing.T) { var cache *DefaultCache // Should not panic - var key [32]byte + key := uint64(0) cache.Store(key, &SchemaCacheEntry{}) // Verify nothing was stored (cache is nil) @@ -82,10 +80,9 @@ func TestDefaultCache_Range(t *testing.T) { cache := NewDefaultCache() // Store multiple entries - entries := make(map[[32]byte]*SchemaCacheEntry) + entries := make(map[uint64]*SchemaCacheEntry) for i := 0; i < 5; i++ { - var key [32]byte - copy(key[:], []byte{byte(i)}) + key := uint64(i) entry := &SchemaCacheEntry{ RenderedInline: []byte{byte(i)}, @@ -97,8 +94,8 @@ func TestDefaultCache_Range(t *testing.T) { // Range over all entries count := 0 - foundKeys := make(map[[32]byte]bool) - cache.Range(func(key [32]byte, value *SchemaCacheEntry) bool { + foundKeys := make(map[uint64]bool) + cache.Range(func(key uint64, value *SchemaCacheEntry) bool { count++ foundKeys[key] = true @@ -118,14 +115,13 @@ func TestDefaultCache_RangeEarlyTermination(t *testing.T) { // Store multiple entries for i := 0; i < 10; i++ { - var key [32]byte - copy(key[:], []byte{byte(i)}) + key := uint64(i) cache.Store(key, &SchemaCacheEntry{}) } // Range but stop after 3 iterations count := 0 - cache.Range(func(key [32]byte, value *SchemaCacheEntry) bool { + cache.Range(func(key uint64, value *SchemaCacheEntry) bool { count++ return count < 3 // Stop after 3 }) @@ -138,7 +134,7 @@ func TestDefaultCache_RangeNilCache(t *testing.T) { // Should not panic called := false - cache.Range(func(key [32]byte, value *SchemaCacheEntry) bool { + cache.Range(func(key uint64, value *SchemaCacheEntry) bool { called = true return true }) @@ -151,7 +147,7 @@ func TestDefaultCache_RangeEmpty(t *testing.T) { // Range over empty cache count := 0 - cache.Range(func(key [32]byte, value *SchemaCacheEntry) bool { + cache.Range(func(key uint64, value *SchemaCacheEntry) bool { count++ return true }) @@ -162,8 +158,7 @@ func TestDefaultCache_RangeEmpty(t *testing.T) { func TestDefaultCache_Overwrite(t *testing.T) { cache := NewDefaultCache() - var key [32]byte - copy(key[:], []byte("test-key")) + key := uint64(0x12345678) // Store first value first := &SchemaCacheEntry{ @@ -188,10 +183,9 @@ func TestDefaultCache_MultipleKeys(t *testing.T) { cache := NewDefaultCache() // Store with different keys - var key1, key2, key3 [32]byte - copy(key1[:], []byte("key1")) - copy(key2[:], []byte("key2")) - copy(key3[:], []byte("key3")) + key1 := uint64(1) + key2 := uint64(2) + key3 := uint64(3) cache.Store(key1, &SchemaCacheEntry{RenderedInline: []byte("value1")}) cache.Store(key2, &SchemaCacheEntry{RenderedInline: []byte("value2")}) @@ -218,8 +212,7 @@ func TestDefaultCache_ThreadSafety(t *testing.T) { done := make(chan bool, 10) for i := 0; i < 10; i++ { go func(val int) { - var key [32]byte - copy(key[:], []byte{byte(val)}) + key := uint64(val) cache.Store(key, &SchemaCacheEntry{ RenderedInline: []byte{byte(val)}, }) @@ -235,8 +228,7 @@ func TestDefaultCache_ThreadSafety(t *testing.T) { // Concurrent reads for i := 0; i < 10; i++ { go func(val int) { - var key [32]byte - copy(key[:], []byte{byte(val)}) + key := uint64(val) loaded, ok := cache.Load(key) assert.True(t, ok) assert.NotNil(t, loaded) @@ -251,7 +243,7 @@ func TestDefaultCache_ThreadSafety(t *testing.T) { // Verify all entries exist count := 0 - cache.Range(func(key [32]byte, value *SchemaCacheEntry) bool { + cache.Range(func(key uint64, value *SchemaCacheEntry) bool { count++ return true }) @@ -284,20 +276,18 @@ func TestDefaultCache_RangeWithInvalidTypes(t *testing.T) { cache.m.Store("invalid-key-type", &SchemaCacheEntry{}) // Store an entry with wrong value type - var validKey [32]byte - copy(validKey[:], []byte{1}) + validKey := uint64(1) cache.m.Store(validKey, "invalid-value-type") // Store a valid entry - var validKey2 [32]byte - copy(validKey2[:], []byte{2}) + validKey2 := uint64(2) validEntry := &SchemaCacheEntry{RenderedInline: []byte("valid")} cache.Store(validKey2, validEntry) // Range should skip invalid entries and only process valid ones count := 0 var seenEntry *SchemaCacheEntry - cache.Range(func(key [32]byte, value *SchemaCacheEntry) bool { + cache.Range(func(key uint64, value *SchemaCacheEntry) bool { count++ seenEntry = value return true diff --git a/cache/default_cache.go b/cache/default_cache.go index d718f7ea..c27211c7 100644 --- a/cache/default_cache.go +++ b/cache/default_cache.go @@ -15,7 +15,7 @@ func NewDefaultCache() *DefaultCache { } // Load retrieves a schema from the cache. -func (c *DefaultCache) Load(key [32]byte) (*SchemaCacheEntry, bool) { +func (c *DefaultCache) Load(key uint64) (*SchemaCacheEntry, bool) { if c == nil || c.m == nil { return nil, false } @@ -28,7 +28,7 @@ func (c *DefaultCache) Load(key [32]byte) (*SchemaCacheEntry, bool) { } // Store saves a schema to the cache. -func (c *DefaultCache) Store(key [32]byte, value *SchemaCacheEntry) { +func (c *DefaultCache) Store(key uint64, value *SchemaCacheEntry) { if c == nil || c.m == nil { return } @@ -36,12 +36,12 @@ func (c *DefaultCache) Store(key [32]byte, value *SchemaCacheEntry) { } // Range calls f for each entry in the cache (for testing/inspection). -func (c *DefaultCache) Range(f func(key [32]byte, value *SchemaCacheEntry) bool) { +func (c *DefaultCache) Range(f func(key uint64, value *SchemaCacheEntry) bool) { if c == nil || c.m == nil { return } c.m.Range(func(k, v interface{}) bool { - key, ok := k.([32]byte) + key, ok := k.(uint64) if !ok { return true } diff --git a/cmd/validate/main.go b/cmd/validate/main.go index 58ffcf47..ec1c626b 100644 --- a/cmd/validate/main.go +++ b/cmd/validate/main.go @@ -8,6 +8,7 @@ import ( "os" "github.com/dlclark/regexp2" + "github.com/goccy/go-yaml" "github.com/pb33f/libopenapi" "github.com/santhosh-tekuri/jsonschema/v6" @@ -64,13 +65,19 @@ var ( If not specified, the default libopenapi option is "re2". If not specified, the default libopenapi regex engine is "re2"".`) + convertYAMLToJSON = flag.Bool("yaml2json", false, `Convert YAML files to JSON before validation. + libopenapi passes map[interface{}]interface{} structures for deeply nested objects + or complex mappings, which are not allowed in JSON and cannot be validated by jsonschema. + This flag allows pre-converting from YAML to JSON to bypass this limitation of the libopenapi. + Default is false.`) ) // main is the entry point for validating an OpenAPI Specification (OAS) document. // It uses the libopenapi-validator library to check if the provided OAS document // conforms to the OpenAPI specification. // -// This tool accepts a single input file (YAML or JSON) and provides an optional +// This tool accepts a single input file (YAML or JSON) and provides optional flags: +// // `--regexengine` flag to customize the regex engine used during validation. // This is useful for cases where the spec uses regex patterns that require engines // like ECMAScript or RE2. @@ -80,9 +87,16 @@ If not specified, the default libopenapi regex engine is "re2"".`) // - Flags: ignorecase, multiline, explicitcapture, compiled, singleline, // ignorepatternwhitespace, righttoleft, debug, unicode // +// `--yaml2json` flag to convert YAML files to JSON before validation. +// libopenapi passes map[interface{}]interface{} structures for deeply nested +// objects or complex mappings, which are not allowed in JSON and cannot be +// validated by jsonschema. This flag allows pre-converting from YAML to JSON +// to bypass this limitation of the libopenapi. Default is false. +// // Example usage: // // go run main.go --regexengine=ecmascript ./my-api-spec.yaml +// go run main.go --yaml2json ./my-api-spec.yaml // // If validation passes, the tool logs a success message. // If the document is invalid or there is a processing error, it logs details and exits non-zero. @@ -94,13 +108,21 @@ Validates an OpenAPI document using libopenapi-validator. Options: --regexengine string Specify the regex parsing option to use. - Supported values are: + Supported values are: Engines: re2 (default), ecmascript - Flags: ignorecase, multiline, explicitcapture, compiled, - singleline, ignorepatternwhitespace, righttoleft, + Flags: ignorecase, multiline, explicitcapture, compiled, + singleline, ignorepatternwhitespace, righttoleft, debug, unicode If not specified, the default libopenapi option is "re2". + --yaml2json Convert YAML files to JSON before validation. + libopenapi passes map[interface{}]interface{} + structures for deeply nested objects or complex mappings, which + are not allowed in JSON and cannot be validated by jsonschema. + This flag allows pre-converting from YAML to JSON to bypass this + limitation of the libopenapi. + (default: false) + -h, --help Show this help message and exit. `) } @@ -156,6 +178,17 @@ Options: os.Exit(1) } + if *convertYAMLToJSON { + var v interface{} + if err := yaml.Unmarshal(data, &v); err == nil { + data, err = yaml.YAMLToJSON(data) + if err != nil { + logger.Error("invalid api spec: error converting yaml to json", slog.Any("error", err)) + os.Exit(1) + } + } + } + doc, err := libopenapi.NewDocument(data) if err != nil { logger.Error("error creating new libopenapi document", slog.Any("error", err)) diff --git a/config/config.go b/config/config.go index 5ba7362d..ddd15b79 100644 --- a/config/config.go +++ b/config/config.go @@ -1,8 +1,11 @@ package config import ( - "github.com/pb33f/libopenapi-validator/cache" + "log/slog" + "github.com/santhosh-tekuri/jsonschema/v6" + + "github.com/pb33f/libopenapi-validator/cache" ) // RegexCache can be set to enable compiled regex caching. @@ -18,15 +21,24 @@ type RegexCache interface { // // Generally fluent With... style functions are used to establish the desired behavior. type ValidationOptions struct { - RegexEngine jsonschema.RegexpEngine - RegexCache RegexCache // Enable compiled regex caching - FormatAssertions bool - ContentAssertions bool - SecurityValidation bool - OpenAPIMode bool // Enable OpenAPI-specific vocabulary validation - AllowScalarCoercion bool // Enable string->boolean/number coercion - Formats map[string]func(v any) error - SchemaCache cache.SchemaCache // Optional cache for compiled schemas + RegexEngine jsonschema.RegexpEngine + RegexCache RegexCache // Enable compiled regex caching + FormatAssertions bool + ContentAssertions bool + SecurityValidation bool + OpenAPIMode bool // Enable OpenAPI-specific vocabulary validation + AllowScalarCoercion bool // Enable string->boolean/number coercion + Formats map[string]func(v any) error + SchemaCache cache.SchemaCache // Optional cache for compiled schemas + Logger *slog.Logger // Logger for debug/error output (nil = silent) + AllowXMLBodyValidation bool // Allows to convert XML to JSON for validating a request/response body. + AllowURLEncodedBodyValidation bool // Allows to convert URL Encoded to JSON for validating a request/response body. + + // strict mode options - detect undeclared properties even when additionalProperties: true + StrictMode bool // Enable strict property validation + StrictIgnorePaths []string // Instance JSONPath patterns to exclude from strict checks + StrictIgnoredHeaders []string // Headers to always ignore in strict mode (nil = use defaults) + strictIgnoredHeadersMerge bool // Internal: true if merging with defaults } // Option Enables an 'Options pattern' approach @@ -34,7 +46,7 @@ type Option func(*ValidationOptions) // NewValidationOptions creates a new ValidationOptions instance with default values. func NewValidationOptions(opts ...Option) *ValidationOptions { - // Create the set of default values + // create the set of default values o := &ValidationOptions{ FormatAssertions: false, ContentAssertions: false, @@ -43,14 +55,11 @@ func NewValidationOptions(opts ...Option) *ValidationOptions { SchemaCache: cache.NewDefaultCache(), // Enable caching by default } - // Apply any supplied overrides for _, opt := range opts { if opt != nil { opt(o) } } - - // Done return o } @@ -67,10 +76,25 @@ func WithExistingOpts(options *ValidationOptions) Option { o.AllowScalarCoercion = options.AllowScalarCoercion o.Formats = options.Formats o.SchemaCache = options.SchemaCache + o.Logger = options.Logger + o.AllowXMLBodyValidation = options.AllowXMLBodyValidation + o.AllowURLEncodedBodyValidation = options.AllowURLEncodedBodyValidation + o.StrictMode = options.StrictMode + o.StrictIgnorePaths = options.StrictIgnorePaths + o.StrictIgnoredHeaders = options.StrictIgnoredHeaders + o.strictIgnoredHeadersMerge = options.strictIgnoredHeadersMerge } } } +// WithLogger sets the logger for validation debug/error output. +// If not set, logging is silent (nil logger is handled gracefully). +func WithLogger(logger *slog.Logger) Option { + return func(o *ValidationOptions) { + o.Logger = logger + } +} + // WithRegexEngine Assigns a custom regular-expression engine to be used during validation. func WithRegexEngine(engine jsonschema.RegexpEngine) Option { return func(o *ValidationOptions) { @@ -141,6 +165,22 @@ func WithScalarCoercion() Option { } } +// WithXmlBodyValidation enables converting an XML body to a JSON when validating the schema from a request and response body +// The default option is set to false +func WithXmlBodyValidation() Option { + return func(o *ValidationOptions) { + o.AllowXMLBodyValidation = true + } +} + +// WithURLEncodedBodyValidation enables converting an URL Encoded body to a JSON when validating the schema from a request and response body +// The default option is set to false +func WithURLEncodedBodyValidation() Option { + return func(o *ValidationOptions) { + o.AllowURLEncodedBodyValidation = true + } +} + // WithSchemaCache sets a custom cache implementation or disables caching if nil. // Pass nil to disable schema caching and skip cache warming during validator initialization. // The default cache is a thread-safe sync.Map wrapper. @@ -149,3 +189,79 @@ func WithSchemaCache(cache cache.SchemaCache) Option { o.SchemaCache = cache } } + +// WithStrictMode enables strict property validation. +// In strict mode, undeclared properties are reported as errors even when +// additionalProperties: true would normally allow them. +// +// This is useful for API governance scenarios where you want to ensure +// clients only send properties that are explicitly documented in the +// OpenAPI specification. +func WithStrictMode() Option { + return func(o *ValidationOptions) { + o.StrictMode = true + } +} + +// WithStrictIgnorePaths sets JSONPath patterns for paths to exclude from strict validation. +// Patterns use glob syntax: +// - * matches a single path segment +// - ** matches any depth (zero or more segments) +// - [*] matches any array index +// - \* escapes a literal asterisk +// +// Examples: +// - "$.body.metadata.*" - any property under metadata +// - "$.body.**.x-*" - any x-* property at any depth +// - "$.headers.X-*" - any header starting with X- +func WithStrictIgnorePaths(paths ...string) Option { + return func(o *ValidationOptions) { + o.StrictIgnorePaths = paths + } +} + +// WithStrictIgnoredHeaders replaces the default ignored headers list entirely. +// Use this to fully control which headers are ignored in strict mode. +// For the default list, see the strict package's DefaultIgnoredHeaders. +func WithStrictIgnoredHeaders(headers ...string) Option { + return func(o *ValidationOptions) { + o.StrictIgnoredHeaders = headers + o.strictIgnoredHeadersMerge = false + } +} + +// WithStrictIgnoredHeadersExtra adds headers to the default ignored list. +// Unlike WithStrictIgnoredHeaders, this merges with the defaults rather +// than replacing them. +func WithStrictIgnoredHeadersExtra(headers ...string) Option { + return func(o *ValidationOptions) { + o.StrictIgnoredHeaders = headers + o.strictIgnoredHeadersMerge = true + } +} + +// defaultIgnoredHeaders contains standard HTTP headers ignored by default. +// This is the fallback list used when no custom headers are configured. +var defaultIgnoredHeaders = []string{ + "content-type", "content-length", "accept", "authorization", + "user-agent", "host", "connection", "accept-encoding", + "accept-language", "cache-control", "pragma", "origin", + "referer", "cookie", "date", "etag", "expires", + "if-match", "if-none-match", "if-modified-since", + "last-modified", "transfer-encoding", "vary", "x-forwarded-for", + "x-forwarded-proto", "x-real-ip", "x-request-id", + "request-start-time", // Added by some API clients for timing +} + +// GetEffectiveStrictIgnoredHeaders returns the list of headers to ignore +// based on configuration. Returns defaults if not configured, merged list +// if extra headers were added, or replaced list if headers were fully replaced. +func (o *ValidationOptions) GetEffectiveStrictIgnoredHeaders() []string { + if o.StrictIgnoredHeaders == nil { + return defaultIgnoredHeaders + } + if o.strictIgnoredHeadersMerge { + return append(defaultIgnoredHeaders, o.StrictIgnoredHeaders...) + } + return o.StrictIgnoredHeaders +} diff --git a/config/config_test.go b/config/config_test.go index a79aa9c5..9dea2602 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -4,6 +4,7 @@ package config import ( + "log/slog" "sync" "testing" @@ -18,8 +19,10 @@ func TestNewValidationOptions_Defaults(t *testing.T) { assert.False(t, opts.FormatAssertions) assert.False(t, opts.ContentAssertions) assert.True(t, opts.SecurityValidation) - assert.True(t, opts.OpenAPIMode) // Default is true - assert.False(t, opts.AllowScalarCoercion) // Default is false + assert.True(t, opts.OpenAPIMode) // Default is true + assert.False(t, opts.AllowScalarCoercion) // Default is false + assert.False(t, opts.AllowXMLBodyValidation) // Default is false + assert.False(t, opts.AllowURLEncodedBodyValidation) // Default is false assert.Nil(t, opts.RegexEngine) assert.Nil(t, opts.RegexCache) } @@ -31,8 +34,9 @@ func TestNewValidationOptions_WithNilOption(t *testing.T) { assert.False(t, opts.FormatAssertions) assert.False(t, opts.ContentAssertions) assert.True(t, opts.SecurityValidation) - assert.True(t, opts.OpenAPIMode) // Default is true - assert.False(t, opts.AllowScalarCoercion) // Default is false + assert.True(t, opts.OpenAPIMode) // Default is true + assert.False(t, opts.AllowScalarCoercion) // Default is false + assert.False(t, opts.AllowXMLBodyValidation) // Default is false assert.Nil(t, opts.RegexEngine) assert.Nil(t, opts.RegexCache) } @@ -43,8 +47,9 @@ func TestWithFormatAssertions(t *testing.T) { assert.True(t, opts.FormatAssertions) assert.False(t, opts.ContentAssertions) assert.True(t, opts.SecurityValidation) - assert.True(t, opts.OpenAPIMode) // Default is true - assert.False(t, opts.AllowScalarCoercion) // Default is false + assert.True(t, opts.OpenAPIMode) // Default is true + assert.False(t, opts.AllowScalarCoercion) // Default is false + assert.False(t, opts.AllowXMLBodyValidation) // Default is false assert.Nil(t, opts.RegexEngine) assert.Nil(t, opts.RegexCache) } @@ -55,8 +60,9 @@ func TestWithContentAssertions(t *testing.T) { assert.False(t, opts.FormatAssertions) assert.True(t, opts.ContentAssertions) assert.True(t, opts.SecurityValidation) - assert.True(t, opts.OpenAPIMode) // Default is true - assert.False(t, opts.AllowScalarCoercion) // Default is false + assert.True(t, opts.OpenAPIMode) // Default is true + assert.False(t, opts.AllowScalarCoercion) // Default is false + assert.False(t, opts.AllowXMLBodyValidation) // Default is false assert.Nil(t, opts.RegexEngine) assert.Nil(t, opts.RegexCache) } @@ -92,11 +98,13 @@ func TestWithExistingOpts(t *testing.T) { // Create original options with all settings enabled var testEngine jsonschema.RegexpEngine = nil original := &ValidationOptions{ - RegexEngine: testEngine, - RegexCache: &sync.Map{}, - FormatAssertions: true, - ContentAssertions: true, - SecurityValidation: false, + RegexEngine: testEngine, + RegexCache: &sync.Map{}, + FormatAssertions: true, + AllowXMLBodyValidation: true, + AllowURLEncodedBodyValidation: true, + ContentAssertions: true, + SecurityValidation: false, } // Create new options using existing options @@ -104,6 +112,8 @@ func TestWithExistingOpts(t *testing.T) { assert.Nil(t, opts.RegexEngine) // Both should be nil assert.NotNil(t, opts.RegexCache) + assert.Equal(t, original.AllowXMLBodyValidation, opts.AllowXMLBodyValidation) + assert.Equal(t, original.AllowURLEncodedBodyValidation, opts.AllowURLEncodedBodyValidation) assert.Equal(t, original.FormatAssertions, opts.FormatAssertions) assert.Equal(t, original.ContentAssertions, opts.ContentAssertions) assert.Equal(t, original.SecurityValidation, opts.SecurityValidation) @@ -118,8 +128,9 @@ func TestWithExistingOpts_NilSource(t *testing.T) { assert.False(t, opts.FormatAssertions) assert.False(t, opts.ContentAssertions) assert.True(t, opts.SecurityValidation) - assert.True(t, opts.OpenAPIMode) // Default is true - assert.False(t, opts.AllowScalarCoercion) // Default is false + assert.True(t, opts.OpenAPIMode) // Default is true + assert.False(t, opts.AllowScalarCoercion) // Default is false + assert.False(t, opts.AllowXMLBodyValidation) // Default is false assert.Nil(t, opts.RegexEngine) assert.Nil(t, opts.RegexCache) } @@ -128,11 +139,13 @@ func TestMultipleOptions(t *testing.T) { opts := NewValidationOptions( WithFormatAssertions(), WithContentAssertions(), + WithXmlBodyValidation(), ) assert.True(t, opts.FormatAssertions) assert.True(t, opts.ContentAssertions) assert.True(t, opts.SecurityValidation) + assert.True(t, opts.AllowXMLBodyValidation) assert.True(t, opts.OpenAPIMode) // Default is true assert.False(t, opts.AllowScalarCoercion) // Default is false assert.Nil(t, opts.RegexEngine) @@ -179,6 +192,14 @@ func TestWithExistingOpts_PartialOverride(t *testing.T) { assert.False(t, opts.SecurityValidation) // From original } +func TestWithUrlEncodedBodyValidation(t *testing.T) { + opts := NewValidationOptions( + WithURLEncodedBodyValidation(), + ) + + assert.True(t, opts.AllowURLEncodedBodyValidation) +} + func TestComplexScenario(t *testing.T) { // Test a complex real-world scenario var mockEngine jsonschema.RegexpEngine = nil @@ -368,3 +389,105 @@ func TestWithRegexpCache(t *testing.T) { assert.NotNil(t, opts.RegexCache) } + +// Tests for strict mode configuration options + +func TestWithStrictMode(t *testing.T) { + opts := NewValidationOptions(WithStrictMode()) + + assert.True(t, opts.StrictMode) + assert.Nil(t, opts.StrictIgnorePaths) + assert.Nil(t, opts.StrictIgnoredHeaders) +} + +func TestWithStrictIgnorePaths(t *testing.T) { + paths := []string{"$.body.metadata.*", "$.headers.X-*"} + opts := NewValidationOptions(WithStrictIgnorePaths(paths...)) + + assert.Equal(t, paths, opts.StrictIgnorePaths) + assert.False(t, opts.StrictMode) // Not enabled by default +} + +func TestWithStrictIgnoredHeaders(t *testing.T) { + headers := []string{"x-custom-header", "x-another-header"} + opts := NewValidationOptions(WithStrictIgnoredHeaders(headers...)) + + assert.Equal(t, headers, opts.StrictIgnoredHeaders) + assert.False(t, opts.strictIgnoredHeadersMerge) +} + +func TestWithStrictIgnoredHeadersExtra(t *testing.T) { + headers := []string{"x-extra-header"} + opts := NewValidationOptions(WithStrictIgnoredHeadersExtra(headers...)) + + assert.Equal(t, headers, opts.StrictIgnoredHeaders) + assert.True(t, opts.strictIgnoredHeadersMerge) +} + +func TestGetEffectiveStrictIgnoredHeaders_Default(t *testing.T) { + opts := NewValidationOptions() + + headers := opts.GetEffectiveStrictIgnoredHeaders() + + assert.NotNil(t, headers) + assert.Contains(t, headers, "content-type") + assert.Contains(t, headers, "authorization") +} + +func TestGetEffectiveStrictIgnoredHeaders_Replace(t *testing.T) { + customHeaders := []string{"x-only-this"} + opts := NewValidationOptions(WithStrictIgnoredHeaders(customHeaders...)) + + headers := opts.GetEffectiveStrictIgnoredHeaders() + + assert.Equal(t, customHeaders, headers) + assert.NotContains(t, headers, "content-type") // Default headers are replaced +} + +func TestGetEffectiveStrictIgnoredHeaders_Merge(t *testing.T) { + extraHeaders := []string{"x-extra-header"} + opts := NewValidationOptions(WithStrictIgnoredHeadersExtra(extraHeaders...)) + + headers := opts.GetEffectiveStrictIgnoredHeaders() + + // Should have both defaults and extras + assert.Contains(t, headers, "content-type") // From defaults + assert.Contains(t, headers, "x-extra-header") // From extras + assert.Contains(t, headers, "authorization") // From defaults +} + +func TestWithLogger(t *testing.T) { + logger := slog.New(slog.NewTextHandler(nil, nil)) + opts := NewValidationOptions(WithLogger(logger)) + + assert.Equal(t, logger, opts.Logger) +} + +func TestWithExistingOpts_StrictFields(t *testing.T) { + original := &ValidationOptions{ + StrictMode: true, + StrictIgnorePaths: []string{"$.body.*"}, + StrictIgnoredHeaders: []string{"x-custom"}, + strictIgnoredHeadersMerge: true, + Logger: slog.New(slog.NewTextHandler(nil, nil)), + } + + opts := NewValidationOptions(WithExistingOpts(original)) + + assert.True(t, opts.StrictMode) + assert.Equal(t, original.StrictIgnorePaths, opts.StrictIgnorePaths) + assert.Equal(t, original.StrictIgnoredHeaders, opts.StrictIgnoredHeaders) + assert.True(t, opts.strictIgnoredHeadersMerge) + assert.Equal(t, original.Logger, opts.Logger) +} + +func TestStrictModeWithIgnorePaths(t *testing.T) { + paths := []string{"$.body.metadata.*"} + opts := NewValidationOptions( + WithStrictMode(), + WithStrictIgnorePaths(paths...), + ) + + assert.True(t, opts.StrictMode) + assert.Equal(t, paths, opts.StrictIgnorePaths) +} diff --git a/errors/parameter_errors.go b/errors/parameter_errors.go index 9bbcee85..2100ba00 100644 --- a/errors/parameter_errors.go +++ b/errors/parameter_errors.go @@ -20,9 +20,10 @@ func IncorrectFormEncoding(param *v3.Parameter, qp *helpers.QueryParam, i int) * Reason: fmt.Sprintf("The query parameter '%s' has a default or 'form' encoding defined, "+ "however the value '%s' is encoded as an object or an array using commas. The contract defines "+ "the explode value to set to 'true'", param.Name, qp.Values[i]), - SpecLine: param.GoLow().Explode.ValueNode.Line, - SpecCol: param.GoLow().Explode.ValueNode.Column, - Context: param, + SpecLine: param.GoLow().Explode.ValueNode.Line, + SpecCol: param.GoLow().Explode.ValueNode.Column, + ParameterName: param.Name, + Context: param, HowToFix: fmt.Sprintf(HowToFixParamInvalidFormEncode, helpers.CollapseCSVIntoFormStyle(param.Name, qp.Values[i])), } @@ -36,9 +37,10 @@ func IncorrectSpaceDelimiting(param *v3.Parameter, qp *helpers.QueryParam) *Vali Reason: fmt.Sprintf("The query parameter '%s' has 'spaceDelimited' style defined, "+ "and explode is defined as false. There are multiple values (%d) supplied, instead of a single"+ " space delimited value", param.Name, len(qp.Values)), - SpecLine: param.GoLow().Style.ValueNode.Line, - SpecCol: param.GoLow().Style.ValueNode.Column, - Context: param, + SpecLine: param.GoLow().Style.ValueNode.Line, + SpecCol: param.GoLow().Style.ValueNode.Column, + ParameterName: param.Name, + Context: param, HowToFix: fmt.Sprintf(HowToFixParamInvalidSpaceDelimitedObjectExplode, helpers.CollapseCSVIntoSpaceDelimitedStyle(param.Name, qp.Values)), } @@ -52,9 +54,10 @@ func IncorrectPipeDelimiting(param *v3.Parameter, qp *helpers.QueryParam) *Valid Reason: fmt.Sprintf("The query parameter '%s' has 'pipeDelimited' style defined, "+ "and explode is defined as false. There are multiple values (%d) supplied, instead of a single"+ " space delimited value", param.Name, len(qp.Values)), - SpecLine: param.GoLow().Style.ValueNode.Line, - SpecCol: param.GoLow().Style.ValueNode.Column, - Context: param, + SpecLine: param.GoLow().Style.ValueNode.Line, + SpecCol: param.GoLow().Style.ValueNode.Column, + ParameterName: param.Name, + Context: param, HowToFix: fmt.Sprintf(HowToFixParamInvalidPipeDelimitedObjectExplode, helpers.CollapseCSVIntoPipeDelimitedStyle(param.Name, qp.Values)), } @@ -68,19 +71,17 @@ func InvalidDeepObject(param *v3.Parameter, qp *helpers.QueryParam) *ValidationE Reason: fmt.Sprintf("The query parameter '%s' has the 'deepObject' style defined, "+ "There are multiple values (%d) supplied, instead of a single "+ "value", param.Name, len(qp.Values)), - SpecLine: param.GoLow().Style.ValueNode.Line, - SpecCol: param.GoLow().Style.ValueNode.Column, - Context: param, + SpecLine: param.GoLow().Style.ValueNode.Line, + SpecCol: param.GoLow().Style.ValueNode.Column, + ParameterName: param.Name, + Context: param, HowToFix: fmt.Sprintf(HowToFixParamInvalidDeepObjectMultipleValues, helpers.CollapseCSVIntoPipeDelimitedStyle(param.Name, qp.Values)), } } func QueryParameterMissing(param *v3.Parameter, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/required", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "required") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -88,9 +89,10 @@ func QueryParameterMissing(param *v3.Parameter, pathTemplate string, operation s Message: fmt.Sprintf("Query parameter '%s' is missing", param.Name), Reason: fmt.Sprintf("The query parameter '%s' is defined as being required, "+ "however it's missing from the requests", param.Name), - SpecLine: param.GoLow().Required.KeyNode.Line, - SpecCol: param.GoLow().Required.KeyNode.Column, - HowToFix: HowToFixMissingValue, + SpecLine: param.GoLow().Required.KeyNode.Line, + SpecCol: param.GoLow().Required.KeyNode.Column, + ParameterName: param.Name, + HowToFix: HowToFixMissingValue, SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Required query parameter '%s' is missing", param.Name), FieldName: param.Name, @@ -114,9 +116,10 @@ func HeaderParameterMissing(param *v3.Parameter, pathTemplate string, operation Message: fmt.Sprintf("Header parameter '%s' is missing", param.Name), Reason: fmt.Sprintf("The header parameter '%s' is defined as being required, "+ "however it's missing from the requests", param.Name), - SpecLine: param.GoLow().Required.KeyNode.Line, - SpecCol: param.GoLow().Required.KeyNode.Column, - HowToFix: HowToFixMissingValue, + SpecLine: param.GoLow().Required.KeyNode.Line, + SpecCol: param.GoLow().Required.KeyNode.Column, + ParameterName: param.Name, + HowToFix: HowToFixMissingValue, SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Required header parameter '%s' is missing", param.Name), FieldName: param.Name, @@ -128,11 +131,32 @@ func HeaderParameterMissing(param *v3.Parameter, pathTemplate string, operation } } +func CookieParameterMissing(param *v3.Parameter, pathTemplate string, operation string, renderedSchema string) *ValidationError { + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "required") + + return &ValidationError{ + ValidationType: helpers.ParameterValidation, + ValidationSubType: helpers.ParameterValidationCookie, + Message: fmt.Sprintf("Cookie parameter '%s' is missing", param.Name), + Reason: fmt.Sprintf("The cookie parameter '%s' is defined as being required, "+ + "however it's missing from the request", param.Name), + SpecLine: param.GoLow().Required.KeyNode.Line, + SpecCol: param.GoLow().Required.KeyNode.Column, + ParameterName: param.Name, + HowToFix: HowToFixMissingValue, + SchemaValidationErrors: []*SchemaValidationFailure{{ + Reason: fmt.Sprintf("Required cookie parameter '%s' is missing", param.Name), + FieldName: param.Name, + FieldPath: "", + InstancePath: []string{}, + KeywordLocation: keywordLocation, + ReferenceSchema: renderedSchema, + }}, + } +} + func HeaderParameterCannotBeDecoded(param *v3.Parameter, val string, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -140,9 +164,10 @@ func HeaderParameterCannotBeDecoded(param *v3.Parameter, val string, pathTemplat Message: fmt.Sprintf("Header parameter '%s' cannot be decoded", param.Name), Reason: fmt.Sprintf("The header parameter '%s' cannot be "+ "extracted into an object, '%s' is malformed", param.Name, val), - SpecLine: param.GoLow().Schema.Value.Schema().Type.KeyNode.Line, - SpecCol: param.GoLow().Schema.Value.Schema().Type.KeyNode.Line, - HowToFix: HowToFixInvalidEncoding, + SpecLine: param.GoLow().Schema.Value.Schema().Type.KeyNode.Line, + SpecCol: param.GoLow().Schema.Value.Schema().Type.KeyNode.Line, + ParameterName: param.Name, + HowToFix: HowToFixInvalidEncoding, SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Header value '%s' cannot be decoded as object (malformed encoding)", val), FieldName: param.Name, @@ -160,10 +185,7 @@ func IncorrectHeaderParamEnum(param *v3.Parameter, ef string, sch *base.Schema, } validEnums := strings.Join(enums, ", ") - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/enum", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "enum") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -171,10 +193,11 @@ func IncorrectHeaderParamEnum(param *v3.Parameter, ef string, sch *base.Schema, Message: fmt.Sprintf("Header parameter '%s' does not match allowed values", param.Name), Reason: fmt.Sprintf("The header parameter '%s' has pre-defined "+ "values set via an enum. The value '%s' is not one of those values.", param.Name, ef), - SpecLine: param.GoLow().Schema.Value.Schema().Enum.KeyNode.Line, - SpecCol: param.GoLow().Schema.Value.Schema().Enum.KeyNode.Column, - Context: sch, - HowToFix: fmt.Sprintf(HowToFixParamInvalidEnum, ef, validEnums), + SpecLine: param.GoLow().Schema.Value.Schema().Enum.KeyNode.Line, + SpecCol: param.GoLow().Schema.Value.Schema().Enum.KeyNode.Column, + ParameterName: param.Name, + Context: sch, + HowToFix: fmt.Sprintf(HowToFixParamInvalidEnum, ef, validEnums), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Value '%s' does not match any enum values: [%s]", ef, validEnums), FieldName: param.Name, @@ -188,10 +211,7 @@ func IncorrectHeaderParamEnum(param *v3.Parameter, ef string, sch *base.Schema, func IncorrectQueryParamArrayBoolean( param *v3.Parameter, item string, sch *base.Schema, itemsSchema *base.Schema, pathTemplate string, operation string, renderedItemsSchema string, ) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/items/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "items/type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -199,10 +219,11 @@ func IncorrectQueryParamArrayBoolean( Message: fmt.Sprintf("Query array parameter '%s' is not a valid boolean", param.Name), Reason: fmt.Sprintf("The query parameter (which is an array) '%s' is defined as being a boolean, "+ "however the value '%s' is not a valid true/false value", param.Name, item), - SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, - SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, - Context: itemsSchema, - HowToFix: fmt.Sprintf(HowToFixParamInvalidBoolean, item), + SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, + SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, + Context: itemsSchema, + HowToFix: fmt.Sprintf(HowToFixParamInvalidBoolean, item), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array item '%s' is not a valid boolean", item), FieldName: param.Name, @@ -214,10 +235,7 @@ func IncorrectQueryParamArrayBoolean( } func IncorrectParamArrayMaxNumItems(param *v3.Parameter, sch *base.Schema, expected, actual int64, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/maxItems", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "maxItems") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -225,10 +243,11 @@ func IncorrectParamArrayMaxNumItems(param *v3.Parameter, sch *base.Schema, expec Message: fmt.Sprintf("Query array parameter '%s' has too many items", param.Name), Reason: fmt.Sprintf("The query parameter (which is an array) '%s' has a maximum item length of %d, "+ "however the request provided %d items", param.Name, expected, actual), - SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, - SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, - Context: sch, - HowToFix: fmt.Sprintf(HowToFixInvalidMaxItems, expected), + SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, + SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, + Context: sch, + HowToFix: fmt.Sprintf(HowToFixInvalidMaxItems, expected), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array has %d items, but maximum is %d", actual, expected), FieldName: param.Name, @@ -240,10 +259,7 @@ func IncorrectParamArrayMaxNumItems(param *v3.Parameter, sch *base.Schema, expec } func IncorrectParamArrayMinNumItems(param *v3.Parameter, sch *base.Schema, expected, actual int64, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/minItems", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "minItems") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -251,10 +267,11 @@ func IncorrectParamArrayMinNumItems(param *v3.Parameter, sch *base.Schema, expec Message: fmt.Sprintf("Query array parameter '%s' does not have enough items", param.Name), Reason: fmt.Sprintf("The query parameter (which is an array) '%s' has a minimum items length of %d, "+ "however the request provided %d items", param.Name, expected, actual), - SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, - SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, - Context: sch, - HowToFix: fmt.Sprintf(HowToFixInvalidMinItems, expected), + SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, + SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, + Context: sch, + HowToFix: fmt.Sprintf(HowToFixInvalidMinItems, expected), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array has %d items, but minimum is %d", actual, expected), FieldName: param.Name, @@ -266,10 +283,7 @@ func IncorrectParamArrayMinNumItems(param *v3.Parameter, sch *base.Schema, expec } func IncorrectParamArrayUniqueItems(param *v3.Parameter, sch *base.Schema, duplicates string, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/uniqueItems", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "uniqueItems") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -278,6 +292,7 @@ func IncorrectParamArrayUniqueItems(param *v3.Parameter, sch *base.Schema, dupli Reason: fmt.Sprintf("The query parameter (which is an array) '%s' contains the following duplicates: '%s'", param.Name, duplicates), SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, Context: sch, HowToFix: "Ensure the array values are all unique", SchemaValidationErrors: []*SchemaValidationFailure{{ @@ -293,10 +308,7 @@ func IncorrectParamArrayUniqueItems(param *v3.Parameter, sch *base.Schema, dupli func IncorrectCookieParamArrayBoolean( param *v3.Parameter, item string, sch *base.Schema, itemsSchema *base.Schema, pathTemplate string, operation string, renderedItemsSchema string, ) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/items/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "items/type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -304,10 +316,11 @@ func IncorrectCookieParamArrayBoolean( Message: fmt.Sprintf("Cookie array parameter '%s' is not a valid boolean", param.Name), Reason: fmt.Sprintf("The cookie parameter (which is an array) '%s' is defined as being a boolean, "+ "however the value '%s' is not a valid true/false value", param.Name, item), - SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, - SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, - Context: itemsSchema, - HowToFix: fmt.Sprintf(HowToFixParamInvalidBoolean, item), + SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, + SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, + Context: itemsSchema, + HowToFix: fmt.Sprintf(HowToFixParamInvalidBoolean, item), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array item '%s' is not a valid boolean", item), FieldName: param.Name, @@ -321,10 +334,7 @@ func IncorrectCookieParamArrayBoolean( func IncorrectQueryParamArrayInteger( param *v3.Parameter, item string, sch *base.Schema, itemsSchema *base.Schema, pathTemplate string, operation string, renderedItemsSchema string, ) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/items/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "items/type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -332,10 +342,11 @@ func IncorrectQueryParamArrayInteger( Message: fmt.Sprintf("Query array parameter '%s' is not a valid integer", param.Name), Reason: fmt.Sprintf("The query parameter (which is an array) '%s' is defined as being an integer, "+ "however the value '%s' is not a valid integer", param.Name, item), - SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, - SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, - Context: itemsSchema, - HowToFix: fmt.Sprintf(HowToFixParamInvalidInteger, item), + SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, + SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, + Context: itemsSchema, + HowToFix: fmt.Sprintf(HowToFixParamInvalidInteger, item), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array item '%s' is not a valid integer", item), FieldName: param.Name, @@ -349,10 +360,7 @@ func IncorrectQueryParamArrayInteger( func IncorrectQueryParamArrayNumber( param *v3.Parameter, item string, sch *base.Schema, itemsSchema *base.Schema, pathTemplate string, operation string, renderedItemsSchema string, ) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/items/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "items/type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -360,10 +368,11 @@ func IncorrectQueryParamArrayNumber( Message: fmt.Sprintf("Query array parameter '%s' is not a valid number", param.Name), Reason: fmt.Sprintf("The query parameter (which is an array) '%s' is defined as being a number, "+ "however the value '%s' is not a valid number", param.Name, item), - SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, - SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, - Context: itemsSchema, - HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, item), + SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, + SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, + Context: itemsSchema, + HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, item), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array item '%s' is not a valid number", item), FieldName: param.Name, @@ -377,10 +386,7 @@ func IncorrectQueryParamArrayNumber( func IncorrectCookieParamArrayNumber( param *v3.Parameter, item string, sch *base.Schema, itemsSchema *base.Schema, pathTemplate string, operation string, renderedItemsSchema string, ) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/items/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "items/type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -388,10 +394,11 @@ func IncorrectCookieParamArrayNumber( Message: fmt.Sprintf("Cookie array parameter '%s' is not a valid number", param.Name), Reason: fmt.Sprintf("The cookie parameter (which is an array) '%s' is defined as being a number, "+ "however the value '%s' is not a valid number", param.Name, item), - SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, - SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, - Context: itemsSchema, - HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, item), + SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, + SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, + Context: itemsSchema, + HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, item), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array item '%s' is not a valid number", item), FieldName: param.Name, @@ -414,10 +421,11 @@ func IncorrectParamEncodingJSON(param *v3.Parameter, ef string, sch *base.Schema Message: fmt.Sprintf("Query parameter '%s' is not valid JSON", param.Name), Reason: fmt.Sprintf("The query parameter '%s' is defined as being a JSON object, "+ "however the value '%s' is not valid JSON", param.Name, ef), - SpecLine: param.GoLow().FindContent(helpers.JSONContentType).ValueNode.Line, - SpecCol: param.GoLow().FindContent(helpers.JSONContentType).ValueNode.Column, - Context: sch, - HowToFix: HowToFixInvalidJSON, + SpecLine: param.GoLow().FindContent(helpers.JSONContentType).ValueNode.Line, + SpecCol: param.GoLow().FindContent(helpers.JSONContentType).ValueNode.Column, + ParameterName: param.Name, + Context: sch, + HowToFix: HowToFixInvalidJSON, SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Value '%s' is not valid JSON", ef), FieldName: param.Name, @@ -429,10 +437,7 @@ func IncorrectParamEncodingJSON(param *v3.Parameter, ef string, sch *base.Schema } func IncorrectQueryParamBool(param *v3.Parameter, ef string, sch *base.Schema, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -456,10 +461,7 @@ func IncorrectQueryParamBool(param *v3.Parameter, ef string, sch *base.Schema, p } func InvalidQueryParamInteger(param *v3.Parameter, ef string, sch *base.Schema, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -483,10 +485,7 @@ func InvalidQueryParamInteger(param *v3.Parameter, ef string, sch *base.Schema, } func InvalidQueryParamNumber(param *v3.Parameter, ef string, sch *base.Schema, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -516,10 +515,7 @@ func IncorrectQueryParamEnum(param *v3.Parameter, ef string, sch *base.Schema, p } validEnums := strings.Join(enums, ", ") - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/enum", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "enum") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -551,10 +547,7 @@ func IncorrectQueryParamEnumArray(param *v3.Parameter, ef string, sch *base.Sche } validEnums := strings.Join(enums, ", ") - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/items/enum", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "items/enum") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -562,10 +555,11 @@ func IncorrectQueryParamEnumArray(param *v3.Parameter, ef string, sch *base.Sche Message: fmt.Sprintf("Query array parameter '%s' does not match allowed values", param.Name), Reason: fmt.Sprintf("The query array parameter '%s' has pre-defined "+ "values set via an enum. The value '%s' is not one of those values.", param.Name, ef), - SpecLine: param.GoLow().Schema.Value.Schema().Items.Value.A.Schema().Enum.KeyNode.Line, - SpecCol: param.GoLow().Schema.Value.Schema().Items.Value.A.Schema().Enum.KeyNode.Line, - Context: sch, - HowToFix: fmt.Sprintf(HowToFixParamInvalidEnum, ef, validEnums), + SpecLine: param.GoLow().Schema.Value.Schema().Items.Value.A.Schema().Enum.KeyNode.Line, + SpecCol: param.GoLow().Schema.Value.Schema().Items.Value.A.Schema().Enum.KeyNode.Line, + ParameterName: param.Name, + Context: sch, + HowToFix: fmt.Sprintf(HowToFixParamInvalidEnum, ef, validEnums), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array item '%s' does not match any enum values: [%s]", ef, validEnums), FieldName: param.Name, @@ -588,10 +582,11 @@ func IncorrectReservedValues(param *v3.Parameter, ef string, sch *base.Schema, p Message: fmt.Sprintf("Query parameter '%s' value contains reserved values", param.Name), Reason: fmt.Sprintf("The query parameter '%s' has 'allowReserved' set to false, "+ "however the value '%s' contains one of the following characters: :/?#[]@!$&'()*+,;=", param.Name, ef), - SpecLine: param.GoLow().Schema.KeyNode.Line, - SpecCol: param.GoLow().Schema.KeyNode.Column, - Context: sch, - HowToFix: fmt.Sprintf(HowToFixReservedValues, url.QueryEscape(ef)), + SpecLine: param.GoLow().Schema.KeyNode.Line, + SpecCol: param.GoLow().Schema.KeyNode.Column, + ParameterName: param.Name, + Context: sch, + HowToFix: fmt.Sprintf(HowToFixReservedValues, url.QueryEscape(ef)), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Value '%s' contains reserved characters but allowReserved is false", ef), FieldName: param.Name, @@ -603,10 +598,7 @@ func IncorrectReservedValues(param *v3.Parameter, ef string, sch *base.Schema, p } func InvalidHeaderParamInteger(param *v3.Parameter, ef string, sch *base.Schema, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -630,10 +622,7 @@ func InvalidHeaderParamInteger(param *v3.Parameter, ef string, sch *base.Schema, } func InvalidHeaderParamNumber(param *v3.Parameter, ef string, sch *base.Schema, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -657,10 +646,7 @@ func InvalidHeaderParamNumber(param *v3.Parameter, ef string, sch *base.Schema, } func InvalidCookieParamInteger(param *v3.Parameter, ef string, sch *base.Schema, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -668,10 +654,11 @@ func InvalidCookieParamInteger(param *v3.Parameter, ef string, sch *base.Schema, Message: fmt.Sprintf("Cookie parameter '%s' is not a valid integer", param.Name), Reason: fmt.Sprintf("The cookie parameter '%s' is defined as being an integer, "+ "however the value '%s' is not a valid integer", param.Name, ef), - SpecLine: param.GoLow().Schema.KeyNode.Line, - SpecCol: param.GoLow().Schema.KeyNode.Column, - Context: sch, - HowToFix: fmt.Sprintf(HowToFixParamInvalidInteger, ef), + SpecLine: param.GoLow().Schema.KeyNode.Line, + SpecCol: param.GoLow().Schema.KeyNode.Column, + ParameterName: param.Name, + Context: sch, + HowToFix: fmt.Sprintf(HowToFixParamInvalidInteger, ef), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Value '%s' is not a valid integer", ef), FieldName: param.Name, @@ -683,10 +670,7 @@ func InvalidCookieParamInteger(param *v3.Parameter, ef string, sch *base.Schema, } func InvalidCookieParamNumber(param *v3.Parameter, ef string, sch *base.Schema, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -694,10 +678,11 @@ func InvalidCookieParamNumber(param *v3.Parameter, ef string, sch *base.Schema, Message: fmt.Sprintf("Cookie parameter '%s' is not a valid number", param.Name), Reason: fmt.Sprintf("The cookie parameter '%s' is defined as being a number, "+ "however the value '%s' is not a valid number", param.Name, ef), - SpecLine: param.GoLow().Schema.KeyNode.Line, - SpecCol: param.GoLow().Schema.KeyNode.Column, - Context: sch, - HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, ef), + SpecLine: param.GoLow().Schema.KeyNode.Line, + SpecCol: param.GoLow().Schema.KeyNode.Column, + ParameterName: param.Name, + Context: sch, + HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, ef), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Value '%s' is not a valid number", ef), FieldName: param.Name, @@ -709,10 +694,7 @@ func InvalidCookieParamNumber(param *v3.Parameter, ef string, sch *base.Schema, } func IncorrectHeaderParamBool(param *v3.Parameter, ef string, sch *base.Schema, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -736,10 +718,7 @@ func IncorrectHeaderParamBool(param *v3.Parameter, ef string, sch *base.Schema, } func IncorrectCookieParamBool(param *v3.Parameter, ef string, sch *base.Schema, pathTemplate string, operation string, renderedSchema string) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -747,10 +726,11 @@ func IncorrectCookieParamBool(param *v3.Parameter, ef string, sch *base.Schema, Message: fmt.Sprintf("Cookie parameter '%s' is not a valid boolean", param.Name), Reason: fmt.Sprintf("The cookie parameter '%s' is defined as being a boolean, "+ "however the value '%s' is not a valid boolean", param.Name, ef), - SpecLine: param.GoLow().Schema.KeyNode.Line, - SpecCol: param.GoLow().Schema.KeyNode.Column, - Context: sch, - HowToFix: fmt.Sprintf(HowToFixParamInvalidBoolean, ef), + SpecLine: param.GoLow().Schema.KeyNode.Line, + SpecCol: param.GoLow().Schema.KeyNode.Column, + ParameterName: param.Name, + Context: sch, + HowToFix: fmt.Sprintf(HowToFixParamInvalidBoolean, ef), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Value '%s' is not a valid boolean", ef), FieldName: param.Name, @@ -768,10 +748,7 @@ func IncorrectCookieParamEnum(param *v3.Parameter, ef string, sch *base.Schema, } validEnums := strings.Join(enums, ", ") - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/enum", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "enum") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -779,10 +756,11 @@ func IncorrectCookieParamEnum(param *v3.Parameter, ef string, sch *base.Schema, Message: fmt.Sprintf("Cookie parameter '%s' does not match allowed values", param.Name), Reason: fmt.Sprintf("The cookie parameter '%s' has pre-defined "+ "values set via an enum. The value '%s' is not one of those values.", param.Name, ef), - SpecLine: param.GoLow().Schema.Value.Schema().Enum.KeyNode.Line, - SpecCol: param.GoLow().Schema.Value.Schema().Enum.KeyNode.Column, - Context: sch, - HowToFix: fmt.Sprintf(HowToFixParamInvalidEnum, ef, validEnums), + SpecLine: param.GoLow().Schema.Value.Schema().Enum.KeyNode.Line, + SpecCol: param.GoLow().Schema.Value.Schema().Enum.KeyNode.Column, + ParameterName: param.Name, + Context: sch, + HowToFix: fmt.Sprintf(HowToFixParamInvalidEnum, ef, validEnums), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Value '%s' does not match any enum values: [%s]", ef, validEnums), FieldName: param.Name, @@ -796,10 +774,7 @@ func IncorrectCookieParamEnum(param *v3.Parameter, ef string, sch *base.Schema, func IncorrectHeaderParamArrayBoolean( param *v3.Parameter, item string, sch *base.Schema, itemsSchema *base.Schema, pathTemplate string, operation string, renderedItemsSchema string, ) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/items/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "items/type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -807,10 +782,11 @@ func IncorrectHeaderParamArrayBoolean( Message: fmt.Sprintf("Header array parameter '%s' is not a valid boolean", param.Name), Reason: fmt.Sprintf("The header parameter (which is an array) '%s' is defined as being a boolean, "+ "however the value '%s' is not a valid true/false value", param.Name, item), - SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, - SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, - Context: itemsSchema, - HowToFix: fmt.Sprintf(HowToFixParamInvalidBoolean, item), + SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, + SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, + Context: itemsSchema, + HowToFix: fmt.Sprintf(HowToFixParamInvalidBoolean, item), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array item '%s' is not a valid boolean", item), FieldName: param.Name, @@ -824,10 +800,7 @@ func IncorrectHeaderParamArrayBoolean( func IncorrectHeaderParamArrayNumber( param *v3.Parameter, item string, sch *base.Schema, itemsSchema *base.Schema, pathTemplate string, operation string, renderedItemsSchema string, ) *ValidationError { - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") - keywordLocation := fmt.Sprintf("/paths/%s/%s/parameters/%s/schema/items/type", escapedPath, strings.ToLower(operation), param.Name) + keywordLocation := helpers.ConstructParameterJSONPointer(pathTemplate, operation, param.Name, "items/type") return &ValidationError{ ValidationType: helpers.ParameterValidation, @@ -835,10 +808,11 @@ func IncorrectHeaderParamArrayNumber( Message: fmt.Sprintf("Header array parameter '%s' is not a valid number", param.Name), Reason: fmt.Sprintf("The header parameter (which is an array) '%s' is defined as being a number, "+ "however the value '%s' is not a valid number", param.Name, item), - SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, - SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, - Context: itemsSchema, - HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, item), + SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, + SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, + Context: itemsSchema, + HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, item), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array item '%s' is not a valid number", item), FieldName: param.Name, @@ -860,10 +834,11 @@ func IncorrectPathParamBool(param *v3.Parameter, item string, sch *base.Schema, Message: fmt.Sprintf("Path parameter '%s' is not a valid boolean", param.Name), Reason: fmt.Sprintf("The path parameter '%s' is defined as being a boolean, "+ "however the value '%s' is not a valid boolean", param.Name, item), - SpecLine: param.GoLow().Schema.KeyNode.Line, - SpecCol: param.GoLow().Schema.KeyNode.Column, - Context: sch, - HowToFix: fmt.Sprintf(HowToFixParamInvalidBoolean, item), + SpecLine: param.GoLow().Schema.KeyNode.Line, + SpecCol: param.GoLow().Schema.KeyNode.Column, + ParameterName: param.Name, + Context: sch, + HowToFix: fmt.Sprintf(HowToFixParamInvalidBoolean, item), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Value '%s' is not a valid boolean", item), FieldName: param.Name, @@ -888,6 +863,7 @@ func IncorrectPathParamEnum(param *v3.Parameter, ef string, sch *base.Schema, pa return &ValidationError{ ValidationType: helpers.ParameterValidation, ValidationSubType: helpers.ParameterValidationPath, + ParameterName: param.Name, Message: fmt.Sprintf("Path parameter '%s' does not match allowed values", param.Name), Reason: fmt.Sprintf("The path parameter '%s' has pre-defined "+ "values set via an enum. The value '%s' is not one of those values.", param.Name, ef), @@ -942,10 +918,11 @@ func IncorrectPathParamNumber(param *v3.Parameter, item string, sch *base.Schema Message: fmt.Sprintf("Path parameter '%s' is not a valid number", param.Name), Reason: fmt.Sprintf("The path parameter '%s' is defined as being a number, "+ "however the value '%s' is not a valid number", param.Name, item), - SpecLine: param.GoLow().Schema.KeyNode.Line, - SpecCol: param.GoLow().Schema.KeyNode.Column, - Context: sch, - HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, item), + SpecLine: param.GoLow().Schema.KeyNode.Line, + SpecCol: param.GoLow().Schema.KeyNode.Column, + ParameterName: param.Name, + Context: sch, + HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, item), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Value '%s' is not a valid number", item), FieldName: param.Name, @@ -969,10 +946,11 @@ func IncorrectPathParamArrayNumber( Message: fmt.Sprintf("Path array parameter '%s' is not a valid number", param.Name), Reason: fmt.Sprintf("The path parameter (which is an array) '%s' is defined as being a number, "+ "however the value '%s' is not a valid number", param.Name, item), - SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, - SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, - Context: itemsSchema, - HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, item), + SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, + SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, + Context: itemsSchema, + HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, item), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array item '%s' is not a valid number", item), FieldName: param.Name, @@ -996,10 +974,11 @@ func IncorrectPathParamArrayInteger( Message: fmt.Sprintf("Path array parameter '%s' is not a valid integer", param.Name), Reason: fmt.Sprintf("The path parameter (which is an array) '%s' is defined as being an integer, "+ "however the value '%s' is not a valid integer", param.Name, item), - SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, - SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, - Context: itemsSchema, - HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, item), + SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, + SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, + Context: itemsSchema, + HowToFix: fmt.Sprintf(HowToFixParamInvalidNumber, item), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array item '%s' is not a valid integer", item), FieldName: param.Name, @@ -1023,10 +1002,11 @@ func IncorrectPathParamArrayBoolean( Message: fmt.Sprintf("Path array parameter '%s' is not a valid boolean", param.Name), Reason: fmt.Sprintf("The path parameter (which is an array) '%s' is defined as being a boolean, "+ "however the value '%s' is not a valid boolean", param.Name, item), - SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, - SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, - Context: itemsSchema, - HowToFix: fmt.Sprintf(HowToFixParamInvalidBoolean, item), + SpecLine: sch.Items.A.GoLow().Schema().Type.KeyNode.Line, + SpecCol: sch.Items.A.GoLow().Schema().Type.KeyNode.Column, + ParameterName: param.Name, + Context: itemsSchema, + HowToFix: fmt.Sprintf(HowToFixParamInvalidBoolean, item), SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Array item '%s' is not a valid boolean", item), FieldName: param.Name, @@ -1051,9 +1031,10 @@ func PathParameterMissing(param *v3.Parameter, pathTemplate string, actualPath s Message: fmt.Sprintf("Path parameter '%s' is missing", param.Name), Reason: fmt.Sprintf("The path parameter '%s' is defined as being required, "+ "however it's missing from the requests", param.Name), - SpecLine: param.GoLow().Required.KeyNode.Line, - SpecCol: param.GoLow().Required.KeyNode.Column, - HowToFix: HowToFixMissingValue, + SpecLine: param.GoLow().Required.KeyNode.Line, + SpecCol: param.GoLow().Required.KeyNode.Column, + ParameterName: param.Name, + HowToFix: HowToFixMissingValue, SchemaValidationErrors: []*SchemaValidationFailure{{ Reason: fmt.Sprintf("Required path parameter '%s' is missing from path '%s'", param.Name, actualPath), FieldName: param.Name, diff --git a/errors/parameter_errors_test.go b/errors/parameter_errors_test.go index 4fb5b9b6..6ba81a5f 100644 --- a/errors/parameter_errors_test.go +++ b/errors/parameter_errors_test.go @@ -68,6 +68,7 @@ func TestIncorrectFormEncoding(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testParam", err.ParameterName) require.Contains(t, err.Message, "Query parameter 'testParam' is not exploded correctly") require.Contains(t, err.Reason, "'testParam' has a default or 'form' encoding defined") require.Equal(t, 18, err.SpecLine) @@ -91,6 +92,7 @@ func TestIncorrectSpaceDelimiting(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testParam", err.ParameterName) require.Contains(t, err.Message, "Query parameter 'testParam' delimited incorrectly") require.Contains(t, err.Reason, "'spaceDelimited' style defined") require.Contains(t, err.HowToFix, "testParam=value1%20value2") @@ -110,6 +112,7 @@ func TestIncorrectPipeDelimiting(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testParam", err.ParameterName) require.Contains(t, err.Message, "Query parameter 'testParam' delimited incorrectly") require.Contains(t, err.Reason, "'pipeDelimited' style defined") require.Contains(t, err.HowToFix, "testParam=value1|value2") @@ -125,6 +128,7 @@ func TestQueryParameterMissing(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testParam", err.ParameterName) require.Contains(t, err.Message, "Query parameter 'testParam' is missing") require.Contains(t, err.Reason, "'testParam' is defined as being required") require.Equal(t, HowToFixMissingValue, err.HowToFix) @@ -140,11 +144,28 @@ func TestHeaderParameterMissing(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationHeader, err.ValidationSubType) + require.Equal(t, "testParam", err.ParameterName) require.Contains(t, err.Message, "Header parameter 'testParam' is missing") require.Contains(t, err.Reason, "'testParam' is defined as being required") require.Equal(t, HowToFixMissingValue, err.HowToFix) } +func TestCookieParameterMissing(t *testing.T) { + param := createMockParameterWithSchema() + + // Call the function + err := CookieParameterMissing(param, "/test", "get", "") + + // Validate the error + require.NotNil(t, err) + require.Equal(t, helpers.ParameterValidation, err.ValidationType) + require.Equal(t, helpers.ParameterValidationCookie, err.ValidationSubType) + require.Equal(t, "testParam", err.ParameterName) + require.Contains(t, err.Message, "Cookie parameter 'testParam' is missing") + require.Contains(t, err.Reason, "'testParam' is defined as being required") + require.Equal(t, HowToFixMissingValue, err.HowToFix) +} + func TestHeaderParameterCannotBeDecoded(t *testing.T) { param := createMockParameterWithSchema() val := "malformed_header_value" @@ -156,6 +177,7 @@ func TestHeaderParameterCannotBeDecoded(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationHeader, err.ValidationSubType) + require.Equal(t, "testParam", err.ParameterName) require.Contains(t, err.Message, "Header parameter 'testParam' cannot be decoded") require.Contains(t, err.Reason, "'malformed_header_value' is malformed") require.Equal(t, HowToFixInvalidEncoding, err.HowToFix) @@ -193,6 +215,7 @@ func TestIncorrectHeaderParamEnum(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationHeader, err.ValidationSubType) + require.Equal(t, "testParam", err.ParameterName) require.Contains(t, err.Message, "Header parameter 'testParam' does not match allowed values") require.Contains(t, err.Reason, "'invalidEnum' is not one of those values") require.Equal(t, 10, err.SpecLine) @@ -229,6 +252,7 @@ func TestIncorrectQueryParamArrayBoolean(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testParam", err.ParameterName) require.Contains(t, err.Message, "Query array parameter 'testParam' is not a valid boolean") require.Contains(t, err.Reason, "the value 'notBoolean' is not a valid true/false value") require.Contains(t, err.HowToFix, "true/false") @@ -260,6 +284,7 @@ func TestInvalidDeepObject(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testParam", err.ParameterName) require.Contains(t, err.Message, "Query parameter 'testParam' is not a valid deepObject") require.Contains(t, err.Reason, "'testParam' has the 'deepObject' style defined") require.Contains(t, err.HowToFix, "testParam=value1|value2") @@ -320,6 +345,7 @@ func TestIncorrectCookieParamArrayBoolean(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationCookie, err.ValidationSubType) + require.Equal(t, "testCookieParam", err.ParameterName) require.Contains(t, err.Message, "Cookie array parameter 'testCookieParam' is not a valid boolean") require.Contains(t, err.Reason, "the value 'notBoolean' is not a valid true/false value") require.Contains(t, err.HowToFix, "true/false") @@ -381,6 +407,7 @@ func TestIncorrectQueryParamArrayInteger(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Query array parameter 'testQueryParam' is not a valid integer") require.Contains(t, err.Reason, "the value 'notNumber' is not a valid integer") require.Contains(t, err.HowToFix, "notNumber") @@ -400,6 +427,7 @@ func TestIncorrectQueryParamArrayNumber(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Query array parameter 'testQueryParam' is not a valid number") require.Contains(t, err.Reason, "the value 'notNumber' is not a valid number") require.Contains(t, err.HowToFix, "notNumber") @@ -461,6 +489,7 @@ func TestIncorrectCookieParamArrayNumber(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationCookie, err.ValidationSubType) + require.Equal(t, "testCookieParam", err.ParameterName) require.Contains(t, err.Message, "Cookie array parameter 'testCookieParam' is not a valid number") require.Contains(t, err.Reason, "the value 'notNumber' is not a valid number") require.Contains(t, err.HowToFix, "notNumber") @@ -537,6 +566,7 @@ func TestIncorrectParamEncodingJSON(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Query parameter 'testQueryParam' is not valid JSON") require.Contains(t, err.Reason, "the value 'invalidJSON' is not valid JSON") require.Equal(t, HowToFixInvalidJSON, err.HowToFix) @@ -566,6 +596,7 @@ func TestIncorrectQueryParamBool(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Query parameter 'testQueryParam' is not a valid boolean") require.Contains(t, err.Reason, "the value 'notBoolean' is not a valid boolean") require.Contains(t, err.HowToFix, "true/false") @@ -582,6 +613,7 @@ func TestInvalidQueryParamNumber(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Query parameter 'testQueryParam' is not a valid number") require.Contains(t, err.Reason, "the value 'notNumber' is not a valid number") require.Contains(t, err.HowToFix, "notNumber") @@ -598,6 +630,7 @@ func TestInvalidQueryParamInteger(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Query parameter 'testQueryParam' is not a valid integer") require.Contains(t, err.Reason, "the value 'notNumber' is not a valid integer") require.Contains(t, err.HowToFix, "notNumber") @@ -623,6 +656,7 @@ func TestIncorrectQueryParamEnum(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Query parameter 'testQueryParam' does not match allowed values") require.Contains(t, err.Reason, "'invalidEnum' is not one of those values") require.Contains(t, err.HowToFix, "fish, crab, lobster") @@ -652,6 +686,7 @@ func TestIncorrectQueryParamEnumArray(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Query array parameter 'testQueryParam' does not match allowed values") require.Contains(t, err.Reason, "'invalidEnum' is not one of those values") require.Contains(t, err.HowToFix, "fish, crab, lobster") @@ -675,6 +710,7 @@ func TestIncorrectReservedValues(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "borked::?^&*", err.ParameterName) require.Contains(t, err.Message, "Query parameter 'borked::?^&*' value contains reserved values") require.Contains(t, err.Reason, "The query parameter 'borked::?^&*' has 'allowReserved' set to false") require.Contains(t, err.HowToFix, "borked%3A%3A%3F%5E%26%2A") @@ -698,6 +734,7 @@ func TestInvalidHeaderParamInteger(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationHeader, err.ValidationSubType) + require.Equal(t, "bunny", err.ParameterName) require.Contains(t, err.Message, "Header parameter 'bunny' is not a valid integer") require.Contains(t, err.Reason, "The header parameter 'bunny' is defined as being an integer") require.Contains(t, err.HowToFix, "bunmy") @@ -721,6 +758,7 @@ func TestInvalidHeaderParamNumber(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationHeader, err.ValidationSubType) + require.Equal(t, "bunny", err.ParameterName) require.Contains(t, err.Message, "Header parameter 'bunny' is not a valid number") require.Contains(t, err.Reason, "The header parameter 'bunny' is defined as being a number") require.Contains(t, err.HowToFix, "bunmy") @@ -744,6 +782,7 @@ func TestInvalidCookieParamNumber(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationCookie, err.ValidationSubType) + require.Equal(t, "cookies", err.ParameterName) require.Contains(t, err.Message, "Cookie parameter 'cookies' is not a valid number") require.Contains(t, err.Reason, "The cookie parameter 'cookies' is defined as being a number") require.Contains(t, err.HowToFix, "milky") @@ -767,6 +806,7 @@ func TestInvalidCookieParamInteger(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationCookie, err.ValidationSubType) + require.Equal(t, "cookies", err.ParameterName) require.Contains(t, err.Message, "Cookie parameter 'cookies' is not a valid integer") require.Contains(t, err.Reason, "The cookie parameter 'cookies' is defined as being an integer") require.Contains(t, err.HowToFix, "milky") @@ -790,6 +830,7 @@ func TestIncorrectHeaderParamBool(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationHeader, err.ValidationSubType) + require.Equal(t, "cookies", err.ParameterName) require.Contains(t, err.Message, "Header parameter 'cookies' is not a valid boolean") require.Contains(t, err.Reason, "The header parameter 'cookies' is defined as being a boolean") require.Contains(t, err.HowToFix, "milky") @@ -813,6 +854,7 @@ func TestIncorrectCookieParamBool(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationCookie, err.ValidationSubType) + require.Equal(t, "cookies", err.ParameterName) require.Contains(t, err.Message, "Cookie parameter 'cookies' is not a valid boolean") require.Contains(t, err.Reason, "The cookie parameter 'cookies' is defined as being a boolean") require.Contains(t, err.HowToFix, "milky") @@ -843,6 +885,7 @@ items: require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationCookie, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Cookie parameter 'testQueryParam' does not match allowed values") require.Contains(t, err.Reason, "The cookie parameter 'testQueryParam' has pre-defined values set via an enum") require.Contains(t, err.HowToFix, "milky") @@ -869,6 +912,7 @@ func TestIncorrectHeaderParamArrayBoolean(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationHeader, err.ValidationSubType) + require.Equal(t, "bubbles", err.ParameterName) require.Contains(t, err.Message, "Header array parameter 'bubbles' is not a valid boolean") require.Contains(t, err.Reason, "The header parameter (which is an array) 'bubbles' is defined as being a boolean") require.Contains(t, err.HowToFix, "milky") @@ -895,6 +939,7 @@ func TestIncorrectHeaderParamArrayNumber(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationHeader, err.ValidationSubType) + require.Equal(t, "bubbles", err.ParameterName) require.Contains(t, err.Message, "Header array parameter 'bubbles' is not a valid number") require.Contains(t, err.Reason, "The header parameter (which is an array) 'bubbles' is defined as being a number") require.Contains(t, err.HowToFix, "milky") @@ -920,6 +965,7 @@ func TestIncorrectPathParamBool(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationPath, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Path parameter 'testQueryParam' is not a valid boolean") require.Contains(t, err.Reason, "The path parameter 'testQueryParam' is defined as being a boolean") require.Contains(t, err.HowToFix, "milky") @@ -951,6 +997,7 @@ items: require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationPath, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Path parameter 'testQueryParam' does not match allowed values") require.Contains(t, err.Reason, "The path parameter 'testQueryParam' has pre-defined values set via an enum") require.Contains(t, err.HowToFix, "milky") @@ -976,6 +1023,7 @@ func TestIncorrectPathParamNumber(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationPath, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Path parameter 'testQueryParam' is not a valid number") require.Contains(t, err.Reason, "The path parameter 'testQueryParam' is defined as being a number") require.Contains(t, err.HowToFix, "milky") @@ -1001,6 +1049,7 @@ func TestIncorrectPathParamInteger(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationPath, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Path parameter 'testQueryParam' is not a valid integer") require.Contains(t, err.Reason, "The path parameter 'testQueryParam' is defined as being an integer") require.Contains(t, err.HowToFix, "milky") @@ -1027,6 +1076,7 @@ func TestIncorrectPathParamArrayNumber(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationPath, err.ValidationSubType) + require.Equal(t, "bubbles", err.ParameterName) require.Contains(t, err.Message, "Path array parameter 'bubbles' is not a valid number") require.Contains(t, err.Reason, "The path parameter (which is an array) 'bubbles' is defined as being a number") require.Contains(t, err.HowToFix, "milky") @@ -1053,6 +1103,7 @@ func TestIncorrectPathParamArrayInteger(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationPath, err.ValidationSubType) + require.Equal(t, "bubbles", err.ParameterName) require.Contains(t, err.Message, "Path array parameter 'bubbles' is not a valid integer") require.Contains(t, err.Reason, "The path parameter (which is an array) 'bubbles' is defined as being an integer") require.Contains(t, err.HowToFix, "milky") @@ -1079,6 +1130,7 @@ func TestIncorrectPathParamArrayBoolean(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationPath, err.ValidationSubType) + require.Equal(t, "bubbles", err.ParameterName) require.Contains(t, err.Message, "Path array parameter 'bubbles' is not a valid boolean") require.Contains(t, err.Reason, "The path parameter (which is an array) 'bubbles' is defined as being a boolean") require.Contains(t, err.HowToFix, "milky") @@ -1104,6 +1156,7 @@ func TestPathParameterMissing(t *testing.T) { require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationPath, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Path parameter 'testQueryParam' is missing") require.Contains(t, err.Reason, "The path parameter 'testQueryParam' is defined as being required") require.Contains(t, err.HowToFix, "Ensure the value has been set") @@ -1130,6 +1183,7 @@ items: require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Query array parameter 'testQueryParam' has too many items") require.Contains(t, err.Reason, "The query parameter (which is an array) 'testQueryParam' has a maximum item length of 10, however the request provided 25 items") require.Contains(t, err.HowToFix, "Reduce the number of items in the array to 10 or less") @@ -1156,6 +1210,7 @@ items: require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Query array parameter 'testQueryParam' does not have enough items") require.Contains(t, err.Reason, "The query parameter (which is an array) 'testQueryParam' has a minimum items length of 10, however the request provided 5 items") require.Contains(t, err.HowToFix, "Increase the number of items in the array to 10 or more") @@ -1182,6 +1237,7 @@ items: require.NotNil(t, err) require.Equal(t, helpers.ParameterValidation, err.ValidationType) require.Equal(t, helpers.ParameterValidationQuery, err.ValidationSubType) + require.Equal(t, "testQueryParam", err.ParameterName) require.Contains(t, err.Message, "Query array parameter 'testQueryParam' contains non-unique items") require.Contains(t, err.Reason, "The query parameter (which is an array) 'testQueryParam' contains the following duplicates: 'fish, cake'") require.Contains(t, err.HowToFix, "Ensure the array values are all unique") diff --git a/errors/parameters_howtofix.go b/errors/parameters_howtofix.go index e20a1508..b884700f 100644 --- a/errors/parameters_howtofix.go +++ b/errors/parameters_howtofix.go @@ -12,22 +12,30 @@ const ( HowToFixParamInvalidBoolean string = "Convert the value '%s' into a true/false value" HowToFixParamInvalidEnum string = "Instead of '%s', use one of the allowed values: '%s'" HowToFixParamInvalidFormEncode string = "Use a form style encoding for parameter values, for example: '%s'" + HowToFixInvalidXml string = "Ensure xml is well-formed and matches schema structure" + HowToFixXmlPrefix string = "Make sure to prepend the correct prefix '%s' to the declared fields" + HowToFixXmlNamespace string = "Make sure to declare the 'xmlns:%s' with the correct namespace URI" + HowToFixFormDataReservedCharacters string = "Make sure to correcly encode specials characters to percent encoding, or set allowReserved to true" HowToFixInvalidSchema string = "Ensure that the object being submitted, matches the schema correctly" + HowToFixInvalidTypeEncoding string = "Ensure that the object being submitted matches the property encoding Content-Type" HowToFixParamInvalidSpaceDelimitedObjectExplode string = "When using 'explode' with space delimited parameters, " + "they should be separated by spaces. For example: '%s'" HowToFixParamInvalidPipeDelimitedObjectExplode string = "When using 'explode' with pipe delimited parameters, " + "they should be separated by pipes '|'. For example: '%s'" HowToFixParamInvalidDeepObjectMultipleValues string = "There can only be a single value per property name, " + "deepObject parameters should contain the property key in square brackets next to the parameter name. For example: '%s'" - HowToFixInvalidJSON string = "The JSON submitted is invalid, please check the syntax" - HowToFixDecodingError = "The object can't be decoded, so make sure it's being encoded correctly according to the spec." - HowToFixInvalidContentType = "The content type is invalid, Use one of the %d supported types for this operation: %s" - HowToFixInvalidResponseCode = "The service is responding with a code that is not defined in the spec, fix the service or add the code to the specification" - HowToFixInvalidEncoding = "Ensure the correct encoding has been used on the object" - HowToFixMissingValue = "Ensure the value has been set" - HowToFixPath = "Check the path is correct, and check that the correct HTTP method has been used (e.g. GET, POST, PUT, DELETE)" - HowToFixPathMethod = "Add the missing operation to the contract for the path" - HowToFixInvalidMaxItems = "Reduce the number of items in the array to %d or less" - HowToFixInvalidMinItems = "Increase the number of items in the array to %d or more" - HowToFixMissingHeader = "Make sure the service responding sets the required headers with this response code" + HowToFixInvalidJSON string = "The JSON submitted is invalid, please check the syntax" + HowToFixInvalidUrlEncoded string = "Ensure URL Encoded submitted is well-formed and matches schema structure" + HowToFixDecodingError string = "The object can't be decoded, so make sure it's being encoded correctly according to the spec." + HowToFixInvalidContentType string = "The content type is invalid, Use one of the %d supported types for this operation: %s" + HowToFixInvalidResponseCode string = "The service is responding with a code that is not defined in the spec, fix the service or add the code to the specification" + HowToFixInvalidEncoding string = "Ensure the correct encoding has been used on the object" + HowToFixMissingValue string = "Ensure the value has been set" + HowToFixPath string = "Check the path is correct, and check that the correct HTTP method has been used (e.g. GET, POST, PUT, DELETE)" + HowToFixPathMethod string = "Add the missing operation to the contract for the path" + HowToFixInvalidMaxItems string = "Reduce the number of items in the array to %d or less" + HowToFixInvalidMinItems string = "Increase the number of items in the array to %d or more" + HowToFixMissingHeader string = "Make sure the service responding sets the required headers with this response code" + HowToFixInvalidRenderedSchema string = "Check the request schema for circular references or invalid structures" + HowToFixInvalidJsonSchema string = "Check the request schema for invalid JSON Schema syntax, complex regex patterns, or unsupported schema constructs" ) diff --git a/errors/request_errors.go b/errors/request_errors.go index 73c99fd2..f53c2b8e 100644 --- a/errors/request_errors.go +++ b/errors/request_errors.go @@ -41,7 +41,7 @@ func RequestContentTypeNotFound(op *v3.Operation, request *http.Request, specPat func OperationNotFound(pathItem *v3.PathItem, request *http.Request, method string, specPath string) *ValidationError { return &ValidationError{ ValidationType: helpers.RequestValidation, - ValidationSubType: helpers.RequestMissingOperation, + ValidationSubType: helpers.ValidationMissingOperation, Message: fmt.Sprintf("%s operation request content type '%s' does not exist", request.Method, method), Reason: fmt.Sprintf("The path was found, but there was no '%s' method found in the spec", request.Method), diff --git a/errors/request_errors_test.go b/errors/request_errors_test.go index da3a58df..47025a7e 100644 --- a/errors/request_errors_test.go +++ b/errors/request_errors_test.go @@ -91,7 +91,7 @@ func TestOperationNotFound(t *testing.T) { // Validate the error require.NotNil(t, err) require.Equal(t, helpers.RequestValidation, err.ValidationType) - require.Equal(t, helpers.RequestMissingOperation, err.ValidationSubType) + require.Equal(t, helpers.ValidationMissingOperation, err.ValidationSubType) require.Contains(t, err.Message, "'PATCH' does not exist") require.Contains(t, err.Reason, "there was no 'PATCH' method found in the spec") require.Equal(t, 15, err.SpecLine) diff --git a/errors/strict_errors.go b/errors/strict_errors.go new file mode 100644 index 00000000..aac6e3c5 --- /dev/null +++ b/errors/strict_errors.go @@ -0,0 +1,154 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package errors + +import ( + "fmt" + "strings" +) + +// StrictValidationType is the validation type for strict mode errors. +const StrictValidationType = "strict" + +// StrictValidationSubTypes for different kinds of undeclared values. +const ( + StrictSubTypeProperty = "undeclared-property" + StrictSubTypeHeader = "undeclared-header" + StrictSubTypeQuery = "undeclared-query-param" + StrictSubTypeCookie = "undeclared-cookie" +) + +// UndeclaredPropertyError creates a ValidationError for an undeclared property. +func UndeclaredPropertyError( + path string, + name string, + value any, + declaredProperties []string, + direction string, + requestPath string, + requestMethod string, + specLine int, + specCol int, +) *ValidationError { + dirStr := direction + if dirStr == "" { + dirStr = "request" + } + + return &ValidationError{ + ValidationType: StrictValidationType, + ValidationSubType: StrictSubTypeProperty, + Message: fmt.Sprintf("%s property '%s' at '%s' is not declared in schema", + dirStr, name, path), + Reason: fmt.Sprintf("Strict mode: found property not in schema. "+ + "Declared properties: [%s]", strings.Join(declaredProperties, ", ")), + HowToFix: fmt.Sprintf("Add '%s' to the schema, remove it from the %s, "+ + "or add '%s' to StrictIgnorePaths", name, dirStr, path), + RequestPath: requestPath, + RequestMethod: requestMethod, + ParameterName: name, + Context: truncateForContext(value), + SpecLine: specLine, + SpecCol: specCol, + } +} + +// UndeclaredHeaderError creates a ValidationError for an undeclared header. +func UndeclaredHeaderError( + name string, + value string, + declaredHeaders []string, + direction string, + requestPath string, + requestMethod string, +) *ValidationError { + dirStr := direction + if dirStr == "" { + dirStr = "request" + } + + return &ValidationError{ + ValidationType: StrictValidationType, + ValidationSubType: StrictSubTypeHeader, + Message: fmt.Sprintf("%s header '%s' is not declared in specification", + dirStr, name), + Reason: fmt.Sprintf("Strict mode: found header not in spec. "+ + "Declared headers: [%s]", strings.Join(declaredHeaders, ", ")), + HowToFix: fmt.Sprintf("Add '%s' to the operation's parameters, remove it from the %s, "+ + "or add it to StrictIgnoredHeaders", name, dirStr), + RequestPath: requestPath, + RequestMethod: requestMethod, + ParameterName: name, + Context: value, + } +} + +// UndeclaredQueryParamError creates a ValidationError for an undeclared query parameter. +func UndeclaredQueryParamError( + path string, + name string, + value any, + declaredParams []string, + requestPath string, + requestMethod string, +) *ValidationError { + return &ValidationError{ + ValidationType: StrictValidationType, + ValidationSubType: StrictSubTypeQuery, + Message: fmt.Sprintf("query parameter '%s' at '%s' is not declared in specification", name, path), + Reason: fmt.Sprintf("Strict mode: found query parameter not in spec. "+ + "Declared parameters: [%s]", strings.Join(declaredParams, ", ")), + HowToFix: fmt.Sprintf("Add '%s' to the operation's query parameters, remove it from the request, "+ + "or add '%s' to StrictIgnorePaths", name, path), + RequestPath: requestPath, + RequestMethod: requestMethod, + ParameterName: name, + Context: truncateForContext(value), + } +} + +// UndeclaredCookieError creates a ValidationError for an undeclared cookie. +func UndeclaredCookieError( + path string, + name string, + value any, + declaredCookies []string, + requestPath string, + requestMethod string, +) *ValidationError { + return &ValidationError{ + ValidationType: StrictValidationType, + ValidationSubType: StrictSubTypeCookie, + Message: fmt.Sprintf("cookie '%s' at '%s' is not declared in specification", name, path), + Reason: fmt.Sprintf("Strict mode: found cookie not in spec. "+ + "Declared cookies: [%s]", strings.Join(declaredCookies, ", ")), + HowToFix: fmt.Sprintf("Add '%s' to the operation's cookie parameters, remove it from the request, "+ + "or add '%s' to StrictIgnorePaths", name, path), + RequestPath: requestPath, + RequestMethod: requestMethod, + ParameterName: name, + Context: truncateForContext(value), + } +} + +// truncateForContext creates a truncated string representation for error context. +func truncateForContext(v any) string { + switch val := v.(type) { + case string: + if len(val) > 50 { + return val[:47] + "..." + } + return val + case map[string]any: + return "{...}" + case []any: + return "[...]" + default: + s := fmt.Sprintf("%v", v) + if len(s) > 50 { + return s[:47] + "..." + } + return s + } +} diff --git a/errors/strict_errors_test.go b/errors/strict_errors_test.go new file mode 100644 index 00000000..160ef1f2 --- /dev/null +++ b/errors/strict_errors_test.go @@ -0,0 +1,217 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package errors + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestUndeclaredPropertyError(t *testing.T) { + err := UndeclaredPropertyError( + "$.body.user.extra", + "extra", + "some value", + []string{"name", "email"}, + "request", + "/users", + "POST", + 42, + 10, + ) + + assert.NotNil(t, err) + assert.Equal(t, StrictValidationType, err.ValidationType) + assert.Equal(t, StrictSubTypeProperty, err.ValidationSubType) + assert.Contains(t, err.Message, "request property 'extra' at '$.body.user.extra'") + assert.Contains(t, err.Reason, "name, email") + assert.Contains(t, err.HowToFix, "extra") + assert.Contains(t, err.HowToFix, "$.body.user.extra") + assert.Equal(t, "/users", err.RequestPath) + assert.Equal(t, "POST", err.RequestMethod) + assert.Equal(t, "extra", err.ParameterName) + assert.Equal(t, 42, err.SpecLine) + assert.Equal(t, 10, err.SpecCol) +} + +func TestUndeclaredPropertyError_Response(t *testing.T) { + err := UndeclaredPropertyError( + "$.body.data.undeclared", + "undeclared", + map[string]any{"nested": "value"}, + []string{"id", "name"}, + "response", + "/items/123", + "GET", + 100, + 5, + ) + + assert.NotNil(t, err) + assert.Contains(t, err.Message, "response property 'undeclared'") + assert.Contains(t, err.Reason, "id, name") + assert.Equal(t, "{...}", err.Context) // Map truncated + assert.Equal(t, 100, err.SpecLine) + assert.Equal(t, 5, err.SpecCol) +} + +func TestUndeclaredPropertyError_EmptyDirection(t *testing.T) { + err := UndeclaredPropertyError( + "$.body.prop", + "prop", + "value", + nil, + "", // Empty direction defaults to "request" + "/test", + "POST", + 0, // Zero values for unknown location + 0, + ) + + assert.Contains(t, err.Message, "request property") + assert.Equal(t, 0, err.SpecLine) + assert.Equal(t, 0, err.SpecCol) +} + +func TestUndeclaredHeaderError(t *testing.T) { + err := UndeclaredHeaderError( + "X-Custom-Header", + "header-value", + []string{"Content-Type", "Authorization"}, + "request", + "/api/endpoint", + "GET", + ) + + assert.NotNil(t, err) + assert.Equal(t, StrictValidationType, err.ValidationType) + assert.Equal(t, StrictSubTypeHeader, err.ValidationSubType) + assert.Contains(t, err.Message, "request header 'X-Custom-Header'") + assert.Contains(t, err.Reason, "Content-Type, Authorization") + assert.Contains(t, err.HowToFix, "X-Custom-Header") + assert.Equal(t, "/api/endpoint", err.RequestPath) + assert.Equal(t, "GET", err.RequestMethod) + assert.Equal(t, "X-Custom-Header", err.ParameterName) + assert.Equal(t, "header-value", err.Context) +} + +func TestUndeclaredHeaderError_Response(t *testing.T) { + err := UndeclaredHeaderError( + "X-Response-Header", + "value", + nil, + "response", + "/test", + "POST", + ) + + assert.Contains(t, err.Message, "response header") +} + +func TestUndeclaredHeaderError_EmptyDirection(t *testing.T) { + err := UndeclaredHeaderError( + "X-Header", + "value", + nil, + "", + "/test", + "GET", + ) + + assert.Contains(t, err.Message, "request header") +} + +func TestUndeclaredQueryParamError(t *testing.T) { + err := UndeclaredQueryParamError( + "$.query.debug", + "debug", + "true", + []string{"page", "limit"}, + "/items", + "GET", + ) + + assert.NotNil(t, err) + assert.Equal(t, StrictValidationType, err.ValidationType) + assert.Equal(t, StrictSubTypeQuery, err.ValidationSubType) + assert.Contains(t, err.Message, "query parameter 'debug' at '$.query.debug'") + assert.Contains(t, err.Reason, "page, limit") + assert.Contains(t, err.HowToFix, "debug") + assert.Contains(t, err.HowToFix, "$.query.debug") + assert.Equal(t, "/items", err.RequestPath) + assert.Equal(t, "GET", err.RequestMethod) + assert.Equal(t, "debug", err.ParameterName) +} + +func TestUndeclaredCookieError(t *testing.T) { + err := UndeclaredCookieError( + "$.cookies.tracking", + "tracking", + "abc123", + []string{"session", "csrf"}, + "/dashboard", + "GET", + ) + + assert.NotNil(t, err) + assert.Equal(t, StrictValidationType, err.ValidationType) + assert.Equal(t, StrictSubTypeCookie, err.ValidationSubType) + assert.Contains(t, err.Message, "cookie 'tracking' at '$.cookies.tracking'") + assert.Contains(t, err.Reason, "session, csrf") + assert.Contains(t, err.HowToFix, "tracking") + assert.Contains(t, err.HowToFix, "$.cookies.tracking") + assert.Equal(t, "/dashboard", err.RequestPath) + assert.Equal(t, "GET", err.RequestMethod) + assert.Equal(t, "tracking", err.ParameterName) +} + +func TestTruncateForContext_String(t *testing.T) { + // Short string should not be truncated + short := truncateForContext("short") + assert.Equal(t, "short", short) + + // Long string should be truncated + long := truncateForContext("this is a very long string that exceeds fifty characters and should be truncated") + assert.Len(t, long, 50) + assert.True(t, len(long) <= 50) + assert.Contains(t, long, "...") +} + +func TestTruncateForContext_Map(t *testing.T) { + m := map[string]any{"key": "value"} + result := truncateForContext(m) + assert.Equal(t, "{...}", result) +} + +func TestTruncateForContext_Slice(t *testing.T) { + s := []any{1, 2, 3} + result := truncateForContext(s) + assert.Equal(t, "[...]", result) +} + +func TestTruncateForContext_Other(t *testing.T) { + // Integer + i := truncateForContext(12345) + assert.Equal(t, "12345", i) + + // Boolean + b := truncateForContext(true) + assert.Equal(t, "true", b) + + // Long formatted value + type customType struct { + Field1 string + Field2 string + Field3 string + } + longValue := customType{ + Field1: "this is a long value", + Field2: "that will exceed fifty", + Field3: "characters when formatted", + } + result := truncateForContext(longValue) + assert.True(t, len(result) <= 50) + assert.Contains(t, result, "...") +} diff --git a/errors/urlencoded_errors.go b/errors/urlencoded_errors.go new file mode 100644 index 00000000..7a4c8917 --- /dev/null +++ b/errors/urlencoded_errors.go @@ -0,0 +1,65 @@ +package errors + +import ( + "fmt" + + "github.com/pb33f/libopenapi-validator/helpers" + "github.com/pb33f/libopenapi/datamodel/high/base" +) + +func InvalidURLEncodedParsing(reason, referenceObject string) *ValidationError { + return &ValidationError{ + ValidationType: helpers.URLEncodedValidation, + ValidationSubType: helpers.Schema, + Message: "Unable to parse form-urlencoded body", + Reason: fmt.Sprintf("failed to parse form-urlencoded: %s", reason), + SchemaValidationErrors: []*SchemaValidationFailure{{ + Reason: reason, + ReferenceSchema: "", + ReferenceObject: referenceObject, + }}, + HowToFix: HowToFixInvalidUrlEncoded, + } +} + +func InvalidTypeEncoding(schema *base.Schema, name, contentType string) *ValidationError { + line := 1 + col := 0 + if low := schema.GoLow(); low != nil && low.Type.KeyNode != nil { + line = low.Type.KeyNode.Line + col = low.Type.KeyNode.Column + } + + return &ValidationError{ + ValidationType: helpers.URLEncodedValidation, + ValidationSubType: helpers.InvalidTypeEncoding, + Message: fmt.Sprintf("The value '%s' could not be parsed to the defined encoding", name), + Reason: fmt.Sprintf("The value '%s' is encoded as '%s' in the schema, however the value could not be parsed", name, contentType), + SpecLine: line, + SpecCol: col, + Context: schema, + HowToFix: HowToFixInvalidTypeEncoding, + } +} + +func ReservedURLEncodedValue(schema *base.Schema, name, value string) *ValidationError { + line := 1 + col := 0 + if schema != nil { + if low := schema.GoLow(); low != nil && low.Type.KeyNode != nil { + line = low.Type.KeyNode.Line + col = low.Type.KeyNode.Column + } + } + + return &ValidationError{ + ValidationType: helpers.URLEncodedValidation, + ValidationSubType: helpers.ReservedValues, + Message: fmt.Sprintf("Form value '%s' contains reserved characters", name), + Reason: fmt.Sprintf("The form value '%s' contains reserved characters but allowReserved is false. Value: '%s'", name, value), + SpecLine: line, + SpecCol: col, + Context: schema, + HowToFix: HowToFixFormDataReservedCharacters, + } +} diff --git a/errors/urlencoded_errors_test.go b/errors/urlencoded_errors_test.go new file mode 100644 index 00000000..d6ad984e --- /dev/null +++ b/errors/urlencoded_errors_test.go @@ -0,0 +1,58 @@ +package errors + +import ( + "testing" + + "github.com/pb33f/libopenapi" + "github.com/pb33f/libopenapi-validator/helpers" + "github.com/pb33f/libopenapi/datamodel/high/base" + "github.com/stretchr/testify/assert" +) + +func getURLEncodingTestSchema() *base.Schema { + spec := `openapi: 3.0.0 +paths: + /pet: + get: + responses: + '200': + content: + application/x-www-form-urlencoded: + encoding: + animal: + contentType: application/json + schema: + type: object + properties: + animal: + type: object` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + v3Doc, _ := doc.BuildV3Model() + + return v3Doc.Model.Paths.PathItems.GetOrZero("/pet").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/x-www-form-urlencoded").Schema.Schema() +} + +func TestInvalidURLEncodedParsing(t *testing.T) { + err := InvalidURLEncodedParsing("no data sent", "invalid-formdata") + + assert.NotNil(t, (*err)) + assert.Equal(t, (*err).SchemaValidationErrors[0].Reason, "no data sent") + assert.Equal(t, (*err).SchemaValidationErrors[0].ReferenceObject, "invalid-formdata") + assert.Equal(t, helpers.Schema, (*err).ValidationSubType) +} + +func TestInvalidTypeEncoding(t *testing.T) { + err := InvalidTypeEncoding(getURLEncodingTestSchema(), "animal", helpers.JSONContentType) + + assert.NotNil(t, (*err)) + assert.Equal(t, helpers.InvalidTypeEncoding, (*err).ValidationSubType) +} + +func TestReservedURLEncodedValue(t *testing.T) { + err := ReservedURLEncodedValue(getURLEncodingTestSchema(), "animal", "!") + + assert.NotNil(t, (*err)) + assert.Equal(t, helpers.ReservedValues, (*err).ValidationSubType) +} diff --git a/errors/validation_error.go b/errors/validation_error.go index 020f8bd2..38ac82f5 100644 --- a/errors/validation_error.go +++ b/errors/validation_error.go @@ -6,6 +6,7 @@ package errors import ( "fmt" + "github.com/pb33f/libopenapi-validator/helpers" "github.com/santhosh-tekuri/jsonschema/v6" ) @@ -51,14 +52,16 @@ type SchemaValidationFailure struct { // The original jsonschema.ValidationError object, if the schema failure originated from the jsonschema library. OriginalJsonSchemaError *jsonschema.ValidationError `json:"-" yaml:"-"` - // DEPRECATED in favor of explicit use of FieldPath & InstancePath - // Location is the XPath-like location of the validation failure - Location string `json:"location,omitempty" yaml:"location,omitempty"` + // Context is the raw schema object that failed validation (for programmatic access) + Context interface{} `json:"-" yaml:"-"` } // Error returns a string representation of the error func (s *SchemaValidationFailure) Error() string { - return fmt.Sprintf("Reason: %s, Location: %s", s.Reason, s.Location) + if s.FieldPath != "" { + return fmt.Sprintf("Reason: %s, FieldPath: %s", s.Reason, s.FieldPath) + } + return fmt.Sprintf("Reason: %s", s.Reason) } // ValidationError is a struct that contains all the information about a validation error. @@ -128,10 +131,10 @@ func (v *ValidationError) Error() string { // IsPathMissingError returns true if the error has a ValidationType of "path" and a ValidationSubType of "missing" func (v *ValidationError) IsPathMissingError() bool { - return v.ValidationType == "path" && v.ValidationSubType == "missing" + return v.ValidationType == helpers.PathValidation && v.ValidationSubType == helpers.ValidationMissing } // IsOperationMissingError returns true if the error has a ValidationType of "request" and a ValidationSubType of "missingOperation" func (v *ValidationError) IsOperationMissingError() bool { - return v.ValidationType == "path" && v.ValidationSubType == "missingOperation" + return v.ValidationType == helpers.PathValidation && v.ValidationSubType == helpers.ValidationMissingOperation } diff --git a/errors/validation_error_test.go b/errors/validation_error_test.go index 749dedfd..82e0d6d6 100644 --- a/errors/validation_error_test.go +++ b/errors/validation_error_test.go @@ -7,17 +7,18 @@ import ( "fmt" "testing" + "github.com/pb33f/libopenapi-validator/helpers" "github.com/stretchr/testify/require" ) func TestSchemaValidationFailure_Error(t *testing.T) { // Test the Error method of SchemaValidationFailure s := &SchemaValidationFailure{ - Reason: "Invalid type", - Location: "/path/to/property", + Reason: "Invalid type", + FieldPath: "$.path.to.property", } - expectedError := "Reason: Invalid type, Location: /path/to/property" + expectedError := "Reason: Invalid type, FieldPath: $.path.to.property" require.Equal(t, expectedError, s.Error()) } @@ -48,8 +49,8 @@ func TestValidationError_Error_WithSpecLineAndColumn(t *testing.T) { func TestValidationError_Error_WithSchemaValidationErrors(t *testing.T) { // Test the Error method of ValidationError with SchemaValidationErrors schemaError := &SchemaValidationFailure{ - Reason: "Invalid enum value", - Location: "/path/to/enum", + Reason: "Invalid enum value", + FieldPath: "$.path.to.enum", } v := &ValidationError{ Message: "Enum validation failed", @@ -64,8 +65,8 @@ func TestValidationError_Error_WithSchemaValidationErrors(t *testing.T) { func TestValidationError_Error_WithSchemaValidationErrors_AndSpecLineColumn(t *testing.T) { // Test the Error method of ValidationError with SchemaValidationErrors and SpecLine and SpecCol schemaError := &SchemaValidationFailure{ - Reason: "Invalid enum value", - Location: "/path/to/enum", + Reason: "Invalid enum value", + FieldPath: "$.path.to.enum", } v := &ValidationError{ Message: "Enum validation failed", @@ -82,8 +83,8 @@ func TestValidationError_Error_WithSchemaValidationErrors_AndSpecLineColumn(t *t func TestValidationError_IsPathMissingError(t *testing.T) { // Test the IsPathMissingError method v := &ValidationError{ - ValidationType: "path", - ValidationSubType: "missing", + ValidationType: helpers.PathValidation, + ValidationSubType: helpers.ValidationMissing, } require.True(t, v.IsPathMissingError()) @@ -93,16 +94,16 @@ func TestValidationError_IsPathMissingError(t *testing.T) { require.False(t, v.IsPathMissingError()) // Test with different ValidationType - v.ValidationType = "request" - v.ValidationSubType = "missing" + v.ValidationType = helpers.RequestValidation + v.ValidationSubType = helpers.ValidationMissing require.False(t, v.IsPathMissingError()) } func TestValidationError_IsOperationMissingError(t *testing.T) { // Test the IsOperationMissingError method v := &ValidationError{ - ValidationType: "path", - ValidationSubType: "missingOperation", + ValidationType: helpers.PathValidation, + ValidationSubType: helpers.ValidationMissingOperation, } require.True(t, v.IsOperationMissingError()) @@ -112,7 +113,7 @@ func TestValidationError_IsOperationMissingError(t *testing.T) { require.False(t, v.IsOperationMissingError()) // Test with different ValidationType - v.ValidationType = "request" - v.ValidationSubType = "missingOperation" + v.ValidationType = helpers.RequestValidation + v.ValidationSubType = helpers.ValidationMissingOperation require.False(t, v.IsOperationMissingError()) } diff --git a/errors/xml_errors.go b/errors/xml_errors.go new file mode 100644 index 00000000..6566615d --- /dev/null +++ b/errors/xml_errors.go @@ -0,0 +1,104 @@ +package errors + +import ( + "fmt" + + "github.com/pb33f/libopenapi-validator/helpers" + "github.com/pb33f/libopenapi/datamodel/high/base" +) + +func MissingPrefix(schema *base.Schema, prefix string) *ValidationError { + line := 1 + col := 0 + if low := schema.GoLow(); low != nil && low.Type.KeyNode != nil { + line = low.Type.KeyNode.Line + col = low.Type.KeyNode.Column + } + + return &ValidationError{ + ValidationType: helpers.XmlValidation, + ValidationSubType: helpers.XmlValidationPrefix, + Message: fmt.Sprintf("The prefix '%s' is defined in the schema, however it's missing from the xml", prefix), + Reason: fmt.Sprintf("The prefix '%s' is defined in the schema, however it's missing from the xml content", prefix), + SpecLine: line, + SpecCol: col, + Context: schema, + HowToFix: fmt.Sprintf(HowToFixXmlPrefix, prefix), + } +} + +func InvalidPrefix(schema *base.Schema, prefix string) *ValidationError { + line := 1 + col := 0 + if low := schema.GoLow(); low != nil && low.Type.KeyNode != nil { + line = low.Type.KeyNode.Line + col = low.Type.KeyNode.Column + } + + return &ValidationError{ + ValidationType: helpers.XmlValidation, + ValidationSubType: helpers.XmlValidationPrefix, + Message: fmt.Sprintf("The prefix '%s' defined in the schema differs from the xml", prefix), + Reason: fmt.Sprintf("The prefix '%s' is defined in the schema, however the xml sent and invalid prefix", prefix), + SpecCol: col, + SpecLine: line, + Context: schema, + HowToFix: fmt.Sprintf(HowToFixXmlPrefix, prefix), + } +} + +func MissingNamespace(schema *base.Schema, namespace string) *ValidationError { + line := 1 + col := 0 + if low := schema.GoLow(); low != nil && low.Type.KeyNode != nil { + line = low.Type.KeyNode.Line + col = low.Type.KeyNode.Column + } + + return &ValidationError{ + ValidationType: helpers.XmlValidation, + ValidationSubType: helpers.XmlValidationNamespace, + Message: fmt.Sprintf("The namespace '%s' is defined in the schema, however it's missing from the xml", namespace), + Reason: fmt.Sprintf("The namespace '%s' is defined in the schema, however it's missing from the xml content", namespace), + SpecLine: line, + SpecCol: col, + Context: schema, + HowToFix: fmt.Sprintf(HowToFixXmlNamespace, namespace), + } +} + +func InvalidNamespace(schema *base.Schema, namespace, expectedNamespace, prefix string) *ValidationError { + line := 1 + col := 0 + if low := schema.GoLow(); low != nil && low.Type.KeyNode != nil { + line = low.Type.KeyNode.Line + col = low.Type.KeyNode.Column + } + + return &ValidationError{ + ValidationType: helpers.XmlValidation, + ValidationSubType: helpers.XmlValidationNamespace, + Message: fmt.Sprintf("The namespace from prefix '%s' differs from the xml", prefix), + Reason: fmt.Sprintf("The namespace from prefix '%s' is declared as '%s' in the schema, however in xml is declared as '%s'", + prefix, expectedNamespace, namespace), + SpecLine: line, + SpecCol: col, + Context: schema, + HowToFix: fmt.Sprintf(HowToFixXmlNamespace, namespace), + } +} + +func InvalidXMLParsing(reason, referenceObject string) *ValidationError { + return &ValidationError{ + ValidationType: helpers.XmlValidation, + ValidationSubType: helpers.Schema, + Message: "xml example is malformed", + Reason: fmt.Sprintf("failed to parse xml: %s", reason), + SchemaValidationErrors: []*SchemaValidationFailure{{ + Reason: reason, + ReferenceSchema: "", + ReferenceObject: referenceObject, + }}, + HowToFix: HowToFixInvalidXml, + } +} diff --git a/errors/xml_errors_test.go b/errors/xml_errors_test.go new file mode 100644 index 00000000..3b05da04 --- /dev/null +++ b/errors/xml_errors_test.go @@ -0,0 +1,78 @@ +// Copyright 2023-2024 Princess Beef Heavy Industries, LLC / Dave Shanley +// https://pb33f.io + +package errors + +import ( + "testing" + + "github.com/pb33f/libopenapi" + "github.com/pb33f/libopenapi-validator/helpers" + "github.com/pb33f/libopenapi/datamodel/high/base" + "github.com/stretchr/testify/assert" +) + +func getTestSchema() *base.Schema { + spec := `openapi: 3.0.0 +paths: + /pet: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + age: + type: integer + xml: + name: Cat` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + v3Doc, _ := doc.BuildV3Model() + + return v3Doc.Model.Paths.PathItems.GetOrZero("/pet").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() +} + +func TestMissingPrefixError(t *testing.T) { + schema := getTestSchema() + err := MissingPrefix(schema, "prx") + + assert.NotNil(t, *err) + assert.Equal(t, helpers.XmlValidationPrefix, (*err).ValidationSubType) +} + +func TestMissingNamespaceError(t *testing.T) { + schema := getTestSchema() + err := MissingNamespace(schema, "http://ex.c") + + assert.NotNil(t, *err) + assert.Equal(t, helpers.XmlValidationNamespace, (*err).ValidationSubType) +} + +func TestInvalidPrefixError(t *testing.T) { + schema := getTestSchema() + err := InvalidPrefix(schema, "prx") + + assert.NotNil(t, *err) + assert.Equal(t, helpers.XmlValidationPrefix, (*err).ValidationSubType) +} + +func TestInvalidNamespaceError(t *testing.T) { + schema := getTestSchema() + err := InvalidNamespace(schema, "other", "http://ex.c", "prx") + + assert.NotNil(t, *err) + assert.Equal(t, helpers.XmlValidationNamespace, (*err).ValidationSubType) +} + +func TestInvalidParsing(t *testing.T) { + err := InvalidXMLParsing("no data sent", "invalid-xml") + + assert.NotNil(t, (*err)) + assert.Equal(t, (*err).SchemaValidationErrors[0].Reason, "no data sent") + assert.Equal(t, (*err).SchemaValidationErrors[0].ReferenceObject, "invalid-xml") + assert.Equal(t, helpers.Schema, (*err).ValidationSubType) +} diff --git a/go.mod b/go.mod index 458ef7f5..645d20c4 100644 --- a/go.mod +++ b/go.mod @@ -1,22 +1,230 @@ module github.com/pb33f/libopenapi-validator -go 1.24.7 +go 1.25.0 require ( + github.com/basgys/goxml2json v1.1.1-0.20231018121955-e66ee54ceaad github.com/dlclark/regexp2 v1.11.5 - github.com/pb33f/jsonpath v0.1.2 - github.com/pb33f/libopenapi v0.28.1 + github.com/go-openapi/jsonpointer v0.22.4 + github.com/goccy/go-yaml v1.19.2 + github.com/pb33f/jsonpath v0.8.1 + github.com/pb33f/libopenapi v0.33.11 github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 github.com/stretchr/testify v1.11.1 - go.yaml.in/yaml/v4 v4.0.0-rc.2 - golang.org/x/text v0.30.0 + go.yaml.in/yaml/v4 v4.0.0-rc.4 + golang.org/x/text v0.34.0 ) require ( + 4d63.com/gocheckcompilerdirectives v1.3.0 // indirect + 4d63.com/gochecknoglobals v0.2.2 // indirect + codeberg.org/chavacava/garif v0.2.0 // indirect + codeberg.org/polyfloyd/go-errorlint v1.9.0 // indirect + dev.gaijin.team/go/exhaustruct/v4 v4.0.0 // indirect + dev.gaijin.team/go/golib v0.6.0 // indirect + github.com/4meepo/tagalign v1.4.3 // indirect + github.com/Abirdcfly/dupword v0.1.7 // indirect + github.com/AdminBenni/iota-mixing v1.0.0 // indirect + github.com/AlwxSin/noinlineerr v1.0.5 // indirect + github.com/Antonboom/errname v1.1.1 // indirect + github.com/Antonboom/nilnil v1.1.1 // indirect + github.com/Antonboom/testifylint v1.6.4 // indirect + github.com/BurntSushi/toml v1.6.0 // indirect + github.com/Djarvur/go-err113 v0.1.1 // indirect + github.com/Masterminds/semver/v3 v3.4.0 // indirect + github.com/MirrexOne/unqueryvet v1.4.0 // indirect + github.com/OpenPeeDeeP/depguard/v2 v2.2.1 // indirect + github.com/alecthomas/chroma/v2 v2.21.1 // indirect + github.com/alecthomas/go-check-sumtype v0.3.1 // indirect + github.com/alexkohler/nakedret/v2 v2.0.6 // indirect + github.com/alexkohler/prealloc v1.0.1 // indirect + github.com/alfatraining/structtag v1.0.0 // indirect + github.com/alingse/asasalint v0.0.11 // indirect + github.com/alingse/nilnesserr v0.2.0 // indirect + github.com/ashanbrown/forbidigo/v2 v2.3.0 // indirect + github.com/ashanbrown/makezero/v2 v2.1.0 // indirect + github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/bahlo/generic-list-go v0.2.0 // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/bkielbasa/cyclop v1.2.3 // indirect + github.com/blizzy78/varnamelen v0.8.0 // indirect + github.com/bombsimon/wsl/v4 v4.7.0 // indirect + github.com/bombsimon/wsl/v5 v5.3.0 // indirect + github.com/breml/bidichk v0.3.3 // indirect + github.com/breml/errchkjson v0.4.1 // indirect github.com/buger/jsonparser v1.1.1 // indirect + github.com/butuzov/ireturn v0.4.0 // indirect + github.com/butuzov/mirror v1.3.0 // indirect + github.com/catenacyber/perfsprint v0.10.1 // indirect + github.com/ccojocar/zxcvbn-go v1.0.4 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/charithe/durationcheck v0.0.11 // indirect + github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect + github.com/charmbracelet/lipgloss v1.1.0 // indirect + github.com/charmbracelet/x/ansi v0.8.0 // indirect + github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd // indirect + github.com/charmbracelet/x/term v0.2.1 // indirect + github.com/ckaznocha/intrange v0.3.1 // indirect + github.com/curioswitch/go-reassign v0.3.0 // indirect + github.com/daixiang0/gci v0.13.7 // indirect + github.com/dave/dst v0.27.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/denis-tingaikin/go-header v0.5.0 // indirect + github.com/ettle/strcase v0.2.0 // indirect + github.com/fatih/color v1.18.0 // indirect + github.com/fatih/structtag v1.2.0 // indirect + github.com/firefart/nonamedreturns v1.0.6 // indirect + github.com/fsnotify/fsnotify v1.5.4 // indirect + github.com/fzipp/gocyclo v0.6.0 // indirect + github.com/ghostiam/protogetter v0.3.18 // indirect + github.com/go-critic/go-critic v0.14.3 // indirect + github.com/go-openapi/swag/jsonname v0.25.4 // indirect + github.com/go-toolsmith/astcast v1.1.0 // indirect + github.com/go-toolsmith/astcopy v1.1.0 // indirect + github.com/go-toolsmith/astequal v1.2.0 // indirect + github.com/go-toolsmith/astfmt v1.1.0 // indirect + github.com/go-toolsmith/astp v1.1.0 // indirect + github.com/go-toolsmith/strparse v1.1.0 // indirect + github.com/go-toolsmith/typep v1.1.0 // indirect + github.com/go-viper/mapstructure/v2 v2.4.0 // indirect + github.com/go-xmlfmt/xmlfmt v1.1.3 // indirect + github.com/gobwas/glob v0.2.3 // indirect + github.com/godoc-lint/godoc-lint v0.11.1 // indirect + github.com/gofrs/flock v0.13.0 // indirect + github.com/golang/protobuf v1.5.3 // indirect + github.com/golangci/asciicheck v0.5.0 // indirect + github.com/golangci/dupl v0.0.0-20250308024227-f665c8d69b32 // indirect + github.com/golangci/go-printf-func-name v0.1.1 // indirect + github.com/golangci/gofmt v0.0.0-20250106114630-d62b90e6713d // indirect + github.com/golangci/golangci-lint/v2 v2.8.0 // indirect + github.com/golangci/golines v0.14.0 // indirect + github.com/golangci/misspell v0.7.0 // indirect + github.com/golangci/plugin-module-register v0.1.2 // indirect + github.com/golangci/revgrep v0.8.0 // indirect + github.com/golangci/swaggoswag v0.0.0-20250504205917-77f2aca3143e // indirect + github.com/golangci/unconvert v0.0.0-20250410112200-a129a6e6413e // indirect + github.com/google/go-cmp v0.7.0 // indirect + github.com/gordonklaus/ineffassign v0.2.0 // indirect + github.com/gostaticanalysis/analysisutil v0.7.1 // indirect + github.com/gostaticanalysis/comment v1.5.0 // indirect + github.com/gostaticanalysis/forcetypeassert v0.2.0 // indirect + github.com/gostaticanalysis/nilerr v0.1.2 // indirect + github.com/hashicorp/go-immutable-radix/v2 v2.1.0 // indirect + github.com/hashicorp/go-version v1.8.0 // indirect + github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect + github.com/hashicorp/hcl v1.0.0 // indirect + github.com/hexops/gotextdiff v1.0.3 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jgautheron/goconst v1.8.2 // indirect + github.com/jingyugao/rowserrcheck v1.1.1 // indirect + github.com/jjti/go-spancheck v0.6.5 // indirect + github.com/julz/importas v0.2.0 // indirect + github.com/karamaru-alpha/copyloopvar v1.2.2 // indirect + github.com/kisielk/errcheck v1.9.0 // indirect + github.com/kkHAIKE/contextcheck v1.1.6 // indirect + github.com/kulti/thelper v0.7.1 // indirect + github.com/kunwardeep/paralleltest v1.0.15 // indirect + github.com/lasiar/canonicalheader v1.1.2 // indirect + github.com/ldez/exptostd v0.4.5 // indirect + github.com/ldez/gomoddirectives v0.8.0 // indirect + github.com/ldez/grignotin v0.10.1 // indirect + github.com/ldez/structtags v0.6.1 // indirect + github.com/ldez/tagliatelle v0.7.2 // indirect + github.com/ldez/usetesting v0.5.0 // indirect + github.com/leonklingele/grouper v1.1.2 // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect + github.com/macabu/inamedparam v0.2.0 // indirect + github.com/magiconair/properties v1.8.6 // indirect + github.com/manuelarte/embeddedstructfieldcheck v0.4.0 // indirect + github.com/manuelarte/funcorder v0.5.0 // indirect + github.com/maratori/testableexamples v1.0.1 // indirect + github.com/maratori/testpackage v1.1.2 // indirect + github.com/matoous/godox v1.1.0 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect + github.com/mgechev/revive v1.13.0 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/moricho/tparallel v0.3.2 // indirect + github.com/muesli/termenv v0.16.0 // indirect + github.com/nakabonne/nestif v0.3.1 // indirect + github.com/nishanths/exhaustive v0.12.0 // indirect + github.com/nishanths/predeclared v0.2.2 // indirect + github.com/nunnatsa/ginkgolinter v0.21.2 // indirect github.com/pb33f/ordered-map/v2 v2.3.0 // indirect + github.com/pelletier/go-toml v1.9.5 // indirect + github.com/pelletier/go-toml/v2 v2.2.4 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/prometheus/client_golang v1.12.1 // indirect + github.com/prometheus/client_model v0.2.0 // indirect + github.com/prometheus/common v0.32.1 // indirect + github.com/prometheus/procfs v0.7.3 // indirect + github.com/quasilyte/go-ruleguard v0.4.5 // indirect + github.com/quasilyte/go-ruleguard/dsl v0.3.23 // indirect + github.com/quasilyte/gogrep v0.5.0 // indirect + github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 // indirect + github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect + github.com/raeperd/recvcheck v0.2.0 // indirect + github.com/rivo/uniseg v0.4.7 // indirect + github.com/rogpeppe/go-internal v1.14.1 // indirect + github.com/ryancurrah/gomodguard v1.4.1 // indirect + github.com/ryanrolds/sqlclosecheck v0.5.1 // indirect + github.com/sanposhiho/wastedassign/v2 v2.1.0 // indirect + github.com/sashamelentyev/interfacebloat v1.1.0 // indirect + github.com/sashamelentyev/usestdlibvars v1.29.0 // indirect + github.com/securego/gosec/v2 v2.22.11 // indirect + github.com/sirupsen/logrus v1.9.3 // indirect + github.com/sivchari/containedctx v1.0.3 // indirect + github.com/sonatard/noctx v0.4.0 // indirect + github.com/sourcegraph/go-diff v0.7.0 // indirect + github.com/spf13/afero v1.15.0 // indirect + github.com/spf13/cast v1.5.0 // indirect + github.com/spf13/cobra v1.10.2 // indirect + github.com/spf13/jwalterweatherman v1.1.0 // indirect + github.com/spf13/pflag v1.0.10 // indirect + github.com/spf13/viper v1.12.0 // indirect + github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect + github.com/stbenjam/no-sprintf-host-port v0.3.1 // indirect + github.com/stretchr/objx v0.5.2 // indirect + github.com/subosito/gotenv v1.4.1 // indirect + github.com/tetafro/godot v1.5.4 // indirect + github.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67 // indirect + github.com/timonwong/loggercheck v0.11.0 // indirect + github.com/tomarrell/wrapcheck/v2 v2.12.0 // indirect + github.com/tommy-muehle/go-mnd/v2 v2.5.1 // indirect + github.com/ultraware/funlen v0.2.0 // indirect + github.com/ultraware/whitespace v0.2.0 // indirect + github.com/uudashr/gocognit v1.2.0 // indirect + github.com/uudashr/iface v1.4.1 // indirect + github.com/xen0n/gosmopolitan v1.3.0 // indirect + github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect + github.com/yagipy/maintidx v1.0.0 // indirect + github.com/yeya24/promlinter v0.3.0 // indirect + github.com/ykadowak/zerologlint v0.1.5 // indirect + gitlab.com/bosi/decorder v0.4.2 // indirect + go-simpler.org/musttag v0.14.0 // indirect + go-simpler.org/sloglint v0.11.1 // indirect + go.augendre.info/arangolint v0.3.1 // indirect + go.augendre.info/fatcontext v0.9.0 // indirect + go.uber.org/automaxprocs v1.6.0 // indirect + go.uber.org/multierr v1.10.0 // indirect + go.uber.org/zap v1.27.0 // indirect + go.yaml.in/yaml/v3 v3.0.4 // indirect + golang.org/x/exp/typeparams v0.0.0-20251023183803-a4bb9ffd2546 // indirect + golang.org/x/mod v0.32.0 // indirect + golang.org/x/net v0.49.0 // indirect + golang.org/x/sync v0.19.0 // indirect + golang.org/x/sys v0.40.0 // indirect + golang.org/x/tools v0.41.0 // indirect + google.golang.org/protobuf v1.36.8 // indirect + gopkg.in/ini.v1 v1.67.0 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + honnef.co/go/tools v0.6.1 // indirect + mvdan.cc/gofumpt v0.9.2 // indirect + mvdan.cc/unparam v0.0.0-20251027182757-5beb8c8f8f15 // indirect ) + +tool github.com/golangci/golangci-lint/v2/cmd/golangci-lint diff --git a/go.sum b/go.sum index 4a85e317..1480003d 100644 --- a/go.sum +++ b/go.sum @@ -1,35 +1,1030 @@ +4d63.com/gocheckcompilerdirectives v1.3.0 h1:Ew5y5CtcAAQeTVKUVFrE7EwHMrTO6BggtEj8BZSjZ3A= +4d63.com/gocheckcompilerdirectives v1.3.0/go.mod h1:ofsJ4zx2QAuIP/NO/NAh1ig6R1Fb18/GI7RVMwz7kAY= +4d63.com/gochecknoglobals v0.2.2 h1:H1vdnwnMaZdQW/N+NrkT1SZMTBmcwHe9Vq8lJcYYTtU= +4d63.com/gochecknoglobals v0.2.2/go.mod h1:lLxwTQjL5eIesRbvnzIP3jZtG140FnTdz+AlMa+ogt0= +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= +cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= +cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= +cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= +cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= +cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +codeberg.org/chavacava/garif v0.2.0 h1:F0tVjhYbuOCnvNcU3YSpO6b3Waw6Bimy4K0mM8y6MfY= +codeberg.org/chavacava/garif v0.2.0/go.mod h1:P2BPbVbT4QcvLZrORc2T29szK3xEOlnl0GiPTJmEqBQ= +codeberg.org/polyfloyd/go-errorlint v1.9.0 h1:VkdEEmA1VBpH6ecQoMR4LdphVI3fA4RrCh2an7YmodI= +codeberg.org/polyfloyd/go-errorlint v1.9.0/go.mod h1:GPRRu2LzVijNn4YkrZYJfatQIdS+TrcK8rL5Xs24qw8= +dev.gaijin.team/go/exhaustruct/v4 v4.0.0 h1:873r7aNneqoBB3IaFIzhvt2RFYTuHgmMjoKfwODoI1Y= +dev.gaijin.team/go/exhaustruct/v4 v4.0.0/go.mod h1:aZ/k2o4Y05aMJtiux15x8iXaumE88YdiB0Ai4fXOzPI= +dev.gaijin.team/go/golib v0.6.0 h1:v6nnznFTs4bppib/NyU1PQxobwDHwCXXl15P7DV5Zgo= +dev.gaijin.team/go/golib v0.6.0/go.mod h1:uY1mShx8Z/aNHWDyAkZTkX+uCi5PdX7KsG1eDQa2AVE= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/4meepo/tagalign v1.4.3 h1:Bnu7jGWwbfpAie2vyl63Zup5KuRv21olsPIha53BJr8= +github.com/4meepo/tagalign v1.4.3/go.mod h1:00WwRjiuSbrRJnSVeGWPLp2epS5Q/l4UEy0apLLS37c= +github.com/Abirdcfly/dupword v0.1.7 h1:2j8sInznrje4I0CMisSL6ipEBkeJUJAmK1/lfoNGWrQ= +github.com/Abirdcfly/dupword v0.1.7/go.mod h1:K0DkBeOebJ4VyOICFdppB23Q0YMOgVafM0zYW0n9lF4= +github.com/AdminBenni/iota-mixing v1.0.0 h1:Os6lpjG2dp/AE5fYBPAA1zfa2qMdCAWwPMCgpwKq7wo= +github.com/AdminBenni/iota-mixing v1.0.0/go.mod h1:i4+tpAaB+qMVIV9OK3m4/DAynOd5bQFaOu+2AhtBCNY= +github.com/AlwxSin/noinlineerr v1.0.5 h1:RUjt63wk1AYWTXtVXbSqemlbVTb23JOSRiNsshj7TbY= +github.com/AlwxSin/noinlineerr v1.0.5/go.mod h1:+QgkkoYrMH7RHvcdxdlI7vYYEdgeoFOVjU9sUhw/rQc= +github.com/Antonboom/errname v1.1.1 h1:bllB7mlIbTVzO9jmSWVWLjxTEbGBVQ1Ff/ClQgtPw9Q= +github.com/Antonboom/errname v1.1.1/go.mod h1:gjhe24xoxXp0ScLtHzjiXp0Exi1RFLKJb0bVBtWKCWQ= +github.com/Antonboom/nilnil v1.1.1 h1:9Mdr6BYd8WHCDngQnNVV0b554xyisFioEKi30sksufQ= +github.com/Antonboom/nilnil v1.1.1/go.mod h1:yCyAmSw3doopbOWhJlVci+HuyNRuHJKIv6V2oYQa8II= +github.com/Antonboom/testifylint v1.6.4 h1:gs9fUEy+egzxkEbq9P4cpcMB6/G0DYdMeiFS87UiqmQ= +github.com/Antonboom/testifylint v1.6.4/go.mod h1:YO33FROXX2OoUfwjz8g+gUxQXio5i9qpVy7nXGbxDD4= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk= +github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/Djarvur/go-err113 v0.1.1 h1:eHfopDqXRwAi+YmCUas75ZE0+hoBHJ2GQNLYRSxao4g= +github.com/Djarvur/go-err113 v0.1.1/go.mod h1:IaWJdYFLg76t2ihfflPZnM1LIQszWOsFDh2hhhAVF6k= +github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= +github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/MirrexOne/unqueryvet v1.4.0 h1:6KAkqqW2KUnkl9Z0VuTphC3IXRPoFqEkJEtyxxHj5eQ= +github.com/MirrexOne/unqueryvet v1.4.0/go.mod h1:IWwCwMQlSWjAIteW0t+28Q5vouyktfujzYznSIWiuOg= +github.com/OpenPeeDeeP/depguard/v2 v2.2.1 h1:vckeWVESWp6Qog7UZSARNqfu/cZqvki8zsuj3piCMx4= +github.com/OpenPeeDeeP/depguard/v2 v2.2.1/go.mod h1:q4DKzC4UcVaAvcfd41CZh0PWpGgzrVxUYBlgKNGquUo= +github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0= +github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k= +github.com/alecthomas/chroma/v2 v2.21.1 h1:FaSDrp6N+3pphkNKU6HPCiYLgm8dbe5UXIXcoBhZSWA= +github.com/alecthomas/chroma/v2 v2.21.1/go.mod h1:NqVhfBR0lte5Ouh3DcthuUCTUpDC9cxBOfyMbMQPs3o= +github.com/alecthomas/go-check-sumtype v0.3.1 h1:u9aUvbGINJxLVXiFvHUlPEaD7VDULsrxJb4Aq31NLkU= +github.com/alecthomas/go-check-sumtype v0.3.1/go.mod h1:A8TSiN3UPRw3laIgWEUOHHLPa6/r9MtoigdlP5h3K/E= +github.com/alecthomas/repr v0.5.2 h1:SU73FTI9D1P5UNtvseffFSGmdNci/O6RsqzeXJtP0Qs= +github.com/alecthomas/repr v0.5.2/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= +github.com/alexkohler/nakedret/v2 v2.0.6 h1:ME3Qef1/KIKr3kWX3nti3hhgNxw6aqN5pZmQiFSsuzQ= +github.com/alexkohler/nakedret/v2 v2.0.6/go.mod h1:l3RKju/IzOMQHmsEvXwkqMDzHHvurNQfAgE1eVmT40Q= +github.com/alexkohler/prealloc v1.0.1 h1:A9P1haqowqUxWvU9nk6tQ7YktXIHf+LQM9wPRhuteEE= +github.com/alexkohler/prealloc v1.0.1/go.mod h1:fT39Jge3bQrfA7nPMDngUfvUbQGQeJyGQnR+913SCig= +github.com/alfatraining/structtag v1.0.0 h1:2qmcUqNcCoyVJ0up879K614L9PazjBSFruTB0GOFjCc= +github.com/alfatraining/structtag v1.0.0/go.mod h1:p3Xi5SwzTi+Ryj64DqjLWz7XurHxbGsq6y3ubePJPus= +github.com/alingse/asasalint v0.0.11 h1:SFwnQXJ49Kx/1GghOFz1XGqHYKp21Kq1nHad/0WQRnw= +github.com/alingse/asasalint v0.0.11/go.mod h1:nCaoMhw7a9kSJObvQyVzNTPBDbNpdocqrSP7t/cW5+I= +github.com/alingse/nilnesserr v0.2.0 h1:raLem5KG7EFVb4UIDAXgrv3N2JIaffeKNtcEXkEWd/w= +github.com/alingse/nilnesserr v0.2.0/go.mod h1:1xJPrXonEtX7wyTq8Dytns5P2hNzoWymVUIaKm4HNFg= +github.com/ashanbrown/forbidigo/v2 v2.3.0 h1:OZZDOchCgsX5gvToVtEBoV2UWbFfI6RKQTir2UZzSxo= +github.com/ashanbrown/forbidigo/v2 v2.3.0/go.mod h1:5p6VmsG5/1xx3E785W9fouMxIOkvY2rRV9nMdWadd6c= +github.com/ashanbrown/makezero/v2 v2.1.0 h1:snuKYMbqosNokUKm+R6/+vOPs8yVAi46La7Ck6QYSaE= +github.com/ashanbrown/makezero/v2 v2.1.0/go.mod h1:aEGT/9q3S8DHeE57C88z2a6xydvgx8J5hgXIGWgo0MY= +github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= +github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= +github.com/basgys/goxml2json v1.1.1-0.20231018121955-e66ee54ceaad h1:3swAvbzgfaI6nKuDDU7BiKfZRdF+h2ZwKgMHd8Ha4t8= +github.com/basgys/goxml2json v1.1.1-0.20231018121955-e66ee54ceaad/go.mod h1:9+nBLYNWkvPcq9ep0owWUsPTLgL9ZXTsZWcCSVGGLJ0= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bitly/go-simplejson v0.5.1 h1:xgwPbetQScXt1gh9BmoJ6j9JMr3TElvuIyjR8pgdoow= +github.com/bitly/go-simplejson v0.5.1/go.mod h1:YOPVLzCfwK14b4Sff3oP1AmGhI9T9Vsg84etUnlyp+Q= +github.com/bkielbasa/cyclop v1.2.3 h1:faIVMIGDIANuGPWH031CZJTi2ymOQBULs9H21HSMa5w= +github.com/bkielbasa/cyclop v1.2.3/go.mod h1:kHTwA9Q0uZqOADdupvcFJQtp/ksSnytRMe8ztxG8Fuo= +github.com/blizzy78/varnamelen v0.8.0 h1:oqSblyuQvFsW1hbBHh1zfwrKe3kcSj0rnXkKzsQ089M= +github.com/blizzy78/varnamelen v0.8.0/go.mod h1:V9TzQZ4fLJ1DSrjVDfl89H7aMnTvKkApdHeyESmyR7k= +github.com/bombsimon/wsl/v4 v4.7.0 h1:1Ilm9JBPRczjyUs6hvOPKvd7VL1Q++PL8M0SXBDf+jQ= +github.com/bombsimon/wsl/v4 v4.7.0/go.mod h1:uV/+6BkffuzSAVYD+yGyld1AChO7/EuLrCF/8xTiapg= +github.com/bombsimon/wsl/v5 v5.3.0 h1:nZWREJFL6U3vgW/B1lfDOigl+tEF6qgs6dGGbFeR0UM= +github.com/bombsimon/wsl/v5 v5.3.0/go.mod h1:Gp8lD04z27wm3FANIUPZycXp+8huVsn0oxc+n4qfV9I= +github.com/breml/bidichk v0.3.3 h1:WSM67ztRusf1sMoqH6/c4OBCUlRVTKq+CbSeo0R17sE= +github.com/breml/bidichk v0.3.3/go.mod h1:ISbsut8OnjB367j5NseXEGGgO/th206dVa427kR8YTE= +github.com/breml/errchkjson v0.4.1 h1:keFSS8D7A2T0haP9kzZTi7o26r7kE3vymjZNeNDRDwg= +github.com/breml/errchkjson v0.4.1/go.mod h1:a23OvR6Qvcl7DG/Z4o0el6BRAjKnaReoPQFciAl9U3s= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= +github.com/butuzov/ireturn v0.4.0 h1:+s76bF/PfeKEdbG8b54aCocxXmi0wvYdOVsWxVO7n8E= +github.com/butuzov/ireturn v0.4.0/go.mod h1:ghI0FrCmap8pDWZwfPisFD1vEc56VKH4NpQUxDHta70= +github.com/butuzov/mirror v1.3.0 h1:HdWCXzmwlQHdVhwvsfBb2Au0r3HyINry3bDWLYXiKoc= +github.com/butuzov/mirror v1.3.0/go.mod h1:AEij0Z8YMALaq4yQj9CPPVYOyJQyiexpQEQgihajRfI= +github.com/catenacyber/perfsprint v0.10.1 h1:u7Riei30bk46XsG8nknMhKLXG9BcXz3+3tl/WpKm0PQ= +github.com/catenacyber/perfsprint v0.10.1/go.mod h1:DJTGsi/Zufpuus6XPGJyKOTMELe347o6akPvWG9Zcsc= +github.com/ccojocar/zxcvbn-go v1.0.4 h1:FWnCIRMXPj43ukfX000kvBZvV6raSxakYr1nzyNrUcc= +github.com/ccojocar/zxcvbn-go v1.0.4/go.mod h1:3GxGX+rHmueTUMvm5ium7irpyjmm7ikxYFOSJB21Das= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/charithe/durationcheck v0.0.11 h1:g1/EX1eIiKS57NTWsYtHDZ/APfeXKhye1DidBcABctk= +github.com/charithe/durationcheck v0.0.11/go.mod h1:x5iZaixRNl8ctbM+3B2RrPG5t856TxRyVQEnbIEM2X4= +github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc h1:4pZI35227imm7yK2bGPcfpFEmuY1gc2YSTShr4iJBfs= +github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc/go.mod h1:X4/0JoqgTIPSFcRA/P6INZzIuyqdFY5rm8tb41s9okk= +github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY= +github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30= +github.com/charmbracelet/x/ansi v0.8.0 h1:9GTq3xq9caJW8ZrBTe0LIe2fvfLR/bYXKTx2llXn7xE= +github.com/charmbracelet/x/ansi v0.8.0/go.mod h1:wdYl/ONOLHLIVmQaxbIYEC/cRKOQyjTkowiI4blgS9Q= +github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd h1:vy0GVL4jeHEwG5YOXDmi86oYw2yuYUGqz6a8sLwg0X8= +github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd/go.mod h1:xe0nKWGd3eJgtqZRaN9RjMtK7xUYchjzPr7q6kcvCCs= +github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ= +github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/ckaznocha/intrange v0.3.1 h1:j1onQyXvHUsPWujDH6WIjhyH26gkRt/txNlV7LspvJs= +github.com/ckaznocha/intrange v0.3.1/go.mod h1:QVepyz1AkUoFQkpEqksSYpNpUo3c5W7nWh/s6SHIJJk= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= +github.com/curioswitch/go-reassign v0.3.0 h1:dh3kpQHuADL3cobV/sSGETA8DOv457dwl+fbBAhrQPs= +github.com/curioswitch/go-reassign v0.3.0/go.mod h1:nApPCCTtqLJN/s8HfItCcKV0jIPwluBOvZP+dsJGA88= +github.com/daixiang0/gci v0.13.7 h1:+0bG5eK9vlI08J+J/NWGbWPTNiXPG4WhNLJOkSxWITQ= +github.com/daixiang0/gci v0.13.7/go.mod h1:812WVN6JLFY9S6Tv76twqmNqevN0pa3SX3nih0brVzQ= +github.com/dave/dst v0.27.3 h1:P1HPoMza3cMEquVf9kKy8yXsFirry4zEnWOdYPOoIzY= +github.com/dave/dst v0.27.3/go.mod h1:jHh6EOibnHgcUW3WjKHisiooEkYwqpHLBSX1iOBhEyc= +github.com/dave/jennifer v1.7.1 h1:B4jJJDHelWcDhlRQxWeo0Npa/pYKBLrirAQoTN45txo= +github.com/dave/jennifer v1.7.1/go.mod h1:nXbxhEmQfOZhWml3D1cDK5M1FLnMSozpbFN/m3RmGZc= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/denis-tingaikin/go-header v0.5.0 h1:SRdnP5ZKvcO9KKRP1KJrhFR3RrlGuD+42t4429eC9k8= +github.com/denis-tingaikin/go-header v0.5.0/go.mod h1:mMenU5bWrok6Wl2UsZjy+1okegmwQ3UgWl4V1D8gjlY= github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ= github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/ettle/strcase v0.2.0 h1:fGNiVF21fHXpX1niBgk0aROov1LagYsOwV/xqKDKR/Q= +github.com/ettle/strcase v0.2.0/go.mod h1:DajmHElDSaX76ITe3/VHVyMin4LWSJN5Z909Wp+ED1A= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= +github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4= +github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94= +github.com/firefart/nonamedreturns v1.0.6 h1:vmiBcKV/3EqKY3ZiPxCINmpS431OcE1S47AQUwhrg8E= +github.com/firefart/nonamedreturns v1.0.6/go.mod h1:R8NisJnSIpvPWheCq0mNRXJok6D8h7fagJTF8EMEwCo= +github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= +github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= +github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= +github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= +github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo= +github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA= +github.com/ghostiam/protogetter v0.3.18 h1:yEpghRGtP9PjKvVXtEzGpYfQj1Wl/ZehAfU6fr62Lfo= +github.com/ghostiam/protogetter v0.3.18/go.mod h1:FjIu5Yfs6FT391m+Fjp3fbAYJ6rkL/J6ySpZBfnODuI= +github.com/go-critic/go-critic v0.14.3 h1:5R1qH2iFeo4I/RJU8vTezdqs08Egi4u5p6vOESA0pog= +github.com/go-critic/go-critic v0.14.3/go.mod h1:xwntfW6SYAd7h1OqDzmN6hBX/JxsEKl5up/Y2bsxgVQ= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4= +github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80= +github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI= +github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag= +github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls= +github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= +github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= +github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/go-toolsmith/astcast v1.1.0 h1:+JN9xZV1A+Re+95pgnMgDboWNVnIMMQXwfBwLRPgSC8= +github.com/go-toolsmith/astcast v1.1.0/go.mod h1:qdcuFWeGGS2xX5bLM/c3U9lewg7+Zu4mr+xPwZIB4ZU= +github.com/go-toolsmith/astcopy v1.1.0 h1:YGwBN0WM+ekI/6SS6+52zLDEf8Yvp3n2seZITCUBt5s= +github.com/go-toolsmith/astcopy v1.1.0/go.mod h1:hXM6gan18VA1T/daUEHCFcYiW8Ai1tIwIzHY6srfEAw= +github.com/go-toolsmith/astequal v1.0.3/go.mod h1:9Ai4UglvtR+4up+bAD4+hCj7iTo4m/OXVTSLnCyTAx4= +github.com/go-toolsmith/astequal v1.1.0/go.mod h1:sedf7VIdCL22LD8qIvv7Nn9MuWJruQA/ysswh64lffQ= +github.com/go-toolsmith/astequal v1.2.0 h1:3Fs3CYZ1k9Vo4FzFhwwewC3CHISHDnVUPC4x0bI2+Cw= +github.com/go-toolsmith/astequal v1.2.0/go.mod h1:c8NZ3+kSFtFY/8lPso4v8LuJjdJiUFVnSuU3s0qrrDY= +github.com/go-toolsmith/astfmt v1.1.0 h1:iJVPDPp6/7AaeLJEruMsBUlOYCmvg0MoCfJprsOmcco= +github.com/go-toolsmith/astfmt v1.1.0/go.mod h1:OrcLlRwu0CuiIBp/8b5PYF9ktGVZUjlNMV634mhwuQ4= +github.com/go-toolsmith/astp v1.1.0 h1:dXPuCl6u2llURjdPLLDxJeZInAeZ0/eZwFJmqZMnpQA= +github.com/go-toolsmith/astp v1.1.0/go.mod h1:0T1xFGz9hicKs8Z5MfAqSUitoUYS30pDMsRVIDHs8CA= +github.com/go-toolsmith/pkgload v1.2.2 h1:0CtmHq/02QhxcF7E9N5LIFcYFsMR5rdovfqTtRKkgIk= +github.com/go-toolsmith/pkgload v1.2.2/go.mod h1:R2hxLNRKuAsiXCo2i5J6ZQPhnPMOVtU+f0arbFPWCus= +github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8= +github.com/go-toolsmith/strparse v1.1.0 h1:GAioeZUK9TGxnLS+qfdqNbA4z0SSm5zVNtCQiyP2Bvw= +github.com/go-toolsmith/strparse v1.1.0/go.mod h1:7ksGy58fsaQkGQlY8WVoBFNyEPMGuJin1rfoPS4lBSQ= +github.com/go-toolsmith/typep v1.1.0 h1:fIRYDyF+JywLfqzyhdiHzRop/GQDxxNhLGQ6gFUNHus= +github.com/go-toolsmith/typep v1.1.0/go.mod h1:fVIw+7zjdsMxDA3ITWnH1yOiw1rnTQKCsF/sk2H/qig= +github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs= +github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= +github.com/go-xmlfmt/xmlfmt v1.1.3 h1:t8Ey3Uy7jDSEisW2K3somuMKIpzktkWptA0iFCnRUWY= +github.com/go-xmlfmt/xmlfmt v1.1.3/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= +github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM= +github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= +github.com/godoc-lint/godoc-lint v0.11.1 h1:z9as8Qjiy6miRIa3VRymTa+Gt2RLnGICVikcvlUVOaA= +github.com/godoc-lint/godoc-lint v0.11.1/go.mod h1:BAqayheFSuZrEAqCRxgw9MyvsM+S/hZwJbU1s/ejRj8= +github.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw= +github.com/gofrs/flock v0.13.0/go.mod h1:jxeyy9R1auM5S6JYDBhDt+E2TCo7DkratH4Pgi8P+Z0= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golangci/asciicheck v0.5.0 h1:jczN/BorERZwK8oiFBOGvlGPknhvq0bjnysTj4nUfo0= +github.com/golangci/asciicheck v0.5.0/go.mod h1:5RMNAInbNFw2krqN6ibBxN/zfRFa9S6tA1nPdM0l8qQ= +github.com/golangci/dupl v0.0.0-20250308024227-f665c8d69b32 h1:WUvBfQL6EW/40l6OmeSBYQJNSif4O11+bmWEz+C7FYw= +github.com/golangci/dupl v0.0.0-20250308024227-f665c8d69b32/go.mod h1:NUw9Zr2Sy7+HxzdjIULge71wI6yEg1lWQr7Evcu8K0E= +github.com/golangci/go-printf-func-name v0.1.1 h1:hIYTFJqAGp1iwoIfsNTpoq1xZAarogrvjO9AfiW3B4U= +github.com/golangci/go-printf-func-name v0.1.1/go.mod h1:Es64MpWEZbh0UBtTAICOZiB+miW53w/K9Or/4QogJss= +github.com/golangci/gofmt v0.0.0-20250106114630-d62b90e6713d h1:viFft9sS/dxoYY0aiOTsLKO2aZQAPT4nlQCsimGcSGE= +github.com/golangci/gofmt v0.0.0-20250106114630-d62b90e6713d/go.mod h1:ivJ9QDg0XucIkmwhzCDsqcnxxlDStoTl89jDMIoNxKY= +github.com/golangci/golangci-lint/v2 v2.8.0 h1:wJnr3hJWY3eVzOUcfwbDc2qbi2RDEpvLmQeNFaPSNYA= +github.com/golangci/golangci-lint/v2 v2.8.0/go.mod h1:xl+HafQ9xoP8rzw0z5AwnO5kynxtb80e8u02Ej/47RI= +github.com/golangci/golines v0.14.0 h1:xt9d3RKBjhasA3qpoXs99J2xN2t6eBlpLHt0TrgyyXc= +github.com/golangci/golines v0.14.0/go.mod h1:gf555vPG2Ia7mmy2mzmhVQbVjuK8Orw0maR1G4vVAAQ= +github.com/golangci/misspell v0.7.0 h1:4GOHr/T1lTW0hhR4tgaaV1WS/lJ+ncvYCoFKmqJsj0c= +github.com/golangci/misspell v0.7.0/go.mod h1:WZyyI2P3hxPY2UVHs3cS8YcllAeyfquQcKfdeE9AFVg= +github.com/golangci/plugin-module-register v0.1.2 h1:e5WM6PO6NIAEcij3B053CohVp3HIYbzSuP53UAYgOpg= +github.com/golangci/plugin-module-register v0.1.2/go.mod h1:1+QGTsKBvAIvPvoY/os+G5eoqxWn70HYDm2uvUyGuVw= +github.com/golangci/revgrep v0.8.0 h1:EZBctwbVd0aMeRnNUsFogoyayvKHyxlV3CdUA46FX2s= +github.com/golangci/revgrep v0.8.0/go.mod h1:U4R/s9dlXZsg8uJmaR1GrloUr14D7qDl8gi2iPXJH8k= +github.com/golangci/swaggoswag v0.0.0-20250504205917-77f2aca3143e h1:ai0EfmVYE2bRA5htgAG9r7s3tHsfjIhN98WshBTJ9jM= +github.com/golangci/swaggoswag v0.0.0-20250504205917-77f2aca3143e/go.mod h1:Vrn4B5oR9qRwM+f54koyeH3yzphlecwERs0el27Fr/s= +github.com/golangci/unconvert v0.0.0-20250410112200-a129a6e6413e h1:gD6P7NEo7Eqtt0ssnqSJNNndxe69DOQ24A5h7+i3KpM= +github.com/golangci/unconvert v0.0.0-20250410112200-a129a6e6413e/go.mod h1:h+wZwLjUTJnm/P2rwlbJdRPZXOzaT36/FwnPnY2inzc= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 h1:EEHtgt9IwisQ2AZ4pIsMjahcegHh6rmhqxzIRQIyepY= +github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/gordonklaus/ineffassign v0.2.0 h1:Uths4KnmwxNJNzq87fwQQDDnbNb7De00VOk9Nu0TySs= +github.com/gordonklaus/ineffassign v0.2.0/go.mod h1:TIpymnagPSexySzs7F9FnO1XFTy8IT3a59vmZp5Y9Lw= +github.com/gostaticanalysis/analysisutil v0.7.1 h1:ZMCjoue3DtDWQ5WyU16YbjbQEQ3VuzwxALrpYd+HeKk= +github.com/gostaticanalysis/analysisutil v0.7.1/go.mod h1:v21E3hY37WKMGSnbsw2S/ojApNWb6C1//mXO48CXbVc= +github.com/gostaticanalysis/comment v1.4.2/go.mod h1:KLUTGDv6HOCotCH8h2erHKmpci2ZoR8VPu34YA2uzdM= +github.com/gostaticanalysis/comment v1.5.0 h1:X82FLl+TswsUMpMh17srGRuKaaXprTaytmEpgnKIDu8= +github.com/gostaticanalysis/comment v1.5.0/go.mod h1:V6eb3gpCv9GNVqb6amXzEUX3jXLVK/AdA+IrAMSqvEc= +github.com/gostaticanalysis/forcetypeassert v0.2.0 h1:uSnWrrUEYDr86OCxWa4/Tp2jeYDlogZiZHzGkWFefTk= +github.com/gostaticanalysis/forcetypeassert v0.2.0/go.mod h1:M5iPavzE9pPqWyeiVXSFghQjljW1+l/Uke3PXHS6ILY= +github.com/gostaticanalysis/nilerr v0.1.2 h1:S6nk8a9N8g062nsx63kUkF6AzbHGw7zzyHMcpu52xQU= +github.com/gostaticanalysis/nilerr v0.1.2/go.mod h1:A19UHhoY3y8ahoL7YKz6sdjDtduwTSI4CsymaC2htPA= +github.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod h1:D+FIZ+7OahH3ePw/izIEeH5I06eKs1IKI4Xr64/Am3M= +github.com/gostaticanalysis/testutil v0.5.0 h1:Dq4wT1DdTwTGCQQv3rl3IvD5Ld0E6HiY+3Zh0sUGqw8= +github.com/gostaticanalysis/testutil v0.5.0/go.mod h1:OLQSbuM6zw2EvCcXTz1lVq5unyoNft372msDY0nY5Hs= +github.com/hashicorp/go-immutable-radix/v2 v2.1.0 h1:CUW5RYIcysz+D3B+l1mDeXrQ7fUvGGCwJfdASSzbrfo= +github.com/hashicorp/go-immutable-radix/v2 v2.1.0/go.mod h1:hgdqLXA4f6NIjRVisM1TJ9aOJVNRqKZj+xDGF6m7PBw= +github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.8.0 h1:KAkNb1HAiZd1ukkxDFGmokVZe1Xy9HG6NUp+bPle2i4= +github.com/hashicorp/go-version v1.8.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= +github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= +github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jgautheron/goconst v1.8.2 h1:y0XF7X8CikZ93fSNT6WBTb/NElBu9IjaY7CCYQrCMX4= +github.com/jgautheron/goconst v1.8.2/go.mod h1:A0oxgBCHy55NQn6sYpO7UdnA9p+h7cPtoOZUmvNIako= +github.com/jingyugao/rowserrcheck v1.1.1 h1:zibz55j/MJtLsjP1OF4bSdgXxwL1b+Vn7Tjzq7gFzUs= +github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c= +github.com/jjti/go-spancheck v0.6.5 h1:lmi7pKxa37oKYIMScialXUK6hP3iY5F1gu+mLBPgYB8= +github.com/jjti/go-spancheck v0.6.5/go.mod h1:aEogkeatBrbYsyW6y5TgDfihCulDYciL1B7rG2vSsrU= +github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/julz/importas v0.2.0 h1:y+MJN/UdL63QbFJHws9BVC5RpA2iq0kpjrFajTGivjQ= +github.com/julz/importas v0.2.0/go.mod h1:pThlt589EnCYtMnmhmRYY/qn9lCf/frPOK+WMx3xiJY= +github.com/karamaru-alpha/copyloopvar v1.2.2 h1:yfNQvP9YaGQR7VaWLYcfZUlRP2eo2vhExWKxD/fP6q0= +github.com/karamaru-alpha/copyloopvar v1.2.2/go.mod h1:oY4rGZqZ879JkJMtX3RRkcXRkmUvH0x35ykgaKgsgJY= +github.com/kisielk/errcheck v1.9.0 h1:9xt1zI9EBfcYBvdU1nVrzMzzUPUtPKs9bVSIM3TAb3M= +github.com/kisielk/errcheck v1.9.0/go.mod h1:kQxWMMVZgIkDq7U8xtG/n2juOjbLgZtedi0D+/VL/i8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kkHAIKE/contextcheck v1.1.6 h1:7HIyRcnyzxL9Lz06NGhiKvenXq7Zw6Q0UQu/ttjfJCE= +github.com/kkHAIKE/contextcheck v1.1.6/go.mod h1:3dDbMRNBFaq8HFXWC1JyvDSPm43CmE6IuHam8Wr0rkg= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/pb33f/jsonpath v0.1.2 h1:PlqXjEyecMqoYJupLxYeClCGWEpAFnh4pmzgspbXDPI= -github.com/pb33f/jsonpath v0.1.2/go.mod h1:TtKnUnfqZm48q7a56DxB3WtL3ipkVtukMKGKxaR/uXU= -github.com/pb33f/libopenapi v0.28.1 h1:vqE1Q08F6ohABsyKcK8kX7HYkR/+sILXGwCgFzF+aOg= -github.com/pb33f/libopenapi v0.28.1/go.mod h1:mHMHA3ZKSZDTInNAuUtqkHlKLIjPm2HN1vgsGR57afc= +github.com/kulti/thelper v0.7.1 h1:fI8QITAoFVLx+y+vSyuLBP+rcVIB8jKooNSCT2EiI98= +github.com/kulti/thelper v0.7.1/go.mod h1:NsMjfQEy6sd+9Kfw8kCP61W1I0nerGSYSFnGaxQkcbs= +github.com/kunwardeep/paralleltest v1.0.15 h1:ZMk4Qt306tHIgKISHWFJAO1IDQJLc6uDyJMLyncOb6w= +github.com/kunwardeep/paralleltest v1.0.15/go.mod h1:di4moFqtfz3ToSKxhNjhOZL+696QtJGCFe132CbBLGk= +github.com/lasiar/canonicalheader v1.1.2 h1:vZ5uqwvDbyJCnMhmFYimgMZnJMjwljN5VGY0VKbMXb4= +github.com/lasiar/canonicalheader v1.1.2/go.mod h1:qJCeLFS0G/QlLQ506T+Fk/fWMa2VmBUiEI2cuMK4djI= +github.com/ldez/exptostd v0.4.5 h1:kv2ZGUVI6VwRfp/+bcQ6Nbx0ghFWcGIKInkG/oFn1aQ= +github.com/ldez/exptostd v0.4.5/go.mod h1:QRjHRMXJrCTIm9WxVNH6VW7oN7KrGSht69bIRwvdFsM= +github.com/ldez/gomoddirectives v0.8.0 h1:JqIuTtgvFC2RdH1s357vrE23WJF2cpDCPFgA/TWDGpk= +github.com/ldez/gomoddirectives v0.8.0/go.mod h1:jutzamvZR4XYJLr0d5Honycp4Gy6GEg2mS9+2YX3F1Q= +github.com/ldez/grignotin v0.10.1 h1:keYi9rYsgbvqAZGI1liek5c+jv9UUjbvdj3Tbn5fn4o= +github.com/ldez/grignotin v0.10.1/go.mod h1:UlDbXFCARrXbWGNGP3S5vsysNXAPhnSuBufpTEbwOas= +github.com/ldez/structtags v0.6.1 h1:bUooFLbXx41tW8SvkfwfFkkjPYvFFs59AAMgVg6DUBk= +github.com/ldez/structtags v0.6.1/go.mod h1:YDxVSgDy/MON6ariaxLF2X09bh19qL7MtGBN5MrvbdY= +github.com/ldez/tagliatelle v0.7.2 h1:KuOlL70/fu9paxuxbeqlicJnCspCRjH0x8FW+NfgYUk= +github.com/ldez/tagliatelle v0.7.2/go.mod h1:PtGgm163ZplJfZMZ2sf5nhUT170rSuPgBimoyYtdaSI= +github.com/ldez/usetesting v0.5.0 h1:3/QtzZObBKLy1F4F8jLuKJiKBjjVFi1IavpoWbmqLwc= +github.com/ldez/usetesting v0.5.0/go.mod h1:Spnb4Qppf8JTuRgblLrEWb7IE6rDmUpGvxY3iRrzvDQ= +github.com/leonklingele/grouper v1.1.2 h1:o1ARBDLOmmasUaNDesWqWCIFH3u7hoFlM84YrjT3mIY= +github.com/leonklingele/grouper v1.1.2/go.mod h1:6D0M/HVkhs2yRKRFZUoGjeDy7EZTfFBE9gl4kjmIGkA= +github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= +github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= +github.com/macabu/inamedparam v0.2.0 h1:VyPYpOc10nkhI2qeNUdh3Zket4fcZjEWe35poddBCpE= +github.com/macabu/inamedparam v0.2.0/go.mod h1:+Pee9/YfGe5LJ62pYXqB89lJ+0k5bsR8Wgz/C0Zlq3U= +github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo= +github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= +github.com/manuelarte/embeddedstructfieldcheck v0.4.0 h1:3mAIyaGRtjK6EO9E73JlXLtiy7ha80b2ZVGyacxgfww= +github.com/manuelarte/embeddedstructfieldcheck v0.4.0/go.mod h1:z8dFSyXqp+fC6NLDSljRJeNQJJDWnY7RoWFzV3PC6UM= +github.com/manuelarte/funcorder v0.5.0 h1:llMuHXXbg7tD0i/LNw8vGnkDTHFpTnWqKPI85Rknc+8= +github.com/manuelarte/funcorder v0.5.0/go.mod h1:Yt3CiUQthSBMBxjShjdXMexmzpP8YGvGLjrxJNkO2hA= +github.com/maratori/testableexamples v1.0.1 h1:HfOQXs+XgfeRBJ+Wz0XfH+FHnoY9TVqL6Fcevpzy4q8= +github.com/maratori/testableexamples v1.0.1/go.mod h1:XE2F/nQs7B9N08JgyRmdGjYVGqxWwClLPCGSQhXQSrQ= +github.com/maratori/testpackage v1.1.2 h1:ffDSh+AgqluCLMXhM19f/cpvQAKygKAJXFl9aUjmbqs= +github.com/maratori/testpackage v1.1.2/go.mod h1:8F24GdVDFW5Ew43Et02jamrVMNXLUNaOynhDssITGfc= +github.com/matoous/godox v1.1.0 h1:W5mqwbyWrwZv6OQ5Z1a/DHGMOvXYCBP3+Ht7KMoJhq4= +github.com/matoous/godox v1.1.0/go.mod h1:jgE/3fUXiTurkdHOLT5WEkThTSuE7yxHv5iWPa80afs= +github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= +github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= +github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= +github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/mgechev/revive v1.13.0 h1:yFbEVliCVKRXY8UgwEO7EOYNopvjb1BFbmYqm9hZjBM= +github.com/mgechev/revive v1.13.0/go.mod h1:efJfeBVCX2JUumNQ7dtOLDja+QKj9mYGgEZA7rt5u+0= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/moricho/tparallel v0.3.2 h1:odr8aZVFA3NZrNybggMkYO3rgPRcqjeQUlBBFVxKHTI= +github.com/moricho/tparallel v0.3.2/go.mod h1:OQ+K3b4Ln3l2TZveGCywybl68glfLEwFGqvnjok8b+U= +github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc= +github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/nakabonne/nestif v0.3.1 h1:wm28nZjhQY5HyYPx+weN3Q65k6ilSBxDb8v5S81B81U= +github.com/nakabonne/nestif v0.3.1/go.mod h1:9EtoZochLn5iUprVDmDjqGKPofoUEBL8U4Ngq6aY7OE= +github.com/nishanths/exhaustive v0.12.0 h1:vIY9sALmw6T/yxiASewa4TQcFsVYZQQRUQJhKRf3Swg= +github.com/nishanths/exhaustive v0.12.0/go.mod h1:mEZ95wPIZW+x8kC4TgC+9YCUgiST7ecevsVDTgc2obs= +github.com/nishanths/predeclared v0.2.2 h1:V2EPdZPliZymNAn79T8RkNApBjMmVKh5XRpLm/w98Vk= +github.com/nishanths/predeclared v0.2.2/go.mod h1:RROzoN6TnGQupbC+lqggsOlcgysk3LMK/HI84Mp280c= +github.com/nunnatsa/ginkgolinter v0.21.2 h1:khzWfm2/Br8ZemX8QM1pl72LwM+rMeW6VUbQ4rzh0Po= +github.com/nunnatsa/ginkgolinter v0.21.2/go.mod h1:GItSI5fw7mCGLPmkvGYrr1kEetZe7B593jcyOpyabsY= +github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= +github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= +github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= +github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= +github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU= +github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w= +github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= +github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= +github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= +github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= +github.com/pb33f/jsonpath v0.8.1 h1:84C6QRyx6HcSm6PZnsMpcqYot3IsZ+m0n95+0NbBbvs= +github.com/pb33f/jsonpath v0.8.1/go.mod h1:zBV5LJW4OQOPatmQE2QdKpGQJvhDTlE5IEj6ASaRNTo= +github.com/pb33f/libopenapi v0.33.11 h1:ro0FgEvkpdw1zq7T2kXRHh0efrdX27FQ8McT6E0RsYo= +github.com/pb33f/libopenapi v0.33.11/go.mod h1:YOP20KzYe3mhE5301aQzJtzQ9MnvhABBGO7RMttA4V4= github.com/pb33f/ordered-map/v2 v2.3.0 h1:k2OhVEQkhTCQMhAicQ3Z6iInzoZNQ7L9MVomwKBZ5WQ= github.com/pb33f/ordered-map/v2 v2.3.0/go.mod h1:oe5ue+6ZNhy7QN9cPZvPA23Hx0vMHnNVeMg4fGdCANw= +github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= +github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= +github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4= +github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= +github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= +github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk= +github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= +github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= +github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4= +github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= +github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/quasilyte/go-ruleguard v0.4.5 h1:AGY0tiOT5hJX9BTdx/xBdoCubQUAE2grkqY2lSwvZcA= +github.com/quasilyte/go-ruleguard v0.4.5/go.mod h1:Vl05zJ538vcEEwu16V/Hdu7IYZWyKSwIy4c88Ro1kRE= +github.com/quasilyte/go-ruleguard/dsl v0.3.23 h1:lxjt5B6ZCiBeeNO8/oQsegE6fLeCzuMRoVWSkXC4uvY= +github.com/quasilyte/go-ruleguard/dsl v0.3.23/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU= +github.com/quasilyte/gogrep v0.5.0 h1:eTKODPXbI8ffJMN+W2aE0+oL0z/nh8/5eNdiO34SOAo= +github.com/quasilyte/gogrep v0.5.0/go.mod h1:Cm9lpz9NZjEoL1tgZ2OgeUKPIxL1meE7eo60Z6Sk+Ng= +github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 h1:TCg2WBOl980XxGFEZSS6KlBGIV0diGdySzxATTWoqaU= +github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0= +github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 h1:M8mH9eK4OUR4lu7Gd+PU1fV2/qnDNfzT635KRSObncs= +github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567/go.mod h1:DWNGW8A4Y+GyBgPuaQJuWiy0XYftx4Xm/y5Jqk9I6VQ= +github.com/raeperd/recvcheck v0.2.0 h1:GnU+NsbiCqdC2XX5+vMZzP+jAJC5fht7rcVTAhX74UI= +github.com/raeperd/recvcheck v0.2.0/go.mod h1:n04eYkwIR0JbgD73wT8wL4JjPC3wm0nFtzBnWNocnYU= +github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= +github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ryancurrah/gomodguard v1.4.1 h1:eWC8eUMNZ/wM/PWuZBv7JxxqT5fiIKSIyTvjb7Elr+g= +github.com/ryancurrah/gomodguard v1.4.1/go.mod h1:qnMJwV1hX9m+YJseXEBhd2s90+1Xn6x9dLz11ualI1I= +github.com/ryanrolds/sqlclosecheck v0.5.1 h1:dibWW826u0P8jNLsLN+En7+RqWWTYrjCB9fJfSfdyCU= +github.com/ryanrolds/sqlclosecheck v0.5.1/go.mod h1:2g3dUjoS6AL4huFdv6wn55WpLIDjY7ZgUR4J8HOO/XQ= +github.com/sanposhiho/wastedassign/v2 v2.1.0 h1:crurBF7fJKIORrV85u9UUpePDYGWnwvv3+A96WvwXT0= +github.com/sanposhiho/wastedassign/v2 v2.1.0/go.mod h1:+oSmSC+9bQ+VUAxA66nBb0Z7N8CK7mscKTDYC6aIek4= github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ= github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= +github.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tMEOsumirXcOJqAw= +github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ= +github.com/sashamelentyev/usestdlibvars v1.29.0 h1:8J0MoRrw4/NAXtjQqTHrbW9NN+3iMf7Knkq057v4XOQ= +github.com/sashamelentyev/usestdlibvars v1.29.0/go.mod h1:8PpnjHMk5VdeWlVb4wCdrB8PNbLqZ3wBZTZWkrpZZL8= +github.com/securego/gosec/v2 v2.22.11 h1:tW+weM/hCM/GX3iaCV91d5I6hqaRT2TPsFM1+USPXwg= +github.com/securego/gosec/v2 v2.22.11/go.mod h1:KE4MW/eH0GLWztkbt4/7XpyH0zJBBnu7sYB4l6Wn7Mw= +github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= +github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= +github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sivchari/containedctx v1.0.3 h1:x+etemjbsh2fB5ewm5FeLNi5bUjK0V8n0RB+Wwfd0XE= +github.com/sivchari/containedctx v1.0.3/go.mod h1:c1RDvCbnJLtH4lLcYD/GqwiBSSf4F5Qk0xld2rBqzJ4= +github.com/sonatard/noctx v0.4.0 h1:7MC/5Gg4SQ4lhLYR6mvOP6mQVSxCrdyiExo7atBs27o= +github.com/sonatard/noctx v0.4.0/go.mod h1:64XdbzFb18XL4LporKXp8poqZtPKbCrqQ402CV+kJas= +github.com/sourcegraph/go-diff v0.7.0 h1:9uLlrd5T46OXs5qpp8L/MTltk0zikUGi0sNNyCpA8G0= +github.com/sourcegraph/go-diff v0.7.0/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs= +github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I= +github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg= +github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= +github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= +github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= +github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= +github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ= +github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI= +github.com/ssgreg/nlreturn/v2 v2.2.1 h1:X4XDI7jstt3ySqGU86YGAURbxw3oTDPK9sPEi6YEwQ0= +github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I= +github.com/stbenjam/no-sprintf-host-port v0.3.1 h1:AyX7+dxI4IdLBPtDbsGAyqiTSLpCP9hWRrXQDU4Cm/g= +github.com/stbenjam/no-sprintf-host-port v0.3.1/go.mod h1:ODbZesTCHMVKthBHskvUUexdcNHAQRXk9NpSsL8p/HQ= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -go.yaml.in/yaml/v4 v4.0.0-rc.2 h1:/FrI8D64VSr4HtGIlUtlFMGsm7H7pWTbj6vOLVZcA6s= -go.yaml.in/yaml/v4 v4.0.0-rc.2/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0= -golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= -golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= +github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs= +github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= +github.com/tenntenn/modver v1.0.1 h1:2klLppGhDgzJrScMpkj9Ujy3rXPUspSjAcev9tSEBgA= +github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0= +github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3 h1:f+jULpRQGxTSkNYKJ51yaw6ChIqO+Je8UqsTKN/cDag= +github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3/go.mod h1:ON8b8w4BN/kE1EOhwT0o+d62W65a6aPw1nouo9LMgyY= +github.com/tetafro/godot v1.5.4 h1:u1ww+gqpRLiIA16yF2PV1CV1n/X3zhyezbNXC3E14Sg= +github.com/tetafro/godot v1.5.4/go.mod h1:eOkMrVQurDui411nBY2FA05EYH01r14LuWY/NrVDVcU= +github.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67 h1:9LPGD+jzxMlnk5r6+hJnar67cgpDIz/iyD+rfl5r2Vk= +github.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67/go.mod h1:mkjARE7Yr8qU23YcGMSALbIxTQ9r9QBVahQOBRfU460= +github.com/timonwong/loggercheck v0.11.0 h1:jdaMpYBl+Uq9mWPXv1r8jc5fC3gyXx4/WGwTnnNKn4M= +github.com/timonwong/loggercheck v0.11.0/go.mod h1:HEAWU8djynujaAVX7QI65Myb8qgfcZ1uKbdpg3ZzKl8= +github.com/tomarrell/wrapcheck/v2 v2.12.0 h1:H/qQ1aNWz/eeIhxKAFvkfIA+N7YDvq6TWVFL27Of9is= +github.com/tomarrell/wrapcheck/v2 v2.12.0/go.mod h1:AQhQuZd0p7b6rfW+vUwHm5OMCGgp63moQ9Qr/0BpIWo= +github.com/tommy-muehle/go-mnd/v2 v2.5.1 h1:NowYhSdyE/1zwK9QCLeRb6USWdoif80Ie+v+yU8u1Zw= +github.com/tommy-muehle/go-mnd/v2 v2.5.1/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw= +github.com/ultraware/funlen v0.2.0 h1:gCHmCn+d2/1SemTdYMiKLAHFYxTYz7z9VIDRaTGyLkI= +github.com/ultraware/funlen v0.2.0/go.mod h1:ZE0q4TsJ8T1SQcjmkhN/w+MceuatI6pBFSxxyteHIJA= +github.com/ultraware/whitespace v0.2.0 h1:TYowo2m9Nfj1baEQBjuHzvMRbp19i+RCcRYrSWoFa+g= +github.com/ultraware/whitespace v0.2.0/go.mod h1:XcP1RLD81eV4BW8UhQlpaR+SDc2givTvyI8a586WjW8= +github.com/uudashr/gocognit v1.2.0 h1:3BU9aMr1xbhPlvJLSydKwdLN3tEUUrzPSSM8S4hDYRA= +github.com/uudashr/gocognit v1.2.0/go.mod h1:k/DdKPI6XBZO1q7HgoV2juESI2/Ofj9AcHPZhBBdrTU= +github.com/uudashr/iface v1.4.1 h1:J16Xl1wyNX9ofhpHmQ9h9gk5rnv2A6lX/2+APLTo0zU= +github.com/uudashr/iface v1.4.1/go.mod h1:pbeBPlbuU2qkNDn0mmfrxP2X+wjPMIQAy+r1MBXSXtg= +github.com/xen0n/gosmopolitan v1.3.0 h1:zAZI1zefvo7gcpbCOrPSHJZJYA9ZgLfJqtKzZ5pHqQM= +github.com/xen0n/gosmopolitan v1.3.0/go.mod h1:rckfr5T6o4lBtM1ga7mLGKZmLxswUoH1zxHgNXOsEt4= +github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= +github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= +github.com/yagipy/maintidx v1.0.0 h1:h5NvIsCz+nRDapQ0exNv4aJ0yXSI0420omVANTv3GJM= +github.com/yagipy/maintidx v1.0.0/go.mod h1:0qNf/I/CCZXSMhsRsrEPDZ+DkekpKLXAJfsTACwgXLk= +github.com/yeya24/promlinter v0.3.0 h1:JVDbMp08lVCP7Y6NP3qHroGAO6z2yGKQtS5JsjqtoFs= +github.com/yeya24/promlinter v0.3.0/go.mod h1:cDfJQQYv9uYciW60QT0eeHlFodotkYZlL+YcPQN+mW4= +github.com/ykadowak/zerologlint v0.1.5 h1:Gy/fMz1dFQN9JZTPjv1hxEk+sRWm05row04Yoolgdiw= +github.com/ykadowak/zerologlint v0.1.5/go.mod h1:KaUskqF3e/v59oPmdq1U1DnKcuHokl2/K1U4pmIELKg= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +gitlab.com/bosi/decorder v0.4.2 h1:qbQaV3zgwnBZ4zPMhGLW4KZe7A7NwxEhJx39R3shffo= +gitlab.com/bosi/decorder v0.4.2/go.mod h1:muuhHoaJkA9QLcYHq4Mj8FJUwDZ+EirSHRiaTcTf6T8= +go-simpler.org/assert v0.9.0 h1:PfpmcSvL7yAnWyChSjOz6Sp6m9j5lyK8Ok9pEL31YkQ= +go-simpler.org/assert v0.9.0/go.mod h1:74Eqh5eI6vCK6Y5l3PI8ZYFXG4Sa+tkr70OIPJAUr28= +go-simpler.org/musttag v0.14.0 h1:XGySZATqQYSEV3/YTy+iX+aofbZZllJaqwFWs+RTtSo= +go-simpler.org/musttag v0.14.0/go.mod h1:uP8EymctQjJ4Z1kUnjX0u2l60WfUdQxCwSNKzE1JEOE= +go-simpler.org/sloglint v0.11.1 h1:xRbPepLT/MHPTCA6TS/wNfZrDzkGvCCqUv4Bdwc3H7s= +go-simpler.org/sloglint v0.11.1/go.mod h1:2PowwiCOK8mjiF+0KGifVOT8ZsCNiFzvfyJeJOIt8MQ= +go.augendre.info/arangolint v0.3.1 h1:n2E6p8f+zfXSFLa2e2WqFPp4bfvcuRdd50y6cT65pSo= +go.augendre.info/arangolint v0.3.1/go.mod h1:6ZKzEzIZuBQwoSvlKT+qpUfIbBfFCE5gbAoTg0/117g= +go.augendre.info/fatcontext v0.9.0 h1:Gt5jGD4Zcj8CDMVzjOJITlSb9cEch54hjRRlN3qDojE= +go.augendre.info/fatcontext v0.9.0/go.mod h1:L94brOAT1OOUNue6ph/2HnwxoNlds9aXDF2FcUntbNw= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= +go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ= +go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= +go.yaml.in/yaml/v4 v4.0.0-rc.4 h1:UP4+v6fFrBIb1l934bDl//mmnoIZEDK0idg1+AIvX5U= +go.yaml.in/yaml/v4 v4.0.0-rc.4/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= +golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= +golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= +golang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= +golang.org/x/exp/typeparams v0.0.0-20251023183803-a4bb9ffd2546 h1:HDjDiATsGqvuqvkDvgJjD1IgPrVekcSXVVE21JwvzGE= +golang.org/x/exp/typeparams v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:4Mzdyp/6jzw9auFDJ3OMF5qksa7UvPnzKqTVGcb04ms= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c= +golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= +golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211105183446-c75c47738b0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= +golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= +golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200329025819-fd4102a86c65/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200724022722-7017fd6b1305/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.1.1-0.20210205202024-ef80cdb6ec6d/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU= +golang.org/x/tools v0.1.1-0.20210302220138-2ac05c832e1a/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU= +golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= +golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= +golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= +golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= +golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= +golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= +golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= +google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= +google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= +google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= +google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= +gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.6.1 h1:R094WgE8K4JirYjBaOpz/AvTyUu/3wbmAoskKN/pxTI= +honnef.co/go/tools v0.6.1/go.mod h1:3puzxxljPCe8RGJX7BIy1plGbxEOZni5mR2aXe3/uk4= +mvdan.cc/gofumpt v0.9.2 h1:zsEMWL8SVKGHNztrx6uZrXdp7AX8r421Vvp23sz7ik4= +mvdan.cc/gofumpt v0.9.2/go.mod h1:iB7Hn+ai8lPvofHd9ZFGVg2GOr8sBUw1QUWjNbmIL/s= +mvdan.cc/unparam v0.0.0-20251027182757-5beb8c8f8f15 h1:ssMzja7PDPJV8FStj7hq9IKiuiKhgz9ErWw+m68e7DI= +mvdan.cc/unparam v0.0.0-20251027182757-5beb8c8f8f15/go.mod h1:4M5MMXl2kW6fivUT6yRGpLLPNfuGtU2Z0cPvFquGDYU= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/helpers/constants.go b/helpers/constants.go index 91c623f3..f1e1f3b6 100644 --- a/helpers/constants.go +++ b/helpers/constants.go @@ -11,42 +11,55 @@ const ( ParameterValidationCookie = "cookie" RequestValidation = "request" RequestBodyValidation = "requestBody" + XmlValidation = "xmlValidation" + XmlValidationPrefix = "prefix" + XmlValidationNamespace = "namespace" + URLEncodedValidation = "urlEncodedValidation" + InvalidTypeEncoding = "invalidTypeEncoding" + ReservedValues = "reservedValues" Schema = "schema" ResponseBodyValidation = "response" RequestBodyContentType = "contentType" - RequestMissingOperation = "missingOperation" - ResponseBodyResponseCode = "statusCode" - SpaceDelimited = "spaceDelimited" - PipeDelimited = "pipeDelimited" - DefaultDelimited = "default" - MatrixStyle = "matrix" - LabelStyle = "label" - Pipe = "|" - Comma = "," - Space = " " - SemiColon = ";" - Asterisk = "*" - Period = "." - Equals = "=" - Integer = "integer" - Number = "number" - Slash = "/" - Object = "object" - String = "string" - Array = "array" - Boolean = "boolean" - DeepObject = "deepObject" - Header = "header" - Cookie = "cookie" - Path = "path" - Form = "form" - Query = "query" - JSONContentType = "application/json" - JSONType = "json" - ContentTypeHeader = "Content-Type" - AuthorizationHeader = "Authorization" - Charset = "charset" - Boundary = "boundary" - Preferred = "preferred" - FailSegment = "**&&FAIL&&**" + // Deprecated: use ValidationMissingOperation + RequestMissingOperation = "missingOperation" + PathValidation = "path" + ValidationMissing = "missing" + ValidationMissingOperation = "missingOperation" + ResponseBodyResponseCode = "statusCode" + SecurityValidation = "security" + DocumentValidation = "document" + SpaceDelimited = "spaceDelimited" + PipeDelimited = "pipeDelimited" + DefaultDelimited = "default" + MatrixStyle = "matrix" + LabelStyle = "label" + Pipe = "|" + Comma = "," + Space = " " + SemiColon = ";" + Asterisk = "*" + Period = "." + Equals = "=" + Integer = "integer" + Number = "number" + Slash = "/" + Object = "object" + String = "string" + Array = "array" + Boolean = "boolean" + DeepObject = "deepObject" + Header = "header" + Cookie = "cookie" + Path = "path" + Form = "form" + Query = "query" + JSONContentType = "application/json" + URLEncodedContentType = "application/x-www-form-urlencoded" + JSONType = "json" + ContentTypeHeader = "Content-Type" + AuthorizationHeader = "Authorization" + Charset = "charset" + Boundary = "boundary" + Preferred = "preferred" + FailSegment = "**&&FAIL&&**" ) diff --git a/helpers/json_pointer.go b/helpers/json_pointer.go index 3ec390cc..e7cda0e7 100644 --- a/helpers/json_pointer.go +++ b/helpers/json_pointer.go @@ -1,4 +1,4 @@ -// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// Copyright 2026 Princess B33f Heavy Industries / Dave Shanley // SPDX-License-Identifier: MIT package helpers @@ -6,20 +6,21 @@ package helpers import ( "fmt" "strings" + + "github.com/go-openapi/jsonpointer" ) // EscapeJSONPointerSegment escapes a single segment for use in a JSON Pointer (RFC 6901). // It replaces '~' with '~0' and '/' with '~1'. func EscapeJSONPointerSegment(segment string) string { - escaped := strings.ReplaceAll(segment, "~", "~0") - escaped = strings.ReplaceAll(escaped, "/", "~1") - return escaped + return jsonpointer.Escape(segment) } // ConstructParameterJSONPointer constructs a full JSON Pointer path for a parameter // in the OpenAPI specification. // Format: /paths/{path}/{method}/parameters/{paramName}/schema/{keyword} // The path segment is automatically escaped according to RFC 6901. +// The keyword can be a simple keyword like "type" or a nested path like "items/type". func ConstructParameterJSONPointer(pathTemplate, method, paramName, keyword string) string { escapedPath := EscapeJSONPointerSegment(pathTemplate) escapedPath = strings.TrimPrefix(escapedPath, "~1") // Remove leading slash encoding @@ -37,4 +38,3 @@ func ConstructResponseHeaderJSONPointer(pathTemplate, method, statusCode, header method = strings.ToLower(method) return fmt.Sprintf("/paths/%s/%s/responses/%s/headers/%s/%s", escapedPath, method, statusCode, headerName, keyword) } - diff --git a/helpers/json_pointer_test.go b/helpers/json_pointer_test.go index f96eb8ad..5e08b2d3 100644 --- a/helpers/json_pointer_test.go +++ b/helpers/json_pointer_test.go @@ -147,4 +147,3 @@ func TestConstructResponseHeaderJSONPointer(t *testing.T) { }) } } - diff --git a/helpers/operation_utilities.go b/helpers/operation_utilities.go index a4ceadd6..b66030a5 100644 --- a/helpers/operation_utilities.go +++ b/helpers/operation_utilities.go @@ -25,7 +25,10 @@ func ExtractOperation(request *http.Request, item *v3.PathItem) *v3.Operation { case http.MethodOptions: return item.Options case http.MethodHead: - return item.Head + if item.Head != nil { + return item.Head + } + return item.Get case http.MethodPatch: return item.Patch case http.MethodTrace: diff --git a/helpers/operation_utilities_test.go b/helpers/operation_utilities_test.go index 9d1f01fe..c6433ad0 100644 --- a/helpers/operation_utilities_test.go +++ b/helpers/operation_utilities_test.go @@ -112,3 +112,26 @@ func TestExtractContentType(t *testing.T) { require.Empty(t, charset) require.Empty(t, boundary) } + +func TestExtractOperationHeadFallback(t *testing.T) { + pathItem := &v3.PathItem{ + Get: &v3.Operation{Summary: "GET operation"}, + Head: nil, + } + + req, _ := http.NewRequest(http.MethodHead, "/", nil) + operation := ExtractOperation(req, pathItem) + require.NotNil(t, operation) + require.Equal(t, "GET operation", operation.Summary) +} + +func TestExtractOperationHeadFallbackNoGet(t *testing.T) { + pathItem := &v3.PathItem{ + Head: nil, + Get: nil, + } + + req, _ := http.NewRequest(http.MethodHead, "/", nil) + operation := ExtractOperation(req, pathItem) + require.Nil(t, operation) +} diff --git a/helpers/parameter_utilities.go b/helpers/parameter_utilities.go index ca07c2bf..69d29158 100644 --- a/helpers/parameter_utilities.go +++ b/helpers/parameter_utilities.go @@ -105,6 +105,59 @@ func ExtractSecurityForOperation(request *http.Request, item *v3.PathItem) []*ba return schemes } +// ExtractSecurityHeaderNames extracts header names from applicable security schemes. +// Returns header names from apiKey schemes with in:"header", plus "Authorization" +// for http/oauth2/openIdConnect schemes. +// +// This function is used by strict mode validation to recognize security headers +// as "declared" headers that should not trigger undeclared header errors. +func ExtractSecurityHeaderNames( + security []*base.SecurityRequirement, + securitySchemes map[string]*v3.SecurityScheme, +) []string { + if security == nil || securitySchemes == nil { + return nil + } + + seen := make(map[string]bool) + var headers []string + + for _, sec := range security { + if sec == nil || sec.ContainsEmptyRequirement { + continue // No security required for this option + } + + if sec.Requirements == nil { + continue + } + + for pair := sec.Requirements.First(); pair != nil; pair = pair.Next() { + schemeName := pair.Key() + scheme, ok := securitySchemes[schemeName] + if !ok || scheme == nil { + continue + } + + var headerName string + switch strings.ToLower(scheme.Type) { + case "apikey": + if strings.ToLower(scheme.In) == Header { + headerName = scheme.Name + } + case "http", "oauth2", "openidconnect": + headerName = "Authorization" + } + + if headerName != "" && !seen[strings.ToLower(headerName)] { + seen[strings.ToLower(headerName)] = true + headers = append(headers, headerName) + } + } + } + + return headers +} + func cast(v string) any { if v == "true" || v == "false" { b, _ := strconv.ParseBool(v) diff --git a/helpers/parameter_utilities_test.go b/helpers/parameter_utilities_test.go index 9a39878a..ece384d2 100644 --- a/helpers/parameter_utilities_test.go +++ b/helpers/parameter_utilities_test.go @@ -8,6 +8,7 @@ import ( "testing" "github.com/pb33f/libopenapi/datamodel/high/base" + "github.com/pb33f/libopenapi/orderedmap" "github.com/stretchr/testify/require" v3 "github.com/pb33f/libopenapi/datamodel/high/v3" @@ -115,6 +116,345 @@ func TestExtractSecurityForOperation(t *testing.T) { } } +// Test ExtractSecurityHeaderNames with various security scheme types +func TestExtractSecurityHeaderNames(t *testing.T) { + t.Run("nil inputs", func(t *testing.T) { + require.Nil(t, ExtractSecurityHeaderNames(nil, nil)) + require.Nil(t, ExtractSecurityHeaderNames([]*base.SecurityRequirement{}, nil)) + require.Nil(t, ExtractSecurityHeaderNames(nil, map[string]*v3.SecurityScheme{})) + }) + + t.Run("apiKey with in:header", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "ApiKeyAuth": { + Type: "apiKey", + In: "header", + Name: "X-API-Key", + }, + } + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "ApiKeyAuth": {"read"}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Equal(t, []string{"X-API-Key"}, headers) + }) + + t.Run("apiKey with in:query should not add header", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "ApiKeyQuery": { + Type: "apiKey", + In: "query", + Name: "api_key", + }, + } + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "ApiKeyQuery": {}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Nil(t, headers) + }) + + t.Run("apiKey with in:cookie should not add header", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "ApiKeyCookie": { + Type: "apiKey", + In: "cookie", + Name: "session_id", + }, + } + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "ApiKeyCookie": {}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Nil(t, headers) + }) + + t.Run("http bearer scheme", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "BearerAuth": { + Type: "http", + Scheme: "bearer", + }, + } + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "BearerAuth": {}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Equal(t, []string{"Authorization"}, headers) + }) + + t.Run("http basic scheme", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "BasicAuth": { + Type: "http", + Scheme: "basic", + }, + } + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "BasicAuth": {}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Equal(t, []string{"Authorization"}, headers) + }) + + t.Run("oauth2 scheme", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "OAuth2": { + Type: "oauth2", + }, + } + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "OAuth2": {"read:users"}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Equal(t, []string{"Authorization"}, headers) + }) + + t.Run("openIdConnect scheme", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "OpenID": { + Type: "openIdConnect", + OpenIdConnectUrl: "https://example.com/.well-known/openid-configuration", + }, + } + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "OpenID": {}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Equal(t, []string{"Authorization"}, headers) + }) + + t.Run("empty security requirement (ContainsEmptyRequirement)", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "ApiKeyAuth": { + Type: "apiKey", + In: "header", + Name: "X-API-Key", + }, + } + security := []*base.SecurityRequirement{ + { + ContainsEmptyRequirement: true, + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Nil(t, headers) + }) + + t.Run("nil security requirement in slice", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "ApiKeyAuth": { + Type: "apiKey", + In: "header", + Name: "X-API-Key", + }, + } + security := []*base.SecurityRequirement{nil} + headers := ExtractSecurityHeaderNames(security, schemes) + require.Nil(t, headers) + }) + + t.Run("security requirement with nil Requirements map", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "ApiKeyAuth": { + Type: "apiKey", + In: "header", + Name: "X-API-Key", + }, + } + security := []*base.SecurityRequirement{ + { + Requirements: nil, + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Nil(t, headers) + }) + + t.Run("multiple security options OR - different headers", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "ApiKeyAuth": { + Type: "apiKey", + In: "header", + Name: "X-API-Key", + }, + "BearerAuth": { + Type: "http", + Scheme: "bearer", + }, + } + // OR logic: separate security requirements + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "ApiKeyAuth": {}, + }), + }, + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "BearerAuth": {}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Len(t, headers, 2) + require.Contains(t, headers, "X-API-Key") + require.Contains(t, headers, "Authorization") + }) + + t.Run("combined requirements AND - both headers", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "ApiKeyAuth": { + Type: "apiKey", + In: "header", + Name: "X-API-Key", + }, + "BearerAuth": { + Type: "http", + Scheme: "bearer", + }, + } + // AND logic: multiple schemes in one requirement + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "ApiKeyAuth": {}, + "BearerAuth": {}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Len(t, headers, 2) + require.Contains(t, headers, "X-API-Key") + require.Contains(t, headers, "Authorization") + }) + + t.Run("security scheme not found in schemes map", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "SomeOtherScheme": { + Type: "apiKey", + In: "header", + Name: "X-Other", + }, + } + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "NonExistent": {}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Nil(t, headers) + }) + + t.Run("nil scheme in schemes map", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "NilScheme": nil, + } + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "NilScheme": {}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Nil(t, headers) + }) + + t.Run("deduplication of Authorization header", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "BearerAuth": { + Type: "http", + Scheme: "bearer", + }, + "OAuth2": { + Type: "oauth2", + }, + } + // Both use Authorization header + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "BearerAuth": {}, + }), + }, + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "OAuth2": {"read"}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Equal(t, []string{"Authorization"}, headers) + }) + + t.Run("case insensitive type matching", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "ApiKeyAuth": { + Type: "APIKEY", // uppercase + In: "HEADER", // uppercase + Name: "X-API-Key", + }, + } + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "ApiKeyAuth": {}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Equal(t, []string{"X-API-Key"}, headers) + }) + + t.Run("unknown security type is ignored", func(t *testing.T) { + schemes := map[string]*v3.SecurityScheme{ + "Unknown": { + Type: "mutualTLS", // valid OpenAPI type but doesn't use headers + }, + } + security := []*base.SecurityRequirement{ + { + Requirements: orderedmap.ToOrderedMap(map[string][]string{ + "Unknown": {}, + }), + }, + } + headers := ExtractSecurityHeaderNames(security, schemes) + require.Nil(t, headers) + }) +} + func TestConstructParamMapFromDeepObjectEncoding(t *testing.T) { // Define mock values for testing values := []*QueryParam{ diff --git a/helpers/schema_compiler.go b/helpers/schema_compiler.go index 85c7be68..91e4ddaa 100644 --- a/helpers/schema_compiler.go +++ b/helpers/schema_compiler.go @@ -54,20 +54,22 @@ func NewCompiledSchema(name string, jsonSchema []byte, o *config.ValidationOptio // The version parameter determines which OpenAPI keywords are allowed: // - version 3.0: Allows OpenAPI 3.0 keywords like 'nullable' // - version 3.1+: Rejects OpenAPI 3.0 keywords like 'nullable' (strict JSON Schema compliance) -func NewCompiledSchemaWithVersion(name string, jsonSchema []byte, o *config.ValidationOptions, version float32) (*jsonschema.Schema, error) { - compiler := NewCompilerWithOptions(o) +func NewCompiledSchemaWithVersion(name string, jsonSchema []byte, options *config.ValidationOptions, version float32) (*jsonschema.Schema, error) { + compiler := NewCompilerWithOptions(options) compiler.UseLoader(NewCompilerLoader()) // register OpenAPI vocabulary with appropriate version and coercion settings - if o != nil && o.OpenAPIMode { + if options != nil && options.OpenAPIMode { var vocabVersion openapi_vocabulary.VersionType - if version >= 3.05 { // Use 3.05 to avoid floating point precision issues + if version >= 3.15 { // use 3.15 to avoid floating point precision issues (3.2+) + vocabVersion = openapi_vocabulary.Version32 + } else if version >= 3.05 { // use 3.05 to avoid floating point precision issues (3.1) vocabVersion = openapi_vocabulary.Version31 } else { vocabVersion = openapi_vocabulary.Version30 } - vocab := openapi_vocabulary.NewOpenAPIVocabularyWithCoercion(vocabVersion, o.AllowScalarCoercion) + vocab := openapi_vocabulary.NewOpenAPIVocabularyWithCoercion(vocabVersion, options.AllowScalarCoercion) compiler.RegisterVocabulary(vocab) compiler.AssertVocabs() @@ -75,7 +77,7 @@ func NewCompiledSchemaWithVersion(name string, jsonSchema []byte, o *config.Vali jsonSchema = transformOpenAPI30Schema(jsonSchema) } - if o.AllowScalarCoercion { + if options.AllowScalarCoercion { jsonSchema = transformSchemaForCoercion(jsonSchema) } } @@ -185,6 +187,46 @@ func transformNullableSchema(schema map[string]interface{}) map[string]interface } } } + allOf, hasAllOf := schema["allOf"] + if hasAllOf { + delete(schema, "allOf") + oneOfAdditions := []interface{}{ + map[string]interface{}{ + "allOf": allOf, + }, + map[string]interface{}{ + "type": "null", + }, + } + var oneOfSlice []interface{} + oneOf, hasOneOf := schema["oneOf"] + if hasOneOf { + oneOfSlice, _ = oneOf.([]interface{}) + } + oneOfSlice = append(oneOfSlice, oneOfAdditions...) + schema["oneOf"] = oneOfSlice + } + + // Handle enum values - add null if nullable but not already in enum + enum, hasEnum := schema["enum"] + if hasEnum { + if enumSlice, ok := enum.([]interface{}); ok { + // Check if null is already in enum + hasNull := false + for _, v := range enumSlice { + if v == nil { + hasNull = true + break + } + } + // Add null if not present + if !hasNull { + enumSlice = append(enumSlice, nil) + schema["enum"] = enumSlice + } + } + } + return schema } diff --git a/helpers/schema_compiler_test.go b/helpers/schema_compiler_test.go index c9f62627..da228a94 100644 --- a/helpers/schema_compiler_test.go +++ b/helpers/schema_compiler_test.go @@ -174,6 +174,38 @@ func TestNewCompiledSchemaWithVersion_OpenAPIMode_Version31(t *testing.T) { require.NotNil(t, jsch, "Should return compiled schema") } +func TestNewCompiledSchemaWithVersion_OpenAPIMode_Version32(t *testing.T) { + schemaJSON := `{ + "type": "string" + }` + + options := config.NewValidationOptions( + config.WithOpenAPIMode(), + ) + + // Test version 3.2 (>= 3.15) + jsch, err := NewCompiledSchemaWithVersion("test", []byte(schemaJSON), options, 3.2) + require.NoError(t, err, "Should compile OpenAPI 3.2 schema") + require.NotNil(t, jsch, "Should return compiled schema") +} + +func TestNewCompiledSchemaWithVersion_OpenAPIMode_Version32_NullableRejected(t *testing.T) { + schemaJSON := `{ + "type": "string", + "nullable": true + }` + + options := config.NewValidationOptions( + config.WithOpenAPIMode(), + ) + + // Test version 3.2 (>= 3.15) with nullable should fail (same as 3.1+) + jsch, err := NewCompiledSchemaWithVersion("test", []byte(schemaJSON), options, 3.2) + assert.Error(t, err, "Should fail for nullable in OpenAPI 3.2") + assert.Nil(t, jsch, "Should not return compiled schema") + assert.Contains(t, err.Error(), "The `nullable` keyword is not supported in OpenAPI 3.1+") +} + func TestNewCompiledSchemaWithVersion_OpenAPIMode_Version31_NullableRejected(t *testing.T) { schemaJSON := `{ "type": "string", @@ -424,6 +456,132 @@ func TestTransformNullableSchema_ArrayTypeWithNull(t *testing.T) { assert.False(t, hasNullable) } +func TestTransformNullableSchema_NullableAllOf(t *testing.T) { + schema := map[string]interface{}{ + "type": []interface{}{"object"}, + "allOf": []interface{}{ + map[string]interface{}{ + "type": "object", + "properties": map[string]interface{}{ + "id": map[string]interface{}{ + "type": "string", + }, + }, + }, + }, + "nullable": true, + } + + result := transformNullableSchema(schema) + + schemaType, ok := result["type"] + require.True(t, ok) + + typeArray, ok := schemaType.([]interface{}) + require.True(t, ok) + assert.Contains(t, typeArray, "object") + assert.Contains(t, typeArray, "null") + + oneOf, ok := result["oneOf"] + require.True(t, ok) + + oneOfSlice, ok := oneOf.([]interface{}) + require.True(t, ok) + + assert.Len(t, oneOfSlice, 2) + assert.Contains(t, oneOfSlice, map[string]interface{}{ + "allOf": []interface{}{ + map[string]interface{}{ + "type": "object", + "properties": map[string]interface{}{ + "id": map[string]interface{}{ + "type": "string", + }, + }, + }, + }, + }) + assert.Contains(t, oneOfSlice, map[string]interface{}{ + "type": "null", + }) + + _, hasNullable := result["nullable"] + assert.False(t, hasNullable) +} + +func TestTransformNullableSchema_NullableAllOfWithExistingOneOf(t *testing.T) { + schema := map[string]interface{}{ + "type": []interface{}{"object"}, + "allOf": []interface{}{ + map[string]interface{}{ + "type": "object", + "properties": map[string]interface{}{ + "id": map[string]interface{}{ + "type": "string", + }, + }, + }, + }, + "oneOf": []interface{}{ + map[string]interface{}{ + "type": "object", + "properties": map[string]interface{}{ + "id": map[string]interface{}{ + "type": "string", + "const": []any{"val"}, + }, + }, + }, + }, + "nullable": true, + } + + result := transformNullableSchema(schema) + + schemaType, ok := result["type"] + require.True(t, ok) + + typeArray, ok := schemaType.([]interface{}) + require.True(t, ok) + assert.Contains(t, typeArray, "object") + assert.Contains(t, typeArray, "null") + + oneOf, ok := result["oneOf"] + require.True(t, ok) + + oneOfSlice, ok := oneOf.([]interface{}) + require.True(t, ok) + + assert.Len(t, oneOfSlice, 3) + assert.Contains(t, oneOfSlice, map[string]interface{}{ + "allOf": []interface{}{ + map[string]interface{}{ + "type": "object", + "properties": map[string]interface{}{ + "id": map[string]interface{}{ + "type": "string", + }, + }, + }, + }, + }) + assert.Contains(t, oneOfSlice, map[string]interface{}{ + "type": "null", + }) + assert.Contains(t, oneOfSlice, map[string]interface{}{ + "type": "object", + "properties": map[string]interface{}{ + "id": map[string]interface{}{ + "type": "string", + "const": []any{"val"}, + }, + }, + }) + + _, hasNullable := result["nullable"] + assert.False(t, hasNullable) +} + func TestTransformSchemaForCoercion_ValidJSON(t *testing.T) { input := []byte(`{ "type": "boolean" @@ -546,3 +704,98 @@ func TestTransformTypeForCoercion_EdgeCases(t *testing.T) { result = transformTypeForCoercion([]interface{}{"string"}) assert.Equal(t, []interface{}{"string"}, result) } + +func TestTransformNullableSchema_EnumWithoutNull(t *testing.T) { + // Test case: nullable: true with enum that doesn't contain null + // Expected: null should be automatically added to the enum + schema := map[string]interface{}{ + "type": "string", + "enum": []interface{}{ + "active", + "inactive", + "pending", + "archived", + }, + "nullable": true, + } + + result := transformNullableSchema(schema) + + // nullable keyword should be removed + _, hasNullable := result["nullable"] + assert.False(t, hasNullable) + + // type should be converted to array including null + schemaType, ok := result["type"] + require.True(t, ok) + + typeArray, ok := schemaType.([]interface{}) + require.True(t, ok) + assert.Contains(t, typeArray, "string") + assert.Contains(t, typeArray, "null") + + // enum should contain null + enum, ok := result["enum"] + require.True(t, ok) + + enumSlice, ok := enum.([]interface{}) + require.True(t, ok) + assert.Len(t, enumSlice, 5) // original 4 values + null + assert.Contains(t, enumSlice, "active") + assert.Contains(t, enumSlice, "inactive") + assert.Contains(t, enumSlice, "pending") + assert.Contains(t, enumSlice, "archived") + assert.Contains(t, enumSlice, nil) +} + +func TestTransformNullableSchema_EnumWithNull(t *testing.T) { + // Test case: nullable: true with enum that already contains null + // Expected: null should NOT be added twice + schema := map[string]interface{}{ + "type": "string", + "enum": []interface{}{ + "active", + "inactive", + "pending", + "archived", + nil, + }, + "nullable": true, + } + + result := transformNullableSchema(schema) + + // nullable keyword should be removed + _, hasNullable := result["nullable"] + assert.False(t, hasNullable) + + // type should be converted to array including null + schemaType, ok := result["type"] + require.True(t, ok) + + typeArray, ok := schemaType.([]interface{}) + require.True(t, ok) + assert.Contains(t, typeArray, "string") + assert.Contains(t, typeArray, "null") + + // enum should still contain only one null (not duplicated) + enum, ok := result["enum"] + require.True(t, ok) + + enumSlice, ok := enum.([]interface{}) + require.True(t, ok) + assert.Len(t, enumSlice, 5) // original 5 values (no duplication) + assert.Contains(t, enumSlice, "active") + assert.Contains(t, enumSlice, "inactive") + assert.Contains(t, enumSlice, "pending") + assert.Contains(t, enumSlice, "archived") + + // Count how many nulls are in the enum + nullCount := 0 + for _, v := range enumSlice { + if v == nil { + nullCount++ + } + } + assert.Equal(t, 1, nullCount, "enum should contain exactly one null value") +} diff --git a/openapi_vocabulary/coercion_simple_test.go b/openapi_vocabulary/coercion_simple_test.go index e1cfb7a6..bf3a6f05 100644 --- a/openapi_vocabulary/coercion_simple_test.go +++ b/openapi_vocabulary/coercion_simple_test.go @@ -311,6 +311,21 @@ func TestIsCoercibleType_String(t *testing.T) { assert.False(t, IsCoercibleType("array")) } +func TestIsCoercibleType_Array(t *testing.T) { + // Array containing coercible type - should return true + assert.True(t, IsCoercibleType([]any{"string", "boolean"})) + assert.True(t, IsCoercibleType([]any{"number", "null"})) + assert.True(t, IsCoercibleType([]any{"integer"})) + + // Array containing only non-coercible types - should return false + assert.False(t, IsCoercibleType([]any{"string", "null"})) + assert.False(t, IsCoercibleType([]any{"object", "array"})) + assert.False(t, IsCoercibleType([]any{"string"})) + + // Empty array - should return false + assert.False(t, IsCoercibleType([]any{})) +} + func TestCoercionExtension_ShouldCoerceToMethods(t *testing.T) { // Test shouldCoerceToNumber method ext := &coercionExtension{ diff --git a/openapi_vocabulary/nullable.go b/openapi_vocabulary/nullable.go index 1f425c6c..bb63c1f6 100644 --- a/openapi_vocabulary/nullable.go +++ b/openapi_vocabulary/nullable.go @@ -15,7 +15,7 @@ func CompileNullable(_ *jsonschema.CompilerContext, obj map[string]any, version } // check if nullable is used in OpenAPI 3.1+ (not allowed) - if version == Version31 { + if version == Version31 || version == Version32 { return nil, &OpenAPIKeywordError{ Keyword: "nullable", Message: "The `nullable` keyword is not supported in OpenAPI 3.1+. Use `type: ['string', 'null']` instead", diff --git a/openapi_vocabulary/vocabulary.go b/openapi_vocabulary/vocabulary.go index 59ba14b3..452d82a7 100644 --- a/openapi_vocabulary/vocabulary.go +++ b/openapi_vocabulary/vocabulary.go @@ -16,8 +16,8 @@ type VersionType int const ( // Version30 represents OpenAPI 3.0.x Version30 VersionType = iota - // Version31 represents OpenAPI 3.1.x (and later) Version31 + Version32 ) // NewOpenAPIVocabulary creates a vocabulary for OpenAPI-specific keywords diff --git a/parameters/cookie_parameters.go b/parameters/cookie_parameters.go index cd85f443..d955fb65 100644 --- a/parameters/cookie_parameters.go +++ b/parameters/cookie_parameters.go @@ -1,4 +1,4 @@ -// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley // SPDX-License-Identifier: MIT package parameters @@ -17,6 +17,7 @@ import ( "github.com/pb33f/libopenapi-validator/errors" "github.com/pb33f/libopenapi-validator/helpers" "github.com/pb33f/libopenapi-validator/paths" + "github.com/pb33f/libopenapi-validator/strict" ) func (v *paramValidator) ValidateCookieParams(request *http.Request) (bool, []*errors.ValidationError) { @@ -30,8 +31,8 @@ func (v *paramValidator) ValidateCookieParams(request *http.Request) (bool, []*e func (v *paramValidator) ValidateCookieParamsWithPathItem(request *http.Request, pathItem *v3.PathItem, pathValue string) (bool, []*errors.ValidationError) { if pathItem == nil { return false, []*errors.ValidationError{{ - ValidationType: helpers.ParameterValidationPath, - ValidationSubType: "missing", + ValidationType: helpers.PathValidation, + ValidationSubType: helpers.ValidationMissing, Message: fmt.Sprintf("%s Path '%s' not found", request.Method, request.URL.Path), Reason: fmt.Sprintf("The %s request contains a path of '%s' "+ "however that path, or the %s method for that path does not exist in the specification", @@ -45,120 +46,146 @@ func (v *paramValidator) ValidateCookieParamsWithPathItem(request *http.Request, params := helpers.ExtractParamsForOperation(request, pathItem) var validationErrors []*errors.ValidationError operation := strings.ToLower(request.Method) + + // build a map of cookies from the request for efficient lookup + cookieMap := make(map[string]*http.Cookie) + for _, cookie := range request.Cookies() { + cookieMap[cookie.Name] = cookie + } + for _, p := range params { if p.In == helpers.Cookie { - for _, cookie := range request.Cookies() { - if cookie.Name == p.Name { // cookies are case-sensitive, an exact match is required + // look up the cookie by name (cookies are case-sensitive) + cookie, found := cookieMap[p.Name] + if !found { + // cookie not present in request - check if required + if p.Required != nil && *p.Required { + validationErrors = append(validationErrors, errors.CookieParameterMissing(p, pathValue, operation, "")) + } + continue + } - var sch *base.Schema - if p.Schema != nil { - sch = p.Schema.Schema() - } + var sch *base.Schema + if p.Schema != nil { + sch = p.Schema.Schema() + } - // Render schema once for ReferenceSchema field in errors - var renderedSchema string - if sch != nil { - rendered, _ := sch.RenderInline() - schemaBytes, _ := json.Marshal(rendered) - renderedSchema = string(schemaBytes) - } + // Render schema once for ReferenceSchema field in errors + var renderedSchema string + if sch != nil { + rendered, _ := sch.RenderInline() + schemaBytes, _ := json.Marshal(rendered) + renderedSchema = string(schemaBytes) + } - pType := sch.Type + pType := sch.Type - for _, ty := range pType { - switch ty { - case helpers.Integer: - if _, err := strconv.ParseInt(cookie.Value, 10, 64); err != nil { - validationErrors = append(validationErrors, - errors.InvalidCookieParamInteger(p, strings.ToLower(cookie.Value), sch, pathValue, operation, renderedSchema)) + for _, ty := range pType { + switch ty { + case helpers.Integer: + if _, err := strconv.ParseInt(cookie.Value, 10, 64); err != nil { + validationErrors = append(validationErrors, + errors.InvalidCookieParamInteger(p, strings.ToLower(cookie.Value), sch, pathValue, operation, renderedSchema)) + break + } + // validate value matches allowed enum values + if sch.Enum != nil { + matchFound := false + for _, enumVal := range sch.Enum { + if strings.TrimSpace(cookie.Value) == fmt.Sprint(enumVal.Value) { + matchFound = true break } - // check if enum is in range - if sch.Enum != nil { - matchFound := false - for _, enumVal := range sch.Enum { - if strings.TrimSpace(cookie.Value) == fmt.Sprint(enumVal.Value) { - matchFound = true - break - } - } - if !matchFound { - validationErrors = append(validationErrors, - errors.IncorrectCookieParamEnum(p, strings.ToLower(cookie.Value), sch, pathValue, operation, renderedSchema)) - } - } - case helpers.Number: - if _, err := strconv.ParseFloat(cookie.Value, 64); err != nil { - validationErrors = append(validationErrors, - errors.InvalidCookieParamNumber(p, strings.ToLower(cookie.Value), sch, pathValue, operation, renderedSchema)) + } + if !matchFound { + validationErrors = append(validationErrors, + errors.IncorrectCookieParamEnum(p, strings.ToLower(cookie.Value), sch, pathValue, operation, renderedSchema)) + } + } + case helpers.Number: + if _, err := strconv.ParseFloat(cookie.Value, 64); err != nil { + validationErrors = append(validationErrors, + errors.InvalidCookieParamNumber(p, strings.ToLower(cookie.Value), sch, pathValue, operation, renderedSchema)) + break + } + // validate value matches allowed enum values + if sch.Enum != nil { + matchFound := false + for _, enumVal := range sch.Enum { + if strings.TrimSpace(cookie.Value) == fmt.Sprint(enumVal.Value) { + matchFound = true break } - // check if enum is in range - if sch.Enum != nil { - matchFound := false - for _, enumVal := range sch.Enum { - if strings.TrimSpace(cookie.Value) == fmt.Sprint(enumVal.Value) { - matchFound = true - break - } - } - if !matchFound { - validationErrors = append(validationErrors, - errors.IncorrectCookieParamEnum(p, strings.ToLower(cookie.Value), sch, pathValue, operation, renderedSchema)) - } - } - case helpers.Boolean: - if _, err := strconv.ParseBool(cookie.Value); err != nil { - validationErrors = append(validationErrors, - errors.IncorrectCookieParamBool(p, strings.ToLower(cookie.Value), sch, pathValue, operation, renderedSchema)) - } - case helpers.Object: - if !p.IsExploded() { - encodedObj := helpers.ConstructMapFromCSV(cookie.Value) - - // if a schema was extracted - if sch != nil { - validationErrors = append(validationErrors, - ValidateParameterSchema(sch, encodedObj, "", - "Cookie parameter", - "The cookie parameter", - p.Name, - helpers.ParameterValidation, - helpers.ParameterValidationQuery, - v.options)...) - } - } - case helpers.Array: - - if !p.IsExploded() { - // well we're already in an array, so we need to check the items schema - // to ensure this array items matches the type - // only check if items is a schema, not a boolean - if sch.Items.IsA() { - validationErrors = append(validationErrors, - ValidateCookieArray(sch, p, cookie.Value, pathValue, operation, renderedSchema)...) - } - } + } + if !matchFound { + validationErrors = append(validationErrors, + errors.IncorrectCookieParamEnum(p, strings.ToLower(cookie.Value), sch, pathValue, operation, renderedSchema)) + } + } + case helpers.Boolean: + if _, err := strconv.ParseBool(cookie.Value); err != nil { + validationErrors = append(validationErrors, + errors.IncorrectCookieParamBool(p, strings.ToLower(cookie.Value), sch, pathValue, operation, renderedSchema)) + } + case helpers.Object: + if !p.IsExploded() { + encodedObj := helpers.ConstructMapFromCSV(cookie.Value) + + // if a schema was extracted + if sch != nil { + validationErrors = append(validationErrors, + ValidateParameterSchema(sch, encodedObj, "", + "Cookie parameter", + "The cookie parameter", + p.Name, + helpers.ParameterValidation, + helpers.ParameterValidationQuery, + v.options)...) + } + } + case helpers.Array: + + if !p.IsExploded() { + // well we're already in an array, so we need to check the items schema + // to ensure this array items matches the type + // only check if items is a schema, not a boolean + if sch.Items.IsA() { + validationErrors = append(validationErrors, + ValidateCookieArray(sch, p, cookie.Value, pathValue, operation, renderedSchema)...) + } + } + + case helpers.String: - case helpers.String: - - // check if the schema has an enum, and if so, match the value against one of - // the defined enum values. - if sch.Enum != nil { - matchFound := false - for _, enumVal := range sch.Enum { - if strings.TrimSpace(cookie.Value) == fmt.Sprint(enumVal.Value) { - matchFound = true - break - } - } - if !matchFound { - validationErrors = append(validationErrors, - errors.IncorrectCookieParamEnum(p, strings.ToLower(cookie.Value), sch, pathValue, operation, renderedSchema)) - } + // check if the schema has an enum, and if so, match the value against one of + // the defined enum values. + if sch.Enum != nil { + matchFound := false + for _, enumVal := range sch.Enum { + if strings.TrimSpace(cookie.Value) == fmt.Sprint(enumVal.Value) { + matchFound = true + break } } + if !matchFound { + validationErrors = append(validationErrors, + errors.IncorrectCookieParamEnum(p, strings.ToLower(cookie.Value), sch, pathValue, operation, renderedSchema)) + break + } } + validationErrors = append(validationErrors, + ValidateSingleParameterSchema( + sch, + cookie.Value, + "Cookie parameter", + "The cookie parameter", + p.Name, + helpers.ParameterValidation, + helpers.ParameterValidationCookie, + v.options, + pathValue, + operation, + )...) } } } @@ -166,6 +193,26 @@ func (v *paramValidator) ValidateCookieParamsWithPathItem(request *http.Request, errors.PopulateValidationErrors(validationErrors, request, pathValue) + if len(validationErrors) > 0 { + return false, validationErrors + } + + // strict mode: check for undeclared cookies + if v.options.StrictMode { + undeclaredCookies := strict.ValidateCookies(request, params, v.options) + for _, undeclared := range undeclaredCookies { + validationErrors = append(validationErrors, + errors.UndeclaredCookieError( + undeclared.Path, + undeclared.Name, + undeclared.Value, + undeclared.DeclaredProperties, + request.URL.Path, + request.Method, + )) + } + } + if len(validationErrors) > 0 { return false, validationErrors } diff --git a/parameters/cookie_parameters_test.go b/parameters/cookie_parameters_test.go index 8014bddb..b54be1ef 100644 --- a/parameters/cookie_parameters_test.go +++ b/parameters/cookie_parameters_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley // SPDX-License-Identifier: MIT package parameters @@ -10,7 +10,10 @@ import ( "github.com/pb33f/libopenapi" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/pb33f/libopenapi-validator/config" + "github.com/pb33f/libopenapi-validator/helpers" "github.com/pb33f/libopenapi-validator/paths" ) @@ -729,3 +732,828 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "GET Path '/pizza/beef' not found", errors[0].Message) } + +// Tests for required cookie validation (GitHub issue #183) + +func TestNewValidator_CookieRequiredMissing(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: PattyPreference + in: cookie + required: true + schema: + type: number` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + // No cookie added - this should fail validation + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Equal(t, "Cookie parameter 'PattyPreference' is missing", errors[0].Message) + assert.Equal(t, "The cookie parameter 'PattyPreference' is defined as being required, "+ + "however it's missing from the request", errors[0].Reason) + assert.Equal(t, helpers.ParameterValidation, errors[0].ValidationType) + assert.Equal(t, helpers.ParameterValidationCookie, errors[0].ValidationSubType) +} + +func TestNewValidator_CookieOptionalMissing(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: PattyPreference + in: cookie + required: false + schema: + type: number` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + // No cookie added - this should pass validation since it's optional + + valid, errors := v.ValidateCookieParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_CookieOptionalMissingNoRequiredField(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: PattyPreference + in: cookie + schema: + type: number` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + // No cookie added - this should pass validation since required defaults to false + + valid, errors := v.ValidateCookieParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_CookieMultipleRequiredOneMissing(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: PattyPreference + in: cookie + required: true + schema: + type: number + - name: BunType + in: cookie + required: true + schema: + type: string` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + // Only add one cookie + request.AddCookie(&http.Cookie{Name: "PattyPreference", Value: "1.5"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Equal(t, "Cookie parameter 'BunType' is missing", errors[0].Message) +} + +func TestNewValidator_CookieMultipleRequiredBothMissing(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: PattyPreference + in: cookie + required: true + schema: + type: number + - name: BunType + in: cookie + required: true + schema: + type: string` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + // No cookies added + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 2) +} + +func TestNewValidator_CookieMultipleRequiredAllPresent(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: PattyPreference + in: cookie + required: true + schema: + type: number + - name: BunType + in: cookie + required: true + schema: + type: string` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "PattyPreference", Value: "1.5"}) + request.AddCookie(&http.Cookie{Name: "BunType", Value: "sesame"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_CookieCaseSensitive(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: PattyPreference + in: cookie + required: true + schema: + type: number` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + // Add cookie with different case - should not match + request.AddCookie(&http.Cookie{Name: "pattypreference", Value: "1.5"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Equal(t, "Cookie parameter 'PattyPreference' is missing", errors[0].Message) +} + +func TestNewValidator_CookieRequiredWithInvalidValue(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: PattyPreference + in: cookie + required: true + schema: + type: number` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "PattyPreference", Value: "not-a-number"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + // Should be a type error, not a missing error + assert.Contains(t, errors[0].Message, "not a valid number") +} + +func TestNewValidator_CookieMixedRequiredOptional(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: PattyPreference + in: cookie + required: true + schema: + type: number + - name: ExtraCheese + in: cookie + required: false + schema: + type: boolean` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + // Only add the required cookie + request.AddCookie(&http.Cookie{Name: "PattyPreference", Value: "2.5"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_CookieRequiredIntegerMissing(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: PattyCount + in: cookie + required: true + schema: + type: integer` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Equal(t, "Cookie parameter 'PattyCount' is missing", errors[0].Message) +} + +func TestNewValidator_CookieRequiredBooleanMissing(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: ExtraCheese + in: cookie + required: true + schema: + type: boolean` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Equal(t, "Cookie parameter 'ExtraCheese' is missing", errors[0].Message) +} + +func TestNewValidator_CookieRequiredStringMissing(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: CustomerName + in: cookie + required: true + schema: + type: string` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Equal(t, "Cookie parameter 'CustomerName' is missing", errors[0].Message) +} + +func TestNewValidator_CookieRequiredArrayMissing(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: Toppings + in: cookie + required: true + schema: + type: array + items: + type: string` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Equal(t, "Cookie parameter 'Toppings' is missing", errors[0].Message) +} + +func TestNewValidator_CookieRequiredObjectMissing(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: Preferences + in: cookie + required: true + explode: false + schema: + type: object + properties: + pink: + type: boolean + number: + type: number` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Equal(t, "Cookie parameter 'Preferences' is missing", errors[0].Message) +} + +func TestNewValidator_CookieRequiredWithPathItem(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: PattyPreference + in: cookie + required: true + schema: + type: number` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + // No cookie added + + // Use the WithPathItem variant + path, _, pv := paths.FindPath(request, &m.Model, &sync.Map{}) + + valid, errors := v.ValidateCookieParamsWithPathItem(request, path, pv) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Equal(t, "Cookie parameter 'PattyPreference' is missing", errors[0].Message) +} + +// Tests for string schema validation (GitHub issue #184) + +func TestNewValidator_CookieParamStringValidPattern(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: SessionID + in: cookie + required: true + schema: + type: string + pattern: '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "SessionID", Value: "550e8400-e29b-41d4-a716-446655440000"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_CookieParamStringInvalidPattern(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: SessionID + in: cookie + required: true + schema: + type: string + pattern: '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "SessionID", Value: "invalid_value"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Contains(t, errors[0].SchemaValidationErrors[0].Reason, "does not match pattern") +} + +func TestNewValidator_CookieParamStringValidFormat(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: SessionID + in: cookie + required: true + schema: + type: string + format: uuid` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithFormatAssertions()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "SessionID", Value: "550e8400-e29b-41d4-a716-446655440000"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_CookieParamStringInvalidFormat(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: SessionID + in: cookie + required: true + schema: + type: string + format: uuid` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithFormatAssertions()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "SessionID", Value: "not-a-valid-uuid"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Contains(t, errors[0].SchemaValidationErrors[0].Reason, "uuid") +} + +func TestNewValidator_CookieParamStringValidMinLength(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: Token + in: cookie + required: true + schema: + type: string + minLength: 10` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "Token", Value: "abcdefghij"}) // exactly 10 chars + + valid, errors := v.ValidateCookieParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_CookieParamStringInvalidMinLength(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: Token + in: cookie + required: true + schema: + type: string + minLength: 10` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "Token", Value: "short"}) // only 5 chars + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Contains(t, errors[0].SchemaValidationErrors[0].Reason, "minLength") +} + +func TestNewValidator_CookieParamStringValidMaxLength(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: Token + in: cookie + required: true + schema: + type: string + maxLength: 10` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "Token", Value: "short"}) // 5 chars + + valid, errors := v.ValidateCookieParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_CookieParamStringInvalidMaxLength(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: Token + in: cookie + required: true + schema: + type: string + maxLength: 10` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "Token", Value: "this-is-way-too-long"}) // 20 chars + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Contains(t, errors[0].SchemaValidationErrors[0].Reason, "maxLength") +} + +func TestNewValidator_CookieParamStringValidPatternAndMinMaxLength(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: Code + in: cookie + required: true + schema: + type: string + pattern: '^[A-Z]+$' + minLength: 3 + maxLength: 10` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "Code", Value: "ABCDEF"}) // 6 chars, all uppercase + + valid, errors := v.ValidateCookieParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_CookieParamStringInvalidPatternButValidLength(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: Code + in: cookie + required: true + schema: + type: string + pattern: '^[A-Z]+$' + minLength: 3 + maxLength: 10` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "Code", Value: "abcdef"}) // 6 chars, but lowercase - fails pattern + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Contains(t, errors[0].SchemaValidationErrors[0].Reason, "does not match pattern") +} + +func TestNewValidator_CookieParamStringEmailFormat(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: UserEmail + in: cookie + required: true + schema: + type: string + format: email` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithFormatAssertions()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "UserEmail", Value: "user@example.com"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_CookieParamStringInvalidEmailFormat(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: UserEmail + in: cookie + required: true + schema: + type: string + format: email` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithFormatAssertions()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "UserEmail", Value: "not-an-email"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Contains(t, errors[0].SchemaValidationErrors[0].Reason, "email") +} + +func TestNewValidator_CookieParamMissingRequired(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: session_id + in: cookie + required: true + schema: + type: string` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Create request WITHOUT the required cookie + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Equal(t, "Cookie parameter 'session_id' is missing", errors[0].Message) + assert.Contains(t, errors[0].Reason, "required") +} + +func TestNewValidator_CookieParams_StrictMode_UndeclaredCookie(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: session_id + in: cookie + required: true + schema: + type: string` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "session_id", Value: "abc123"}) + request.AddCookie(&http.Cookie{Name: "extra_cookie", Value: "undeclared"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "extra_cookie") + assert.Contains(t, errors[0].Message, "not declared") +} + +func TestNewValidator_CookieParams_StrictMode_ValidRequest(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: session_id + in: cookie + required: true + schema: + type: string` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.AddCookie(&http.Cookie{Name: "session_id", Value: "abc123"}) + + valid, errors := v.ValidateCookieParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} diff --git a/parameters/header_parameters.go b/parameters/header_parameters.go index e370bb2a..aaf2524b 100644 --- a/parameters/header_parameters.go +++ b/parameters/header_parameters.go @@ -10,15 +10,15 @@ import ( "strconv" "strings" - lowbase "github.com/pb33f/libopenapi/datamodel/low/base" - "github.com/pb33f/libopenapi/datamodel/high/base" v3 "github.com/pb33f/libopenapi/datamodel/high/v3" + lowbase "github.com/pb33f/libopenapi/datamodel/low/base" "github.com/pb33f/libopenapi-validator/errors" "github.com/pb33f/libopenapi-validator/helpers" "github.com/pb33f/libopenapi-validator/paths" + "github.com/pb33f/libopenapi-validator/strict" ) func (v *paramValidator) ValidateHeaderParams(request *http.Request) (bool, []*errors.ValidationError) { @@ -32,8 +32,8 @@ func (v *paramValidator) ValidateHeaderParams(request *http.Request) (bool, []*e func (v *paramValidator) ValidateHeaderParamsWithPathItem(request *http.Request, pathItem *v3.PathItem, pathValue string) (bool, []*errors.ValidationError) { if pathItem == nil { return false, []*errors.ValidationError{{ - ValidationType: helpers.ParameterValidationPath, - ValidationSubType: "missing", + ValidationType: helpers.PathValidation, + ValidationSubType: helpers.ValidationMissing, Message: fmt.Sprintf("%s Path '%s' not found", request.Method, request.URL.Path), Reason: fmt.Sprintf("The %s request contains a path of '%s' "+ "however that path, or the %s method for that path does not exist in the specification", @@ -175,8 +175,22 @@ func (v *paramValidator) ValidateHeaderParamsWithPathItem(request *http.Request, if !matchFound { validationErrors = append(validationErrors, errors.IncorrectHeaderParamEnum(p, strings.ToLower(param), sch, pathValue, operation, renderedSchema)) + break } } + validationErrors = append(validationErrors, + ValidateSingleParameterSchema( + sch, + param, + "Header parameter", + "The header parameter", + p.Name, + helpers.ParameterValidation, + helpers.ParameterValidationHeader, + v.options, + pathValue, + operation, + )...) } } if len(pType) == 0 { @@ -184,7 +198,9 @@ func (v *paramValidator) ValidateHeaderParamsWithPathItem(request *http.Request, validationErrors = append(validationErrors, ValidateSingleParameterSchema(sch, param, p.Name, - lowbase.SchemaLabel, p.Name, helpers.ParameterValidation, helpers.ParameterValidationHeader, v.options)...) + lowbase.SchemaLabel, p.Name, helpers.ParameterValidation, helpers.ParameterValidationHeader, v.options, + pathValue, + operation)...) } } else { if p.Required != nil && *p.Required { @@ -206,6 +222,38 @@ func (v *paramValidator) ValidateHeaderParamsWithPathItem(request *http.Request, errors.PopulateValidationErrors(validationErrors, request, pathValue) + if len(validationErrors) > 0 { + return false, validationErrors + } + + // strict mode: check for undeclared headers + if v.options.StrictMode { + // Extract security headers applicable to this operation + var securityHeaders []string + if v.document.Components != nil && v.document.Components.SecuritySchemes != nil { + security := helpers.ExtractSecurityForOperation(request, pathItem) + // Convert orderedmap to regular map for the helper + schemesMap := make(map[string]*v3.SecurityScheme) + for pair := v.document.Components.SecuritySchemes.First(); pair != nil; pair = pair.Next() { + schemesMap[pair.Key()] = pair.Value() + } + securityHeaders = helpers.ExtractSecurityHeaderNames(security, schemesMap) + } + + undeclaredHeaders := strict.ValidateRequestHeaders(request.Header, params, securityHeaders, v.options) + for _, undeclared := range undeclaredHeaders { + validationErrors = append(validationErrors, + errors.UndeclaredHeaderError( + undeclared.Name, + undeclared.Value.(string), + undeclared.DeclaredProperties, + undeclared.Direction.String(), + request.URL.Path, + request.Method, + )) + } + } + if len(validationErrors) > 0 { return false, validationErrors } diff --git a/parameters/header_parameters_test.go b/parameters/header_parameters_test.go index 6c23967c..8d69c35c 100644 --- a/parameters/header_parameters_test.go +++ b/parameters/header_parameters_test.go @@ -11,6 +11,7 @@ import ( "github.com/pb33f/libopenapi" "github.com/stretchr/testify/assert" + "github.com/pb33f/libopenapi-validator/config" "github.com/pb33f/libopenapi-validator/paths" ) @@ -757,3 +758,662 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "GET Path '/buying/drinks' not found", errors[0].Message) } + +func TestNewValidator_HeaderParamStringValidPattern(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Request-ID + in: header + required: true + schema: + type: string + pattern: '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Request-ID", "550e8400-e29b-41d4-a716-446655440000") + + valid, errors := v.ValidateHeaderParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_HeaderParamStringInvalidPattern(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Request-ID + in: header + required: true + schema: + type: string + pattern: '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Request-ID", "invalid_value") + + valid, errors := v.ValidateHeaderParams(request) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].SchemaValidationErrors[0].Reason, "does not match pattern") +} + +func TestNewValidator_HeaderParamStringValidFormat(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Request-ID + in: header + required: true + schema: + type: string + format: uuid` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithFormatAssertions()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Request-ID", "550e8400-e29b-41d4-a716-446655440000") + + valid, errors := v.ValidateHeaderParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_HeaderParamStringInvalidFormat(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Request-ID + in: header + required: true + schema: + type: string + format: uuid` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithFormatAssertions()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Request-ID", "not-a-valid-uuid") + + valid, errors := v.ValidateHeaderParams(request) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].SchemaValidationErrors[0].Reason, "uuid") +} + +func TestNewValidator_HeaderParamStringValidMinLength(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Token + in: header + required: true + schema: + type: string + minLength: 10` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Token", "abcdefghij") // exactly 10 chars + + valid, errors := v.ValidateHeaderParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_HeaderParamStringInvalidMinLength(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Token + in: header + required: true + schema: + type: string + minLength: 10` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Token", "short") // only 5 chars + + valid, errors := v.ValidateHeaderParams(request) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].SchemaValidationErrors[0].Reason, "minLength") +} + +func TestNewValidator_HeaderParamStringValidMaxLength(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Token + in: header + required: true + schema: + type: string + maxLength: 10` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Token", "short") // 5 chars + + valid, errors := v.ValidateHeaderParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_HeaderParamStringInvalidMaxLength(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Token + in: header + required: true + schema: + type: string + maxLength: 10` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Token", "this-is-way-too-long") // 20 chars + + valid, errors := v.ValidateHeaderParams(request) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].SchemaValidationErrors[0].Reason, "maxLength") +} + +func TestNewValidator_HeaderParamStringValidPatternAndMinMaxLength(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Code + in: header + required: true + schema: + type: string + pattern: '^[A-Z]+$' + minLength: 3 + maxLength: 10` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Code", "ABCDEF") // 6 chars, all uppercase + + valid, errors := v.ValidateHeaderParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_HeaderParamStringInvalidPatternButValidLength(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Code + in: header + required: true + schema: + type: string + pattern: '^[A-Z]+$' + minLength: 3 + maxLength: 10` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Code", "abcdef") // 6 chars, but lowercase - fails pattern + + valid, errors := v.ValidateHeaderParams(request) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].SchemaValidationErrors[0].Reason, "does not match pattern") +} + +func TestNewValidator_HeaderParamStringValidEnumAndPattern(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Status + in: header + required: true + schema: + type: string + enum: [ACTIVE, INACTIVE, PENDING]` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Status", "ACTIVE") + + valid, errors := v.ValidateHeaderParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_HeaderParamStringEmailFormat(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-User-Email + in: header + required: true + schema: + type: string + format: email` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithFormatAssertions()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-User-Email", "user@example.com") + + valid, errors := v.ValidateHeaderParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_HeaderParamStringInvalidEmailFormat(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-User-Email + in: header + required: true + schema: + type: string + format: email` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithFormatAssertions()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-User-Email", "not-an-email") + + valid, errors := v.ValidateHeaderParams(request) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].SchemaValidationErrors[0].Reason, "email") +} + +func TestNewValidator_HeaderParams_StrictMode_UndeclaredHeader(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Request-Id + in: header + required: true + schema: + type: string` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Request-Id", "abc123") + request.Header.Set("X-Undeclared-Header", "should fail") + + valid, errors := v.ValidateHeaderParams(request) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "X-Undeclared-Header") + assert.Contains(t, errors[0].Message, "not declared") +} + +func TestNewValidator_HeaderParams_StrictMode_ValidRequest(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/beef: + get: + parameters: + - name: X-Request-Id + in: header + required: true + schema: + type: string` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil) + request.Header.Set("X-Request-Id", "abc123") + + valid, errors := v.ValidateHeaderParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_HeaderParams_StrictMode_SecuritySchemeApiKeyHeader(t *testing.T) { + // Test that apiKey security scheme headers are recognized in strict mode + spec := `openapi: 3.1.0 +info: + title: Test API + version: "1.0" +paths: + /secure/resource: + get: + security: + - ApiKeyAuth: [] + responses: + "200": + description: OK +components: + securitySchemes: + ApiKeyAuth: + type: apiKey + in: header + name: X-API-Key` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/secure/resource", nil) + request.Header.Set("X-API-Key", "my-secret-key") + + valid, errors := v.ValidateHeaderParams(request) + + // X-API-Key should be recognized as a valid header due to security scheme + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_HeaderParams_StrictMode_SecuritySchemeApiKeyHeader_CaseInsensitive(t *testing.T) { + // Test that apiKey security scheme header matching is case-insensitive + spec := `openapi: 3.1.0 +info: + title: Test API + version: "1.0" +paths: + /secure/resource: + get: + security: + - ApiKeyAuth: [] + responses: + "200": + description: OK +components: + securitySchemes: + ApiKeyAuth: + type: apiKey + in: header + name: X-API-KEY` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/secure/resource", nil) + request.Header.Set("x-api-key", "my-secret-key") // lowercase in request + + valid, errors := v.ValidateHeaderParams(request) + + // x-api-key should match X-API-KEY case-insensitively + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_HeaderParams_StrictMode_SecuritySchemeNotApplied(t *testing.T) { + // Test that security scheme headers are NOT recognized if the scheme is not applied to the operation + spec := `openapi: 3.1.0 +info: + title: Test API + version: "1.0" +paths: + /public/resource: + get: + # No security defined for this operation + responses: + "200": + description: OK +components: + securitySchemes: + ApiKeyAuth: + type: apiKey + in: header + name: X-API-Key` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/public/resource", nil) + request.Header.Set("X-API-Key", "my-secret-key") + + valid, errors := v.ValidateHeaderParams(request) + + // X-API-Key should be flagged as undeclared since the security scheme is not applied to this operation + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "X-Api-Key") + assert.Contains(t, errors[0].Message, "not declared") +} + +func TestNewValidator_HeaderParams_StrictMode_MultipleSecurity_OR(t *testing.T) { + // Test multiple security options (OR logic) - any header is valid + spec := `openapi: 3.1.0 +info: + title: Test API + version: "1.0" +paths: + /secure/resource: + get: + security: + - ApiKeyAuth: [] + - BearerAuth: [] + responses: + "200": + description: OK +components: + securitySchemes: + ApiKeyAuth: + type: apiKey + in: header + name: X-API-Key + BearerAuth: + type: http + scheme: bearer` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + // Request with X-API-Key only + request, _ := http.NewRequest(http.MethodGet, "https://things.com/secure/resource", nil) + request.Header.Set("X-API-Key", "my-key") + + valid, errors := v.ValidateHeaderParams(request) + assert.True(t, valid) + assert.Len(t, errors, 0) + + // Request with both (both should be allowed) + request2, _ := http.NewRequest(http.MethodGet, "https://things.com/secure/resource", nil) + request2.Header.Set("X-API-Key", "my-key") + request2.Header.Set("Authorization", "Bearer token") // Authorization is in default ignored headers anyway + + valid2, errors2 := v.ValidateHeaderParams(request2) + assert.True(t, valid2) + assert.Len(t, errors2, 0) +} + +func TestNewValidator_HeaderParams_StrictMode_ApiKeyQuery_NotHeader(t *testing.T) { + // Test that apiKey with in:query does NOT add a header allowance + spec := `openapi: 3.1.0 +info: + title: Test API + version: "1.0" +paths: + /secure/resource: + get: + security: + - ApiKeyQuery: [] + responses: + "200": + description: OK +components: + securitySchemes: + ApiKeyQuery: + type: apiKey + in: query + name: api_key` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/secure/resource", nil) + request.Header.Set("X-Unknown", "value") // No security headers expected + + valid, errors := v.ValidateHeaderParams(request) + + // X-Unknown should be flagged + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "X-Unknown") +} + +func TestNewValidator_HeaderParams_StrictMode_CombinedParamsAndSecurity(t *testing.T) { + // Test that both params and security scheme headers are recognized + spec := `openapi: 3.1.0 +info: + title: Test API + version: "1.0" +paths: + /secure/resource: + get: + security: + - ApiKeyAuth: [] + parameters: + - name: X-Request-Id + in: header + required: true + schema: + type: string + responses: + "200": + description: OK +components: + securitySchemes: + ApiKeyAuth: + type: apiKey + in: header + name: X-API-Key` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/secure/resource", nil) + request.Header.Set("X-Request-Id", "123") + request.Header.Set("X-API-Key", "my-key") + + valid, errors := v.ValidateHeaderParams(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestNewValidator_HeaderParams_StrictMode_NoComponents(t *testing.T) { + // Test that validation works when there are no components/securitySchemes + spec := `openapi: 3.1.0 +info: + title: Test API + version: "1.0" +paths: + /resource: + get: + responses: + "200": + description: OK` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/resource", nil) + request.Header.Set("X-Custom", "value") + + valid, errors := v.ValidateHeaderParams(request) + + // X-Custom should be flagged as undeclared + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "X-Custom") +} diff --git a/parameters/path_parameters.go b/parameters/path_parameters.go index 78d83393..0f768314 100644 --- a/parameters/path_parameters.go +++ b/parameters/path_parameters.go @@ -32,8 +32,8 @@ func (v *paramValidator) ValidatePathParams(request *http.Request) (bool, []*err func (v *paramValidator) ValidatePathParamsWithPathItem(request *http.Request, pathItem *v3.PathItem, pathValue string) (bool, []*errors.ValidationError) { if pathItem == nil { return false, []*errors.ValidationError{{ - ValidationType: helpers.ParameterValidationPath, - ValidationSubType: "missing", + ValidationType: helpers.PathValidation, + ValidationSubType: helpers.ValidationMissing, Message: fmt.Sprintf("%s Path '%s' not found", request.Method, request.URL.Path), Reason: fmt.Sprintf("The %s request contains a path of '%s' "+ "however that path, or the %s method for that path does not exist in the specification", @@ -47,6 +47,9 @@ func (v *paramValidator) ValidatePathParamsWithPathItem(request *http.Request, p submittedSegments := strings.Split(paths.StripRequestPath(request, v.document), helpers.Slash) pathSegments := strings.Split(pathValue, helpers.Slash) + // get the operation method for error reporting + operation := strings.ToLower(request.Method) + // extract params for the operation params := helpers.ExtractParamsForOperation(request, pathItem) var validationErrors []*errors.ValidationError @@ -185,6 +188,8 @@ func (v *paramValidator) ValidatePathParamsWithPathItem(request *http.Request, p helpers.ParameterValidation, helpers.ParameterValidationPath, v.options, + pathValue, + operation, )...) case helpers.Integer: @@ -208,6 +213,8 @@ func (v *paramValidator) ValidatePathParamsWithPathItem(request *http.Request, p helpers.ParameterValidation, helpers.ParameterValidationPath, v.options, + pathValue, + operation, )...) case helpers.Number: @@ -231,6 +238,8 @@ func (v *paramValidator) ValidatePathParamsWithPathItem(request *http.Request, p helpers.ParameterValidation, helpers.ParameterValidationPath, v.options, + pathValue, + operation, )...) case helpers.Boolean: diff --git a/parameters/path_parameters_test.go b/parameters/path_parameters_test.go index a12a82bf..02f2068b 100644 --- a/parameters/path_parameters_test.go +++ b/parameters/path_parameters_test.go @@ -440,7 +440,7 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "Path parameter 'burgerId' failed to validate", errors[0].Message) assert.Len(t, errors[0].SchemaValidationErrors, 1) - assert.Equal(t, "Reason: minimum: got 1, want 10, Location: /minimum", errors[0].SchemaValidationErrors[0].Error()) + assert.Equal(t, "Reason: minimum: got 1, want 10", errors[0].SchemaValidationErrors[0].Error()) } func TestNewValidator_SimpleEncodedPath_MinimumInteger(t *testing.T) { @@ -495,7 +495,7 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "Path parameter 'burgerId' failed to validate", errors[0].Message) assert.Len(t, errors[0].SchemaValidationErrors, 1) - assert.Equal(t, "Reason: maximum: got 11, want 10, Location: /maximum", errors[0].SchemaValidationErrors[0].Error()) + assert.Equal(t, "Reason: maximum: got 11, want 10", errors[0].SchemaValidationErrors[0].Error()) } func TestNewValidator_SimpleEncodedPath_MaximumInteger(t *testing.T) { @@ -577,7 +577,7 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "Path parameter 'burgerId' failed to validate", errors[0].Message) assert.Len(t, errors[0].SchemaValidationErrors, 1) - assert.Equal(t, "Reason: minimum: got 1.3, want 10.2, Location: /minimum", errors[0].SchemaValidationErrors[0].Error()) + assert.Equal(t, "Reason: minimum: got 1.3, want 10.2", errors[0].SchemaValidationErrors[0].Error()) } func TestNewValidator_SimpleEncodedPath_MinimumNumber(t *testing.T) { @@ -632,7 +632,7 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "Path parameter 'burgerId' failed to validate", errors[0].Message) assert.Len(t, errors[0].SchemaValidationErrors, 1) - assert.Equal(t, "Reason: maximum: got 11.2, want 10.2, Location: /maximum", errors[0].SchemaValidationErrors[0].Error()) + assert.Equal(t, "Reason: maximum: got 11.2, want 10.2", errors[0].SchemaValidationErrors[0].Error()) } func TestNewValidator_SimpleEncodedPath_MaximumNumber(t *testing.T) { @@ -741,7 +741,7 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "Path parameter 'burgerId' failed to validate", errors[0].Message) assert.Len(t, errors[0].SchemaValidationErrors, 1) - assert.Equal(t, "Reason: minimum: got 3, want 10, Location: /minimum", errors[0].SchemaValidationErrors[0].Error()) + assert.Equal(t, "Reason: minimum: got 3, want 10", errors[0].SchemaValidationErrors[0].Error()) } func TestNewValidator_LabelEncodedPath_MaximumIntegerViolation(t *testing.T) { @@ -771,7 +771,7 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "Path parameter 'burgerId' failed to validate", errors[0].Message) assert.Len(t, errors[0].SchemaValidationErrors, 1) - assert.Equal(t, "Reason: maximum: got 32, want 10, Location: /maximum", errors[0].SchemaValidationErrors[0].Error()) + assert.Equal(t, "Reason: maximum: got 32, want 10", errors[0].SchemaValidationErrors[0].Error()) } func TestNewValidator_LabelEncodedPath_InvalidBoolean(t *testing.T) { @@ -1278,7 +1278,7 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "Path parameter 'burgerId' failed to validate", errors[0].Message) assert.Len(t, errors[0].SchemaValidationErrors, 1) - assert.Equal(t, "Reason: minimum: got 3, want 5, Location: /minimum", errors[0].SchemaValidationErrors[0].Error()) + assert.Equal(t, "Reason: minimum: got 3, want 5", errors[0].SchemaValidationErrors[0].Error()) } func TestNewValidator_MatrixEncodedPath_MaximumIntegerViolation(t *testing.T) { @@ -1308,7 +1308,7 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "Path parameter 'burgerId' failed to validate", errors[0].Message) assert.Len(t, errors[0].SchemaValidationErrors, 1) - assert.Equal(t, "Reason: maximum: got 30, want 5, Location: /maximum", errors[0].SchemaValidationErrors[0].Error()) + assert.Equal(t, "Reason: maximum: got 30, want 5", errors[0].SchemaValidationErrors[0].Error()) } func TestNewValidator_MatrixEncodedPath_InvalidNumber(t *testing.T) { @@ -1365,7 +1365,7 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "Path parameter 'burgerId' failed to validate", errors[0].Message) assert.Len(t, errors[0].SchemaValidationErrors, 1) - assert.Equal(t, "Reason: minimum: got 3, want 5, Location: /minimum", errors[0].SchemaValidationErrors[0].Error()) + assert.Equal(t, "Reason: minimum: got 3, want 5", errors[0].SchemaValidationErrors[0].Error()) } func TestNewValidator_MatrixEncodedPath_MaximumNumberViolation(t *testing.T) { @@ -1395,7 +1395,7 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "Path parameter 'burgerId' failed to validate", errors[0].Message) assert.Len(t, errors[0].SchemaValidationErrors, 1) - assert.Equal(t, "Reason: maximum: got 30, want 5, Location: /maximum", errors[0].SchemaValidationErrors[0].Error()) + assert.Equal(t, "Reason: maximum: got 30, want 5", errors[0].SchemaValidationErrors[0].Error()) } func TestNewValidator_MatrixEncodedPath_ValidPrimitiveBoolean(t *testing.T) { @@ -1796,7 +1796,7 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "Path parameter 'burgerId' failed to validate", errors[0].Message) assert.Len(t, errors[0].SchemaValidationErrors, 1) - assert.Equal(t, "Reason: minLength: got 3, want 4, Location: /minLength", errors[0].SchemaValidationErrors[0].Error()) + assert.Equal(t, "Reason: minLength: got 3, want 4", errors[0].SchemaValidationErrors[0].Error()) } func TestNewValidator_PathParamStringMaxLengthViolation(t *testing.T) { @@ -1825,7 +1825,7 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, "Path parameter 'burgerId' failed to validate", errors[0].Message) assert.Len(t, errors[0].SchemaValidationErrors, 1) - assert.Equal(t, "Reason: maxLength: got 3, want 1, Location: /maxLength", errors[0].SchemaValidationErrors[0].Error()) + assert.Equal(t, "Reason: maxLength: got 3, want 1", errors[0].SchemaValidationErrors[0].Error()) } func TestNewValidator_PathParamIntegerEnumValid(t *testing.T) { diff --git a/parameters/query_parameters.go b/parameters/query_parameters.go index 91fe90c3..0576a587 100644 --- a/parameters/query_parameters.go +++ b/parameters/query_parameters.go @@ -1,4 +1,4 @@ -// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley // SPDX-License-Identifier: MIT package parameters @@ -19,6 +19,7 @@ import ( "github.com/pb33f/libopenapi-validator/errors" "github.com/pb33f/libopenapi-validator/helpers" "github.com/pb33f/libopenapi-validator/paths" + "github.com/pb33f/libopenapi-validator/strict" ) const rx = `[:\/\?#\[\]\@!\$&'\(\)\*\+,;=]` @@ -36,8 +37,8 @@ func (v *paramValidator) ValidateQueryParams(request *http.Request) (bool, []*er func (v *paramValidator) ValidateQueryParamsWithPathItem(request *http.Request, pathItem *v3.PathItem, pathValue string) (bool, []*errors.ValidationError) { if pathItem == nil { return false, []*errors.ValidationError{{ - ValidationType: helpers.ParameterValidationPath, - ValidationSubType: "missing", + ValidationType: helpers.PathValidation, + ValidationSubType: helpers.ValidationMissing, Message: fmt.Sprintf("%s Path '%s' not found", request.Method, request.URL.Path), Reason: fmt.Sprintf("The %s request contains a path of '%s' "+ "however that path, or the %s method for that path does not exist in the specification", @@ -52,9 +53,24 @@ func (v *paramValidator) ValidateQueryParamsWithPathItem(request *http.Request, queryParams := make(map[string][]*helpers.QueryParam) var validationErrors []*errors.ValidationError + // build a set of spec parameter names for exact matching + specParamNames := make(map[string]bool) + for _, p := range params { + if p.In == helpers.Query { + specParamNames[p.Name] = true + } + } + for qKey, qVal := range request.URL.Query() { - // check if the param is encoded as a property / deepObject - if strings.IndexRune(qKey, '[') > 0 && strings.IndexRune(qKey, ']') > 0 { + // check if the query key exactly matches a spec parameter name (e.g., "match[]") + // if so, store it literally without deepObject stripping + if specParamNames[qKey] { + queryParams[qKey] = append(queryParams[qKey], &helpers.QueryParam{ + Key: qKey, + Values: qVal, + }) + } else if strings.IndexRune(qKey, '[') > 0 && strings.IndexRune(qKey, ']') > 0 { + // check if the param is encoded as a property / deepObject stripped := qKey[:strings.IndexRune(qKey, '[')] value := qKey[strings.IndexRune(qKey, '[')+1 : strings.IndexRune(qKey, ']')] queryParams[stripped] = append(queryParams[stripped], &helpers.QueryParam{ @@ -261,6 +277,26 @@ doneLooking: errors.PopulateValidationErrors(validationErrors, request, pathValue) + if len(validationErrors) > 0 { + return false, validationErrors + } + + // strict mode: check for undeclared query parameters + if v.options.StrictMode { + undeclaredParams := strict.ValidateQueryParams(request, params, v.options) + for _, undeclared := range undeclaredParams { + validationErrors = append(validationErrors, + errors.UndeclaredQueryParamError( + undeclared.Path, + undeclared.Name, + undeclared.Value, + undeclared.DeclaredProperties, + request.URL.Path, + request.Method, + )) + } + } + if len(validationErrors) > 0 { return false, validationErrors } @@ -282,7 +318,7 @@ func (v *paramValidator) validateSimpleParam(sch *base.Schema, rawParam string, } } - return ValidateSingleParameterSchemaWithPath( + return ValidateSingleParameterSchema( sch, parsedParam, "Query parameter", diff --git a/parameters/query_parameters_test.go b/parameters/query_parameters_test.go index 137969c6..3f84f477 100644 --- a/parameters/query_parameters_test.go +++ b/parameters/query_parameters_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley // SPDX-License-Identifier: MIT package parameters @@ -1729,7 +1729,7 @@ paths: assert.Equal(t, "The query parameter (which is an array) 'fishy' is defined as an object, "+ "however it failed to pass a schema validation", errors[0].Reason) assert.Equal(t, "missing properties 'vinegar', 'chips'", errors[0].SchemaValidationErrors[0].Reason) - assert.Equal(t, "/required", errors[0].SchemaValidationErrors[0].Location) + assert.Equal(t, "/required", errors[0].SchemaValidationErrors[0].KeywordLocation) } func TestNewValidator_QueryParamValidTypeObjectPropType_Invalid(t *testing.T) { @@ -3632,3 +3632,139 @@ paths: assert.Len(t, errors, 1) assert.Equal(t, errors[0].Reason, "The query parameter (which is an array) 'id' contains the following duplicates: 'cake, meat'") } + +func TestNewValidator_QueryParamWithBracketsInName(t *testing.T) { + // Test for issue #210: parameter names with brackets (e.g., match[]) + // should be recognized when URL-encoded as match%5B%5D + // https://github.com/pb33f/libopenapi-validator/issues/210 + spec := `openapi: 3.1.0 +paths: + /api/query: + get: + parameters: + - name: "match[]" + in: query + required: true + explode: false + schema: + type: array + items: + type: string + - name: start + in: query + schema: + type: integer + - name: end + in: query + schema: + type: integer + operationId: queryData +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // URL with encoded brackets: match%5B%5D=up (decodes to match[]=up) + request, _ := http.NewRequest(http.MethodGet, + "https://example.com/api/query?match%5B%5D=up&start=0&end=100", nil) + + valid, errors := v.ValidateQueryParams(request) + assert.True(t, valid, "Expected validation to pass, got errors: %v", errors) + assert.Empty(t, errors) +} + +func TestNewValidator_QueryParamWithBracketsInName_Missing(t *testing.T) { + // Test that missing bracket parameters are still reported correctly + spec := `openapi: 3.1.0 +paths: + /api/query: + get: + parameters: + - name: "match[]" + in: query + required: true + schema: + type: array + items: + type: string + operationId: queryData +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Request without the required match[] parameter + request, _ := http.NewRequest(http.MethodGet, + "https://example.com/api/query?other=value", nil) + + valid, errors := v.ValidateQueryParams(request) + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Equal(t, "Query parameter 'match[]' is missing", errors[0].Message) +} + +func TestNewValidator_QueryParams_StrictMode_UndeclaredParam(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /api/search: + get: + parameters: + - name: query + in: query + required: true + schema: + type: string + - name: limit + in: query + schema: + type: integer + operationId: search +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + // Request with undeclared 'extra' parameter + request, _ := http.NewRequest(http.MethodGet, + "https://example.com/api/search?query=test&limit=10&extra=undeclared", nil) + + valid, errors := v.ValidateQueryParams(request) + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "extra") + assert.Contains(t, errors[0].Message, "not declared") +} + +func TestNewValidator_QueryParams_StrictMode_ValidRequest(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /api/search: + get: + parameters: + - name: query + in: query + required: true + schema: + type: string + - name: limit + in: query + schema: + type: integer + operationId: search +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model, config.WithStrictMode()) + + // Request with only declared parameters + request, _ := http.NewRequest(http.MethodGet, + "https://example.com/api/search?query=test&limit=10", nil) + + valid, errors := v.ValidateQueryParams(request) + assert.True(t, valid) + assert.Len(t, errors, 0) +} diff --git a/parameters/validate_parameter.go b/parameters/validate_parameter.go index df5ae8b4..562a93c2 100644 --- a/parameters/validate_parameter.go +++ b/parameters/validate_parameter.go @@ -9,7 +9,6 @@ import ( "net/url" "reflect" "strings" - "sync" "github.com/pb33f/libopenapi/datamodel/high/base" "github.com/pb33f/libopenapi/utils" @@ -33,19 +32,6 @@ func ValidateSingleParameterSchema( validationType string, subValType string, o *config.ValidationOptions, -) (validationErrors []*errors.ValidationError) { - return ValidateSingleParameterSchemaWithPath(schema, rawObject, entity, reasonEntity, name, validationType, subValType, o, "", "") -} - -func ValidateSingleParameterSchemaWithPath( - schema *base.Schema, - rawObject any, - entity string, - reasonEntity string, - name string, - validationType string, - subValType string, - o *config.ValidationOptions, pathTemplate string, operation string, ) (validationErrors []*errors.ValidationError) { @@ -110,7 +96,8 @@ func ValidateParameterSchema( var validationErrors []*errors.ValidationError // 1. build a JSON render of the schema. - renderedSchema, _ := schema.RenderInline() + renderCtx := base.NewInlineRenderContext() + renderedSchema, _ := schema.RenderInlineWithContext(renderCtx) jsonSchema, _ := utils.ConvertYAMLtoJSON(renderedSchema) // 2. decode the object into a json blob. @@ -237,19 +224,13 @@ func formatJsonSchemaValidationError(schema *base.Schema, scErrs *jsonschema.Val // Construct full OpenAPI path for KeywordLocation if pathTemplate and operation are provided keywordLocation := er.KeywordLocation if pathTemplate != "" && operation != "" && validationType == helpers.ParameterValidation { - // Build full OpenAPI path: /paths/{escapedPath}/{operation}/parameters/{paramName}/schema{relativeKeywordLocation} - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - escapedPath = strings.TrimPrefix(escapedPath, "~1") // Remove leading ~1 - // er.KeywordLocation is relative to the schema (e.g., "/minLength" or "/enum") - // Prepend the full OpenAPI path - keywordLocation = fmt.Sprintf("/paths/%s/%s/parameters/%s/schema%s", escapedPath, strings.ToLower(operation), name, er.KeywordLocation) + keyword := strings.TrimPrefix(er.KeywordLocation, "/") + keywordLocation = helpers.ConstructParameterJSONPointer(pathTemplate, operation, name, keyword) } fail := &errors.SchemaValidationFailure{ Reason: errMsg, - Location: er.KeywordLocation, // DEPRECATED FieldName: helpers.ExtractFieldNameFromStringLocation(er.InstanceLocation), FieldPath: helpers.ExtractJSONPathFromStringLocation(er.InstanceLocation), InstancePath: helpers.ConvertStringLocationToPathSegments(er.InstanceLocation), @@ -257,7 +238,8 @@ func formatJsonSchemaValidationError(schema *base.Schema, scErrs *jsonschema.Val OriginalJsonSchemaError: scErrs, } if schema != nil { - rendered, err := schema.RenderInline() + renderCtx := base.NewInlineRenderContext() + rendered, err := schema.RenderInlineWithContext(renderCtx) if err == nil && rendered != nil { renderedBytes, _ := json.Marshal(rendered) fail.ReferenceSchema = string(renderedBytes) @@ -286,24 +268,17 @@ func formatJsonSchemaValidationError(schema *base.Schema, scErrs *jsonschema.Val } } } - processPoly := func(schemas []*base.SchemaProxy, wg *sync.WaitGroup) { - if len(schemas) > 0 { - for _, s := range schemas { - extractTypes(s) - } + processPoly := func(schemas []*base.SchemaProxy) { + for _, s := range schemas { + extractTypes(s) } - wg.Done() } // check if there is polymorphism going on here. if len(schema.AnyOf) > 0 || len(schema.AllOf) > 0 || len(schema.OneOf) > 0 { - - wg := sync.WaitGroup{} - wg.Add(3) - go processPoly(schema.AnyOf, &wg) - go processPoly(schema.AllOf, &wg) - go processPoly(schema.OneOf, &wg) - wg.Wait() + processPoly(schema.AnyOf) + processPoly(schema.AllOf) + processPoly(schema.OneOf) sep := "or" if len(schema.AllOf) > 0 { diff --git a/parameters/validate_parameter_test.go b/parameters/validate_parameter_test.go index e076b881..9c51395a 100644 --- a/parameters/validate_parameter_test.go +++ b/parameters/validate_parameter_test.go @@ -2,22 +2,23 @@ package parameters import ( "net/http" + "strings" "sync" "testing" - "github.com/pb33f/libopenapi-validator/config" - "github.com/pb33f/libopenapi-validator/helpers" - lowv3 "github.com/pb33f/libopenapi/datamodel/low/v3" - "github.com/pb33f/libopenapi" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" + + lowv3 "github.com/pb33f/libopenapi/datamodel/low/v3" + + "github.com/pb33f/libopenapi-validator/config" + "github.com/pb33f/libopenapi-validator/helpers" ) func Test_ForceCompilerError(t *testing.T) { // Try to force a panic - result := ValidateSingleParameterSchema(nil, nil, "", "", "", "", "", nil) + result := ValidateSingleParameterSchema(nil, nil, "", "", "", "", "", nil, "", "") // Ideally this would result in an error response, current behavior swallows the error require.Empty(t, result) @@ -137,7 +138,7 @@ func TestHeaderSchemaNoType_AllPoly(t *testing.T) { "allOf": [ { "type": "boolean" - }, + } ] } } @@ -264,7 +265,7 @@ func TestUnifiedErrorFormatWithFormatValidation(t *testing.T) { // verify unified error format - SchemaValidationErrors should be populated assert.Len(t, valErrs[0].SchemaValidationErrors, 1) assert.Contains(t, valErrs[0].SchemaValidationErrors[0].Reason, "is not valid email") - assert.Equal(t, "/format", valErrs[0].SchemaValidationErrors[0].Location) + assert.Equal(t, "/paths/test/get/parameters/email_param/schema/format", valErrs[0].SchemaValidationErrors[0].KeywordLocation) assert.NotEmpty(t, valErrs[0].SchemaValidationErrors[0].ReferenceSchema) } @@ -319,8 +320,9 @@ func TestParameterNameFieldPopulation(t *testing.T) { assert.Equal(t, "integer_param", valErrs[0].ParameterName) assert.Equal(t, "Query parameter 'integer_param' is not a valid integer", valErrs[0].Message) - // basic type errors should NOT have SchemaValidationErrors (no JSONSchema validation occurred) - assert.Empty(t, valErrs[0].SchemaValidationErrors) + // basic type errors SHOULD have SchemaValidationErrors because we know the parameter schema + assert.Len(t, valErrs[0].SchemaValidationErrors, 1) + assert.Equal(t, "integer_param", valErrs[0].SchemaValidationErrors[0].FieldName) } func TestHeaderSchemaStringNoJSON(t *testing.T) { @@ -349,10 +351,10 @@ func TestHeaderSchemaStringNoJSON(t *testing.T) { { "type": "integer" } - ], + ] } } - }, + } } } } @@ -467,16 +469,13 @@ func TestComplexRegexSchemaCompilationError(t *testing.T) { found := false for _, err := range valErrs { if err.ParameterName == "complexParam" && - err.SchemaValidationErrors != nil && - len(err.SchemaValidationErrors) > 0 { - for _, schemaErr := range err.SchemaValidationErrors { - if schemaErr.Location == "schema compilation" && - schemaErr.Reason != "" { - found = true - assert.Contains(t, schemaErr.Reason, "failed to compile JSON schema") - assert.Contains(t, err.HowToFix, "complex regex patterns") - break - } + len(err.SchemaValidationErrors) == 0 { + // Schema compilation errors don't have SchemaValidationFailure objects + if strings.Contains(err.Reason, "failed to compile JSON schema") { + found = true + assert.Contains(t, err.Reason, "failed to compile JSON schema") + assert.Contains(t, err.HowToFix, "complex regex patterns") + break } } } @@ -555,15 +554,14 @@ func TestValidateParameterSchema_SchemaCompilationFailure(t *testing.T) { for _, validationError := range validationErrors { if validationError.ParameterName == "failParam" && validationError.ValidationSubType == helpers.ParameterValidationQuery && - validationError.SchemaValidationErrors != nil { - for _, schemaErr := range validationError.SchemaValidationErrors { - if schemaErr.Location == "schema compilation" { - assert.Contains(t, schemaErr.Reason, "failed to compile JSON schema") - assert.Contains(t, validationError.HowToFix, "complex regex patterns") - assert.Equal(t, "Query parameter 'failParam' failed schema compilation", validationError.Message) - found = true - break - } + len(validationError.SchemaValidationErrors) == 0 { + // Schema compilation errors don't have SchemaValidationFailure objects + if strings.Contains(validationError.Reason, "failed to compile JSON schema") { + assert.Contains(t, validationError.Reason, "failed to compile JSON schema") + assert.Contains(t, validationError.HowToFix, "complex regex patterns") + assert.Equal(t, "Query parameter 'failParam' failed schema compilation", validationError.Message) + found = true + break } } } diff --git a/parameters/validate_security.go b/parameters/validate_security.go index 8135f748..53492b45 100644 --- a/parameters/validate_security.go +++ b/parameters/validate_security.go @@ -1,4 +1,4 @@ -// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley // SPDX-License-Identifier: MIT package parameters @@ -8,9 +8,9 @@ import ( "net/http" "strings" - "github.com/pb33f/libopenapi/orderedmap" - + "github.com/pb33f/libopenapi/datamodel/high/base" v3 "github.com/pb33f/libopenapi/datamodel/high/v3" + "github.com/pb33f/libopenapi/orderedmap" "github.com/pb33f/libopenapi-validator/errors" "github.com/pb33f/libopenapi-validator/helpers" @@ -28,8 +28,8 @@ func (v *paramValidator) ValidateSecurity(request *http.Request) (bool, []*error func (v *paramValidator) ValidateSecurityWithPathItem(request *http.Request, pathItem *v3.PathItem, pathValue string) (bool, []*errors.ValidationError) { if pathItem == nil { return false, []*errors.ValidationError{{ - ValidationType: helpers.ParameterValidationPath, - ValidationSubType: "missing", + ValidationType: helpers.PathValidation, + ValidationSubType: helpers.ValidationMissing, Message: fmt.Sprintf("%s Path '%s' not found", request.Method, request.URL.Path), Reason: fmt.Sprintf("The %s request contains a path of '%s' "+ "however that path, or the %s method for that path does not exist in the specification", @@ -49,13 +49,18 @@ func (v *paramValidator) ValidateSecurityWithPathItem(request *http.Request, pat return true, nil } - allErrors := []*errors.ValidationError{} + var allErrors []*errors.ValidationError + // each security requirement in the array is OR'd - any one passing is sufficient for _, sec := range security { if sec.ContainsEmptyRequirement { return true, nil } + // within a requirement, all schemes are AND'd - all must pass + requirementSatisfied := true + var requirementErrors []*errors.ValidationError + for pair := orderedmap.First(sec.Requirements); pair != nil; pair = pair.Next() { secName := pair.Key() @@ -66,122 +71,165 @@ func (v *paramValidator) ValidateSecurityWithPathItem(request *http.Request, pat Message: fmt.Sprintf("Security scheme '%s' is missing", secName), Reason: fmt.Sprintf("The security scheme '%s' is defined as being required, "+ "however it's missing from the components", secName), - ValidationType: "security", + ValidationType: helpers.SecurityValidation, SpecLine: sec.GoLow().Requirements.ValueNode.Line, SpecCol: sec.GoLow().Requirements.ValueNode.Column, HowToFix: "Add the missing security scheme to the components", }, } errors.PopulateValidationErrors(validationErrors, request, pathValue) - - return false, validationErrors + requirementSatisfied = false + requirementErrors = append(requirementErrors, validationErrors...) + continue } - secScheme := v.document.Components.SecuritySchemes.GetOrZero(secName) - switch strings.ToLower(secScheme.Type) { - case "http": - switch strings.ToLower(secScheme.Scheme) { - case "basic", "bearer", "digest": - // check for an authorization header - if request.Header.Get("Authorization") == "" { - validationErrors := []*errors.ValidationError{ - { - Message: fmt.Sprintf("Authorization header for '%s' scheme", secScheme.Scheme), - Reason: "Authorization header was not found", - ValidationType: "security", - ValidationSubType: secScheme.Scheme, - SpecLine: sec.GoLow().Requirements.ValueNode.Line, - SpecCol: sec.GoLow().Requirements.ValueNode.Column, - HowToFix: "Add an 'Authorization' header to this request", - }, - } - - errors.PopulateValidationErrors(validationErrors, request, pathValue) - allErrors = append(allErrors, validationErrors...) - } else { - return true, nil - } - } - case "apikey": - // check if the api key is in the request - if secScheme.In == "header" { - if request.Header.Get(secScheme.Name) == "" { - validationErrors := []*errors.ValidationError{ - { - Message: fmt.Sprintf("API Key %s not found in header", secScheme.Name), - Reason: "API Key not found in http header for security scheme 'apiKey' with type 'header'", - ValidationType: "security", - ValidationSubType: "apiKey", - SpecLine: sec.GoLow().Requirements.ValueNode.Line, - SpecCol: sec.GoLow().Requirements.ValueNode.Column, - HowToFix: fmt.Sprintf("Add the API Key via '%s' as a header of the request", secScheme.Name), - }, - } - - errors.PopulateValidationErrors(validationErrors, request, pathValue) - allErrors = append(allErrors, validationErrors...) - } else { - return true, nil - } - } - if secScheme.In == "query" { - if request.URL.Query().Get(secScheme.Name) == "" { - copyUrl := *request.URL - fixed := ©Url - q := fixed.Query() - q.Add(secScheme.Name, "your-api-key") - fixed.RawQuery = q.Encode() - - validationErrors := []*errors.ValidationError{ - { - Message: fmt.Sprintf("API Key %s not found in query", secScheme.Name), - Reason: "API Key not found in URL query for security scheme 'apiKey' with type 'query'", - ValidationType: "security", - ValidationSubType: "apiKey", - SpecLine: sec.GoLow().Requirements.ValueNode.Line, - SpecCol: sec.GoLow().Requirements.ValueNode.Column, - HowToFix: fmt.Sprintf("Add an API Key via '%s' to the query string "+ - "of the URL, for example '%s'", secScheme.Name, fixed.String()), - }, - } - - errors.PopulateValidationErrors(validationErrors, request, pathValue) - allErrors = append(allErrors, validationErrors...) - } else { - return true, nil - } - } - if secScheme.In == "cookie" { - cookies := request.Cookies() - cookieFound := false - for _, cookie := range cookies { - if cookie.Name == secScheme.Name { - cookieFound = true - break - } - } - if !cookieFound { - validationErrors := []*errors.ValidationError{ - { - Message: fmt.Sprintf("API Key %s not found in cookies", secScheme.Name), - Reason: "API Key not found in http request cookies for security scheme 'apiKey' with type 'cookie'", - ValidationType: "security", - ValidationSubType: "apiKey", - SpecLine: sec.GoLow().Requirements.ValueNode.Line, - SpecCol: sec.GoLow().Requirements.ValueNode.Column, - HowToFix: fmt.Sprintf("Submit an API Key '%s' as a cookie with the request", secScheme.Name), - }, - } - - errors.PopulateValidationErrors(validationErrors, request, pathValue) - allErrors = append(allErrors, validationErrors...) - } else { - return true, nil - } - } + secScheme := v.document.Components.SecuritySchemes.GetOrZero(secName) + schemeValid, schemeErrors := v.validateSecurityScheme(secScheme, sec, request, pathValue) + if !schemeValid { + requirementSatisfied = false + requirementErrors = append(requirementErrors, schemeErrors...) } } + + // if all schemes in this requirement passed (AND), the overall security passes (OR) + if requirementSatisfied { + return true, nil + } + allErrors = append(allErrors, requirementErrors...) } return false, allErrors } + +// validateSecurityScheme checks if a single security scheme is satisfied by the request. +func (v *paramValidator) validateSecurityScheme( + secScheme *v3.SecurityScheme, + sec *base.SecurityRequirement, + request *http.Request, + pathValue string, +) (bool, []*errors.ValidationError) { + switch strings.ToLower(secScheme.Type) { + case "http": + return v.validateHTTPSecurityScheme(secScheme, sec, request, pathValue) + case "apikey": + return v.validateAPIKeySecurityScheme(secScheme, sec, request, pathValue) + } + // unknown scheme type - consider it valid to avoid false negatives + return true, nil +} + +func (v *paramValidator) validateHTTPSecurityScheme( + secScheme *v3.SecurityScheme, + sec *base.SecurityRequirement, + request *http.Request, + pathValue string, +) (bool, []*errors.ValidationError) { + authorizationHeader := request.Header.Get("Authorization") + if authorizationHeader == "" { + validationErrors := []*errors.ValidationError{ + { + Message: fmt.Sprintf("Authorization header for '%s' scheme", secScheme.Scheme), + Reason: "Authorization header was not found", + ValidationType: helpers.SecurityValidation, + ValidationSubType: secScheme.Scheme, + SpecLine: sec.GoLow().Requirements.ValueNode.Line, + SpecCol: sec.GoLow().Requirements.ValueNode.Column, + HowToFix: "Add an 'Authorization' header to this request", + }, + } + errors.PopulateValidationErrors(validationErrors, request, pathValue) + return false, validationErrors + } + if len(authorizationHeader) < len(secScheme.Scheme) || !strings.EqualFold(authorizationHeader[:len(secScheme.Scheme)], secScheme.Scheme) { + validationErrors := []*errors.ValidationError{ + { + Message: fmt.Sprintf("Authorization header scheme '%s' mismatch", secScheme.Scheme), + Reason: "Authorization header had incorrect scheme", + ValidationType: helpers.SecurityValidation, + ValidationSubType: secScheme.Scheme, + SpecLine: sec.GoLow().Requirements.ValueNode.Line, + SpecCol: sec.GoLow().Requirements.ValueNode.Column, + HowToFix: fmt.Sprintf("Use the scheme '%s' in the Authorization header "+ + "for this request", secScheme.Scheme), + }, + } + errors.PopulateValidationErrors(validationErrors, request, pathValue) + return false, validationErrors + } + return true, nil +} + +func (v *paramValidator) validateAPIKeySecurityScheme( + secScheme *v3.SecurityScheme, + sec *base.SecurityRequirement, + request *http.Request, + pathValue string, +) (bool, []*errors.ValidationError) { + switch secScheme.In { + case "header": + if request.Header.Get(secScheme.Name) == "" { + validationErrors := []*errors.ValidationError{ + { + Message: fmt.Sprintf("API Key %s not found in header", secScheme.Name), + Reason: "API Key not found in http header for security scheme 'apiKey' with type 'header'", + ValidationType: helpers.SecurityValidation, + ValidationSubType: "apiKey", + SpecLine: sec.GoLow().Requirements.ValueNode.Line, + SpecCol: sec.GoLow().Requirements.ValueNode.Column, + HowToFix: fmt.Sprintf("Add the API Key via '%s' as a header of the request", secScheme.Name), + }, + } + errors.PopulateValidationErrors(validationErrors, request, pathValue) + return false, validationErrors + } + return true, nil + + case "query": + if request.URL.Query().Get(secScheme.Name) == "" { + copyUrl := *request.URL + fixed := ©Url + q := fixed.Query() + q.Add(secScheme.Name, "your-api-key") + fixed.RawQuery = q.Encode() + + validationErrors := []*errors.ValidationError{ + { + Message: fmt.Sprintf("API Key %s not found in query", secScheme.Name), + Reason: "API Key not found in URL query for security scheme 'apiKey' with type 'query'", + ValidationType: helpers.SecurityValidation, + ValidationSubType: "apiKey", + SpecLine: sec.GoLow().Requirements.ValueNode.Line, + SpecCol: sec.GoLow().Requirements.ValueNode.Column, + HowToFix: fmt.Sprintf("Add an API Key via '%s' to the query string "+ + "of the URL, for example '%s'", secScheme.Name, fixed.String()), + }, + } + errors.PopulateValidationErrors(validationErrors, request, pathValue) + return false, validationErrors + } + return true, nil + + case "cookie": + cookies := request.Cookies() + for _, cookie := range cookies { + if cookie.Name == secScheme.Name { + return true, nil + } + } + validationErrors := []*errors.ValidationError{ + { + Message: fmt.Sprintf("API Key %s not found in cookies", secScheme.Name), + Reason: "API Key not found in http request cookies for security scheme 'apiKey' with type 'cookie'", + ValidationType: helpers.SecurityValidation, + ValidationSubType: "apiKey", + SpecLine: sec.GoLow().Requirements.ValueNode.Line, + SpecCol: sec.GoLow().Requirements.ValueNode.Column, + HowToFix: fmt.Sprintf("Submit an API Key '%s' as a cookie with the request", secScheme.Name), + }, + } + errors.PopulateValidationErrors(validationErrors, request, pathValue) + return false, validationErrors + } + + return true, nil +} diff --git a/parameters/validate_security_test.go b/parameters/validate_security_test.go index 3957613d..78d9ead5 100644 --- a/parameters/validate_security_test.go +++ b/parameters/validate_security_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley // SPDX-License-Identifier: MIT package parameters @@ -717,3 +717,369 @@ components: assert.True(t, valid) assert.Equal(t, 0, len(errors)) } + +func TestParamValidator_ValidateSecurity_ANDRequirement_BothPresent(t *testing.T) { + // Test AND security requirement: both schemes in same requirement must pass + spec := `openapi: 3.1.0 +paths: + /products: + post: + security: + - ApiKeyAuthHeader: [] + BasicAuth: [] +components: + securitySchemes: + ApiKeyAuthHeader: + type: apiKey + in: header + name: X-API-Key + BasicAuth: + type: http + scheme: basic +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Request with BOTH api key AND authorization header - should pass + request, _ := http.NewRequest(http.MethodPost, "https://things.com/products", nil) + request.Header.Add("X-API-Key", "1234") + request.Header.Add("Authorization", "Basic dXNlcjpwYXNz") + + valid, errors := v.ValidateSecurity(request) + assert.True(t, valid) + assert.Empty(t, errors) +} + +func TestParamValidator_ValidateSecurity_ANDRequirement_OnlyApiKey(t *testing.T) { + // Test AND security requirement: missing one scheme should fail + spec := `openapi: 3.1.0 +paths: + /products: + post: + security: + - ApiKeyAuthHeader: [] + BasicAuth: [] +components: + securitySchemes: + ApiKeyAuthHeader: + type: apiKey + in: header + name: X-API-Key + BasicAuth: + type: http + scheme: basic +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Request with ONLY api key - should fail because BasicAuth is also required + request, _ := http.NewRequest(http.MethodPost, "https://things.com/products", nil) + request.Header.Add("X-API-Key", "1234") + + valid, errors := v.ValidateSecurity(request) + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "Authorization header") +} + +func TestParamValidator_ValidateSecurity_ANDRequirement_OnlyBasicAuth(t *testing.T) { + // Test AND security requirement: missing one scheme should fail + spec := `openapi: 3.1.0 +paths: + /products: + post: + security: + - ApiKeyAuthHeader: [] + BasicAuth: [] +components: + securitySchemes: + ApiKeyAuthHeader: + type: apiKey + in: header + name: X-API-Key + BasicAuth: + type: http + scheme: basic +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Request with ONLY authorization header - should fail because ApiKeyAuthHeader is also required + request, _ := http.NewRequest(http.MethodPost, "https://things.com/products", nil) + request.Header.Add("Authorization", "Basic dXNlcjpwYXNz") + + valid, errors := v.ValidateSecurity(request) + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "API Key") +} + +func TestParamValidator_ValidateSecurity_ANDRequirement_NeitherPresent(t *testing.T) { + // Test AND security requirement: missing both schemes should return errors for both + spec := `openapi: 3.1.0 +paths: + /products: + post: + security: + - ApiKeyAuthHeader: [] + BasicAuth: [] +components: + securitySchemes: + ApiKeyAuthHeader: + type: apiKey + in: header + name: X-API-Key + BasicAuth: + type: http + scheme: basic +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Request with neither - should fail with errors for both + request, _ := http.NewRequest(http.MethodPost, "https://things.com/products", nil) + + valid, errors := v.ValidateSecurity(request) + assert.False(t, valid) + assert.Len(t, errors, 2) +} + +func TestParamValidator_ValidateSecurity_ORWithAND_FirstOROptionPasses(t *testing.T) { + // Test mixed OR and AND: first option is single scheme, second is AND requirement + spec := `openapi: 3.1.0 +paths: + /products: + post: + security: + - ApiKeyAuthHeader: [] + - BasicAuth: [] + BearerAuth: [] +components: + securitySchemes: + ApiKeyAuthHeader: + type: apiKey + in: header + name: X-API-Key + BasicAuth: + type: http + scheme: basic + BearerAuth: + type: http + scheme: bearer +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Request with only API key - should pass (first OR option) + request, _ := http.NewRequest(http.MethodPost, "https://things.com/products", nil) + request.Header.Add("X-API-Key", "1234") + + valid, errors := v.ValidateSecurity(request) + assert.True(t, valid) + assert.Empty(t, errors) +} + +func TestParamValidator_ValidateSecurity_ORWithAND_SecondOROptionPasses(t *testing.T) { + // Test mixed OR and AND: second option (AND requirement) passes + spec := `openapi: 3.1.0 +paths: + /products: + post: + security: + - ApiKeyAuthHeader: [] + - BasicAuth: [] + ApiKeyAuthQuery: [] +components: + securitySchemes: + ApiKeyAuthHeader: + type: apiKey + in: header + name: X-API-Key + ApiKeyAuthQuery: + type: apiKey + in: query + name: api_key + BasicAuth: + type: http + scheme: basic +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Request with basic auth AND query API key - should pass (second OR option, which is AND) + request, _ := http.NewRequest(http.MethodPost, "https://things.com/products?api_key=secret", nil) + request.Header.Add("Authorization", "Basic dXNlcjpwYXNz") + + valid, errors := v.ValidateSecurity(request) + assert.True(t, valid) + assert.Empty(t, errors) +} + +func TestParamValidator_ValidateSecurity_ORWithAND_PartialSecondOption(t *testing.T) { + // Test mixed OR and AND: partial match on second option should try both and fail + spec := `openapi: 3.1.0 +paths: + /products: + post: + security: + - ApiKeyAuthHeader: [] + - BasicAuth: [] + ApiKeyAuthQuery: [] +components: + securitySchemes: + ApiKeyAuthHeader: + type: apiKey + in: header + name: X-API-Key + ApiKeyAuthQuery: + type: apiKey + in: query + name: api_key + BasicAuth: + type: http + scheme: basic +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Request with only basic auth - should fail (first option needs X-API-Key header, + // second option needs BOTH basic auth AND api_key query param) + request, _ := http.NewRequest(http.MethodPost, "https://things.com/products", nil) + request.Header.Add("Authorization", "Basic dXNlcjpwYXNz") + + valid, errors := v.ValidateSecurity(request) + assert.False(t, valid) + // Should have errors from both OR options + assert.GreaterOrEqual(t, len(errors), 1) +} + +func TestParamValidator_ValidateSecurity_UnknownSchemeType(t *testing.T) { + // Test oauth2 type - unknown to our validator, should pass through (not fail) + spec := `openapi: 3.1.0 +paths: + /products: + get: + security: + - OAuth2: [] +components: + securitySchemes: + OAuth2: + type: oauth2 + flows: + implicit: + authorizationUrl: https://example.com/oauth + scopes: + read: Read access +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Request with no auth - should pass because oauth2 type is not validated + request, _ := http.NewRequest(http.MethodGet, "https://things.com/products", nil) + + valid, errors := v.ValidateSecurity(request) + assert.True(t, valid) + assert.Empty(t, errors) +} + +func TestParamValidator_ValidateSecurity_CustomHTTPScheme(t *testing.T) { + // Test custom HTTP scheme - should pass with correct scheme in header + spec := `openapi: 3.1.0 +paths: + /products: + get: + security: + - CustomAuth: [] +components: + securitySchemes: + CustomAuth: + type: http + scheme: custom +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Request with custom auth header - should pass + request, _ := http.NewRequest(http.MethodGet, "https://things.com/products", nil) + request.Header.Add("Authorization", "Custom dXNlcjpwYXNz") + + valid, errors := v.ValidateSecurity(request) + assert.True(t, valid) + assert.Empty(t, errors) +} + +func TestParamValidator_ValidateSecurity_APIKey_UnknownInLocation(t *testing.T) { + // Test apiKey with unknown "in" location - should pass through (fallback at line 221) + spec := `openapi: 3.1.0 +paths: + /products: + get: + security: + - ApiKeyAuth: [] +components: + securitySchemes: + ApiKeyAuth: + type: apiKey + in: body + name: X-API-Key +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Request with no auth - should pass because "body" is an unknown "in" location + // and the validator falls through to return true (line 221) + request, _ := http.NewRequest(http.MethodGet, "https://things.com/products", nil) + + valid, errors := v.ValidateSecurity(request) + assert.True(t, valid) + assert.Empty(t, errors) +} + +func TestParamValidator_ValidateSecurity_HTTPScheme_Mismatch(t *testing.T) { + // Test http scheme with mismatch in header: should return errors + spec := `openapi: 3.1.0 +paths: + /products: + get: + security: + - CustomAuth: [] +components: + securitySchemes: + CustomAuth: + type: http + scheme: custom +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + v := NewParameterValidator(&m.Model) + + // Request with auth header - should fail as header scheme is incorrect + request, _ := http.NewRequest(http.MethodGet, "https://things.com/products", nil) + request.Header.Add("Authorization", "Basic dXNlcjpwYXNz") + + valid, errors := v.ValidateSecurity(request) + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "Authorization header scheme 'custom' mismatch") +} diff --git a/paths/paths.go b/paths/paths.go index 0db194b7..d8e3806a 100644 --- a/paths/paths.go +++ b/paths/paths.go @@ -25,6 +25,9 @@ import ( // that were picked up when locating the path. // The third return value will be the path that was found in the document, as it pertains to the contract, so all path // parameters will not have been replaced with their values from the request - allowing model lookups. +// +// Path matching follows the OpenAPI specification: literal (concrete) paths take precedence over +// parameterized paths, regardless of definition order in the specification. func FindPath(request *http.Request, document *v3.Document, regexCache config.RegexCache) (*v3.PathItem, []*errors.ValidationError, string) { basePaths := getBasePaths(document) stripped := StripRequestPath(request, document) @@ -34,21 +37,15 @@ func FindPath(request *http.Request, document *v3.Document, regexCache config.Re reqPathSegments = reqPathSegments[1:] } - var pItem *v3.PathItem - var foundPath string + candidates := make([]pathCandidate, 0, document.Paths.PathItems.Len()) + for pair := orderedmap.First(document.Paths.PathItems); pair != nil; pair = pair.Next() { path := pair.Key() pathItem := pair.Value() - // if the stripped path has a fragment, then use that as part of the lookup - // if not, then strip off any fragments from the pathItem - if !strings.Contains(stripped, "#") { - if strings.Contains(path, "#") { - path = strings.Split(path, "#")[0] - } - } + pathForMatching := normalizePathForMatching(path, stripped) - segs := strings.Split(path, "/") + segs := strings.Split(pathForMatching, "/") if segs[0] == "" { segs = segs[1:] } @@ -57,72 +54,68 @@ func FindPath(request *http.Request, document *v3.Document, regexCache config.Re if !ok { continue } - pItem = pathItem - foundPath = path - switch request.Method { - case http.MethodGet: - if pathItem.Get != nil { - return pathItem, nil, path - } - case http.MethodPost: - if pathItem.Post != nil { - return pathItem, nil, path - } - case http.MethodPut: - if pathItem.Put != nil { - return pathItem, nil, path - } - case http.MethodDelete: - if pathItem.Delete != nil { - return pathItem, nil, path - } - case http.MethodOptions: - if pathItem.Options != nil { - return pathItem, nil, path - } - case http.MethodHead: - if pathItem.Head != nil { - return pathItem, nil, path - } - case http.MethodPatch: - if pathItem.Patch != nil { - return pathItem, nil, path - } - case http.MethodTrace: - if pathItem.Trace != nil { - return pathItem, nil, path - } + + // Compute specificity score and check if method exists + score := computeSpecificityScore(path) + hasMethod := pathHasMethod(pathItem, request.Method) + + candidates = append(candidates, pathCandidate{ + pathItem: pathItem, + path: path, + score: score, + hasMethod: hasMethod, + }) + } + + if len(candidates) == 0 { + validationErrors := []*errors.ValidationError{ + { + ValidationType: helpers.PathValidation, + ValidationSubType: helpers.ValidationMissing, + Message: fmt.Sprintf("%s Path '%s' not found", request.Method, request.URL.Path), + Reason: fmt.Sprintf("The %s request contains a path of '%s' "+ + "however that path, or the %s method for that path does not exist in the specification", + request.Method, request.URL.Path, request.Method), + SpecLine: -1, + SpecCol: -1, + HowToFix: errors.HowToFixPath, + }, } + errors.PopulateValidationErrors(validationErrors, request, "") + return nil, validationErrors, "" } - if pItem != nil { - validationErrors := []*errors.ValidationError{{ - ValidationType: helpers.ParameterValidationPath, - ValidationSubType: "missingOperation", - Message: fmt.Sprintf("%s Path '%s' not found", request.Method, request.URL.Path), - Reason: fmt.Sprintf("The %s method for that path does not exist in the specification", - request.Method), - SpecLine: -1, - SpecCol: -1, - HowToFix: errors.HowToFixPath, - }} - errors.PopulateValidationErrors(validationErrors, request, foundPath) - return pItem, validationErrors, foundPath + + bestWithMethod, bestOverall := selectMatches(candidates) + + if bestWithMethod != nil { + return bestWithMethod.pathItem, nil, bestWithMethod.path } - validationErrors := []*errors.ValidationError{ - { - ValidationType: helpers.ParameterValidationPath, - ValidationSubType: "missing", - Message: fmt.Sprintf("%s Path '%s' not found", request.Method, request.URL.Path), - Reason: fmt.Sprintf("The %s request contains a path of '%s' "+ - "however that path, or the %s method for that path does not exist in the specification", - request.Method, request.URL.Path, request.Method), - SpecLine: -1, - SpecCol: -1, - HowToFix: errors.HowToFixPath, - }, + + // path matches exist but none have the required method + validationErrors := []*errors.ValidationError{{ + ValidationType: helpers.PathValidation, + ValidationSubType: helpers.ValidationMissingOperation, + Message: fmt.Sprintf("%s Path '%s' not found", request.Method, request.URL.Path), + Reason: fmt.Sprintf("The %s method for that path does not exist in the specification", + request.Method), + SpecLine: -1, + SpecCol: -1, + HowToFix: errors.HowToFixPath, + }} + errors.PopulateValidationErrors(validationErrors, request, bestOverall.path) + return bestOverall.pathItem, validationErrors, bestOverall.path +} + +// normalizePathForMatching removes the fragment from a path template unless +// the request path itself contains a fragment. +func normalizePathForMatching(path, requestPath string) string { + if strings.Contains(requestPath, "#") { + return path } - errors.PopulateValidationErrors(validationErrors, request, "") - return nil, validationErrors, "" + if idx := strings.IndexByte(path, '#'); idx >= 0 { + return path[:idx] + } + return path } func getBasePaths(document *v3.Document) []string { diff --git a/paths/paths_test.go b/paths/paths_test.go index d7650c80..32f5f754 100644 --- a/paths/paths_test.go +++ b/paths/paths_test.go @@ -859,3 +859,505 @@ paths: assert.Len(t, keys, 4) assert.Len(t, addresses, 3) } + +// Test cases for path precedence - Issue #181 +// According to OpenAPI spec, literal paths take precedence over parameterized paths + +func TestFindPath_LiteralTakesPrecedenceOverParameter(t *testing.T) { + // This is the exact bug case from issue #181 + spec := `openapi: 3.1.0 +info: + title: Path Precedence Bug + version: 1.0.0 +paths: + /Messages/{message_id}: + parameters: + - name: message_id + in: path + required: true + schema: + type: string + pattern: '^comms_message_[0-7][a-hjkmnpqrstv-z0-9]{25,34}' + get: + operationId: getMessage + responses: + '200': + description: OK + /Messages/Operations: + get: + operationId: getOperations + summary: List Operations + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + // Request to literal path should match literal, not parameter + request, _ := http.NewRequest(http.MethodGet, "https://api.com/Messages/Operations", nil) + pathItem, errs, foundPath := FindPath(request, &m.Model, nil) + + assert.Nil(t, errs, "Expected no errors") + assert.NotNil(t, pathItem, "Expected pathItem to be found") + assert.Equal(t, "getOperations", pathItem.Get.OperationId, "Should match literal path") + assert.Equal(t, "/Messages/Operations", foundPath) +} + +func TestFindPath_LiteralPrecedence_ReverseOrder(t *testing.T) { + // Same test but with paths defined in opposite order + // Result should be the same - literal always wins + spec := `openapi: 3.1.0 +info: + title: Path Precedence Test + version: 1.0.0 +paths: + /Messages/Operations: + get: + operationId: getOperations + responses: + '200': + description: OK + /Messages/{message_id}: + get: + operationId: getMessage + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + request, _ := http.NewRequest(http.MethodGet, "https://api.com/Messages/Operations", nil) + pathItem, errs, foundPath := FindPath(request, &m.Model, nil) + + assert.Nil(t, errs) + assert.NotNil(t, pathItem) + assert.Equal(t, "getOperations", pathItem.Get.OperationId) + assert.Equal(t, "/Messages/Operations", foundPath) +} + +func TestFindPath_ParameterStillMatchesNonLiteral(t *testing.T) { + spec := `openapi: 3.1.0 +info: + title: Path Precedence Test + version: 1.0.0 +paths: + /Messages/{message_id}: + get: + operationId: getMessage + responses: + '200': + description: OK + /Messages/Operations: + get: + operationId: getOperations + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + // Request to a non-literal value should match parameter path + request, _ := http.NewRequest(http.MethodGet, "https://api.com/Messages/12345", nil) + pathItem, errs, foundPath := FindPath(request, &m.Model, nil) + + assert.Nil(t, errs) + assert.NotNil(t, pathItem) + assert.Equal(t, "getMessage", pathItem.Get.OperationId) + assert.Equal(t, "/Messages/{message_id}", foundPath) +} + +func TestFindPath_MultipleParameterLevels(t *testing.T) { + spec := `openapi: 3.1.0 +info: + title: Path Precedence Test + version: 1.0.0 +paths: + /api/{version}/users/{id}: + get: + operationId: getUserVersioned + responses: + '200': + description: OK + /api/v1/users/{id}: + get: + operationId: getUserV1 + responses: + '200': + description: OK + /api/v1/users/me: + get: + operationId: getCurrentUser + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + tests := []struct { + url string + expectedOp string + expectedPath string + }{ + // Most specific: all literals + {"https://api.com/api/v1/users/me", "getCurrentUser", "/api/v1/users/me"}, + // More specific: 3 literals + 1 param + {"https://api.com/api/v1/users/123", "getUserV1", "/api/v1/users/{id}"}, + // Least specific: 2 literals + 2 params + {"https://api.com/api/v2/users/123", "getUserVersioned", "/api/{version}/users/{id}"}, + } + + for _, tt := range tests { + t.Run(tt.url, func(t *testing.T) { + request, _ := http.NewRequest(http.MethodGet, tt.url, nil) + pathItem, errs, foundPath := FindPath(request, &m.Model, nil) + + assert.Nil(t, errs) + assert.NotNil(t, pathItem) + assert.Equal(t, tt.expectedOp, pathItem.Get.OperationId) + assert.Equal(t, tt.expectedPath, foundPath) + }) + } +} + +func TestFindPath_TieBreaker_DefinitionOrder(t *testing.T) { + // When two paths have equal specificity (same number of literals/params), + // the first defined path should win + spec := `openapi: 3.1.0 +info: + title: Path Precedence Test + version: 1.0.0 +paths: + /pets/{petId}: + get: + operationId: getPetById + responses: + '200': + description: OK + /pets/{petName}: + get: + operationId: getPetByName + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + request, _ := http.NewRequest(http.MethodGet, "https://api.com/pets/fluffy", nil) + pathItem, _, foundPath := FindPath(request, &m.Model, nil) + + // First defined path wins when scores are equal + assert.Equal(t, "getPetById", pathItem.Get.OperationId) + assert.Equal(t, "/pets/{petId}", foundPath) +} + +func TestFindPath_PetsMinePrecedence(t *testing.T) { + // Classic example from OpenAPI spec: /pets/mine vs /pets/{petId} + spec := `openapi: 3.1.0 +info: + title: Petstore + version: 1.0.0 +paths: + /pets/{petId}: + get: + operationId: getPet + responses: + '200': + description: OK + /pets/mine: + get: + operationId: getMyPets + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + // /pets/mine should match literal path + request, _ := http.NewRequest(http.MethodGet, "https://api.com/pets/mine", nil) + pathItem, errs, foundPath := FindPath(request, &m.Model, nil) + + assert.Nil(t, errs) + assert.Equal(t, "getMyPets", pathItem.Get.OperationId) + assert.Equal(t, "/pets/mine", foundPath) + + // /pets/123 should match parameter path + request, _ = http.NewRequest(http.MethodGet, "https://api.com/pets/123", nil) + pathItem, errs, foundPath = FindPath(request, &m.Model, nil) + + assert.Nil(t, errs) + assert.Equal(t, "getPet", pathItem.Get.OperationId) + assert.Equal(t, "/pets/{petId}", foundPath) +} + +func TestFindPath_DeepNestedPrecedence(t *testing.T) { + spec := `openapi: 3.1.0 +info: + title: Nested Paths + version: 1.0.0 +paths: + /api/{version}/resources/{id}/actions/{action}: + get: + operationId: genericAction + responses: + '200': + description: OK + /api/v1/resources/{id}/actions/delete: + get: + operationId: deleteResource + responses: + '200': + description: OK + /api/v1/resources/special/actions/delete: + get: + operationId: deleteSpecial + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + tests := []struct { + url string + expectedOp string + expectedPath string + }{ + // All literals - most specific + {"https://api.com/api/v1/resources/special/actions/delete", "deleteSpecial", "/api/v1/resources/special/actions/delete"}, + // 5 literals + 1 param + {"https://api.com/api/v1/resources/123/actions/delete", "deleteResource", "/api/v1/resources/{id}/actions/delete"}, + // 3 literals + 3 params - least specific + {"https://api.com/api/v2/resources/123/actions/update", "genericAction", "/api/{version}/resources/{id}/actions/{action}"}, + } + + for _, tt := range tests { + t.Run(tt.url, func(t *testing.T) { + request, _ := http.NewRequest(http.MethodGet, tt.url, nil) + pathItem, errs, foundPath := FindPath(request, &m.Model, nil) + + assert.Nil(t, errs) + assert.NotNil(t, pathItem) + assert.Equal(t, tt.expectedOp, pathItem.Get.OperationId) + assert.Equal(t, tt.expectedPath, foundPath) + }) + } +} + +func TestFindPath_MethodMismatchUsesHighestScore(t *testing.T) { + // When path matches but method doesn't exist, error should reference + // the most specific matching path + spec := `openapi: 3.1.0 +info: + title: Method Mismatch Test + version: 1.0.0 +paths: + /users/{id}: + get: + operationId: getUser + responses: + '200': + description: OK + /users/admin: + get: + operationId: getAdmin + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + // POST to /users/admin - literal path should be chosen for error + request, _ := http.NewRequest(http.MethodPost, "https://api.com/users/admin", nil) + pathItem, errs, foundPath := FindPath(request, &m.Model, nil) + + assert.NotNil(t, errs) + assert.Len(t, errs, 1) + assert.Equal(t, "/users/admin", foundPath) + assert.NotNil(t, pathItem) + assert.True(t, errs[0].IsOperationMissingError()) +} + +func TestFindPath_WithQueryParams(t *testing.T) { + // Ensure query params don't affect path matching precedence + spec := `openapi: 3.1.0 +info: + title: Query Params Test + version: 1.0.0 +paths: + /Messages/{message_id}: + get: + operationId: getMessage + responses: + '200': + description: OK + /Messages/Operations: + get: + operationId: getOperations + parameters: + - name: start_date + in: query + schema: + type: string + - name: end_date + in: query + schema: + type: string + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + // This is the exact request from issue #181 + request, _ := http.NewRequest(http.MethodGet, + "https://api.com/Messages/Operations?start_date=2020-01-01T00:00:00Z&end_date=2025-12-31T23:59:59Z&page_size=10", nil) + pathItem, errs, foundPath := FindPath(request, &m.Model, nil) + + assert.Nil(t, errs) + assert.NotNil(t, pathItem) + assert.Equal(t, "getOperations", pathItem.Get.OperationId) + assert.Equal(t, "/Messages/Operations", foundPath) +} + +func TestFindPath_WithRegexCache(t *testing.T) { + // Ensure precedence works correctly with regex cache + spec := `openapi: 3.1.0 +info: + title: Cache Test + version: 1.0.0 +paths: + /Messages/{message_id}: + get: + operationId: getMessage + responses: + '200': + description: OK + /Messages/Operations: + get: + operationId: getOperations + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + regexCache := &sync.Map{} + + // First request - populates cache + request, _ := http.NewRequest(http.MethodGet, "https://api.com/Messages/Operations", nil) + pathItem, errs, foundPath := FindPath(request, &m.Model, regexCache) + + assert.Nil(t, errs) + assert.Equal(t, "getOperations", pathItem.Get.OperationId) + assert.Equal(t, "/Messages/Operations", foundPath) + + // Second request - uses cache + request, _ = http.NewRequest(http.MethodGet, "https://api.com/Messages/12345", nil) + pathItem, errs, foundPath = FindPath(request, &m.Model, regexCache) + + assert.Nil(t, errs) + assert.Equal(t, "getMessage", pathItem.Get.OperationId) + assert.Equal(t, "/Messages/{message_id}", foundPath) + + // Third request - still works correctly + request, _ = http.NewRequest(http.MethodGet, "https://api.com/Messages/Operations", nil) + pathItem, errs, foundPath = FindPath(request, &m.Model, regexCache) + + assert.Nil(t, errs) + assert.Equal(t, "getOperations", pathItem.Get.OperationId) + assert.Equal(t, "/Messages/Operations", foundPath) +} + +func TestFindPath_WithFragment(t *testing.T) { + // Test that request paths with fragments are handled correctly + spec := `openapi: 3.1.0 +info: + title: Fragment Test + version: 1.0.0 +paths: + /users/{id}: + get: + operationId: getUser + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + // Request with fragment in URL + request, _ := http.NewRequest(http.MethodGet, "https://api.com/users/123#section", nil) + pathItem, errs, foundPath := FindPath(request, &m.Model, nil) + + assert.Nil(t, errs) + assert.NotNil(t, pathItem) + assert.Equal(t, "getUser", pathItem.Get.OperationId) + assert.Equal(t, "/users/{id}", foundPath) +} + +func TestFindPath_WithTrailingSlashBasePath(t *testing.T) { + // Test that base paths with trailing slash work correctly + spec := `openapi: 3.1.0 +info: + title: Trailing Slash Test + version: 1.0.0 +servers: + - url: https://api.com/v1/ +paths: + /users: + get: + operationId: getUsers + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + // Request to path that includes base with trailing slash + request, _ := http.NewRequest(http.MethodGet, "https://api.com/v1/users", nil) + pathItem, errs, foundPath := FindPath(request, &m.Model, nil) + + assert.Nil(t, errs) + assert.NotNil(t, pathItem) + assert.Equal(t, "getUsers", pathItem.Get.OperationId) + assert.Equal(t, "/users", foundPath) +} + +func TestFindPath_PathTemplateWithFragment_RequestWithoutFragment(t *testing.T) { + // Test that path templates with fragments are normalized when request has no fragment + // This covers normalizePathForMatching stripping fragment from template (line 115-117) + spec := `openapi: 3.1.0 +info: + title: Fragment Normalization Test + version: 1.0.0 +paths: + /hashy#section: + post: + operationId: postHashy + responses: + '200': + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + // Request WITHOUT fragment should still match path template WITH fragment + // because normalizePathForMatching strips the fragment from template + request, _ := http.NewRequest(http.MethodPost, "https://api.com/hashy", nil) + pathItem, errs, foundPath := FindPath(request, &m.Model, nil) + + assert.Nil(t, errs) + assert.NotNil(t, pathItem) + assert.Equal(t, "postHashy", pathItem.Post.OperationId) + assert.Equal(t, "/hashy#section", foundPath) +} diff --git a/paths/specificity.go b/paths/specificity.go new file mode 100644 index 00000000..ef84b796 --- /dev/null +++ b/paths/specificity.go @@ -0,0 +1,97 @@ +// Copyright 2023-2025 Princess B33f Heavy Industries / Dave Shanley +// SPDX-License-Identifier: MIT + +package paths + +import ( + "net/http" + "strings" + + v3 "github.com/pb33f/libopenapi/datamodel/high/v3" +) + +// pathCandidate represents a potential path match with metadata for selection. +type pathCandidate struct { + pathItem *v3.PathItem + path string + score int + hasMethod bool +} + +// computeSpecificityScore calculates how specific a path template is. +// literal segments score higher than parameterized segments, ensuring +// "/pets/mine" is preferred over "/pets/{id}" per OpenAPI spec. +// +// scoring: +// - literal segment: 1000 points +// - parameter segment: 1 point +// +// this weighting ensures any path with more literal segments always wins, +// regardless of parameter positions. +func computeSpecificityScore(pathTemplate string) int { + segments := strings.Split(pathTemplate, "/") + score := 0 + + for _, seg := range segments { + if seg == "" { + continue + } + if isParameterSegment(seg) { + score += 1 + } else { + score += 1000 + } + } + return score +} + +// isParameterSegment returns true if the segment contains a path parameter. +// handles standard {param}, label {.param}, and exploded {param*} formats. +func isParameterSegment(seg string) bool { + return strings.Contains(seg, "{") && strings.Contains(seg, "}") +} + +// pathHasMethod checks if the PathItem has an operation for the given HTTP method. +func pathHasMethod(pathItem *v3.PathItem, method string) bool { + switch method { + case http.MethodGet: + return pathItem.Get != nil + case http.MethodPost: + return pathItem.Post != nil + case http.MethodPut: + return pathItem.Put != nil + case http.MethodDelete: + return pathItem.Delete != nil + case http.MethodOptions: + return pathItem.Options != nil + case http.MethodHead: + // Treat HEAD as present when either + // a Head operation exists or, if Head is absent, when a Get exists + // per HTTP semantics (HEAD can be handled by GET if no explicit + // HEAD operation is defined). + return pathItem.Head != nil || pathItem.Get != nil + case http.MethodPatch: + return pathItem.Patch != nil + case http.MethodTrace: + return pathItem.Trace != nil + } + return false +} + +// selectMatches finds the best matching candidates in a single pass. +// returns the highest-scoring candidate with the method (or nil), and +// the highest-scoring candidate overall (for error reporting). +func selectMatches(candidates []pathCandidate) (withMethod, highest *pathCandidate) { + for i := range candidates { + c := &candidates[i] + + if c.hasMethod && (withMethod == nil || c.score > withMethod.score) { + withMethod = c + } + + if highest == nil || c.score > highest.score { + highest = c + } + } + return withMethod, highest +} diff --git a/paths/specificity_test.go b/paths/specificity_test.go new file mode 100644 index 00000000..4c1f52c8 --- /dev/null +++ b/paths/specificity_test.go @@ -0,0 +1,320 @@ +// Copyright 2023-2025 Princess B33f Heavy Industries / Dave Shanley +// SPDX-License-Identifier: MIT + +package paths + +import ( + "testing" + + v3 "github.com/pb33f/libopenapi/datamodel/high/v3" + "github.com/stretchr/testify/assert" +) + +func TestComputeSpecificityScore(t *testing.T) { + tests := []struct { + name string + path string + expected int + }{ + { + name: "single literal segment", + path: "/pets", + expected: 1000, + }, + { + name: "single parameter segment", + path: "/{id}", + expected: 1, + }, + { + name: "literal then parameter", + path: "/pets/{id}", + expected: 1001, + }, + { + name: "two literal segments", + path: "/pets/mine", + expected: 2000, + }, + { + name: "two parameter segments", + path: "/{tenant}/{id}", + expected: 2, + }, + { + name: "mixed - param literal param", + path: "/{tenant}/users/{id}", + expected: 1002, + }, + { + name: "three literal segments", + path: "/api/v1/users", + expected: 3000, + }, + { + name: "two literals one param", + path: "/api/v1/{resource}", + expected: 2001, + }, + { + name: "four literals", + path: "/api/v1/users/profile", + expected: 4000, + }, + { + name: "label parameter format", + path: "/burgers/{.burgerId}/locate", + expected: 2001, + }, + { + name: "exploded parameter format", + path: "/burgers/{burgerId*}/locate", + expected: 2001, + }, + { + name: "empty path", + path: "/", + expected: 0, + }, + { + name: "OData style path", + path: "/entities('{Entity}')", + expected: 1, + }, + { + name: "complex OData path", + path: "/orders(RelationshipNumber='{RelationshipNumber}',ValidityEndDate=datetime'{ValidityEndDate}')", + expected: 1, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + score := computeSpecificityScore(tt.path) + assert.Equal(t, tt.expected, score, "path: %s", tt.path) + }) + } +} + +func TestIsParameterSegment(t *testing.T) { + tests := []struct { + segment string + expected bool + }{ + {"users", false}, + {"{id}", true}, + {"{.id}", true}, + {"{id*}", true}, + {"mine", false}, + {"", false}, + {"v1", false}, + {"{petId}", true}, + {"{message_id}", true}, + {"Operations", false}, + {"entities('{Entity}')", true}, + {"literal", false}, + } + + for _, tt := range tests { + t.Run(tt.segment, func(t *testing.T) { + result := isParameterSegment(tt.segment) + assert.Equal(t, tt.expected, result, "segment: %s", tt.segment) + }) + } +} + +func TestPathHasMethod(t *testing.T) { + tests := []struct { + name string + pathItem *v3.PathItem + method string + expected bool + }{ + { + name: "GET exists", + pathItem: &v3.PathItem{Get: &v3.Operation{}}, + method: "GET", + expected: true, + }, + { + name: "GET missing", + pathItem: &v3.PathItem{Post: &v3.Operation{}}, + method: "GET", + expected: false, + }, + { + name: "POST exists", + pathItem: &v3.PathItem{Post: &v3.Operation{}}, + method: "POST", + expected: true, + }, + { + name: "PUT exists", + pathItem: &v3.PathItem{Put: &v3.Operation{}}, + method: "PUT", + expected: true, + }, + { + name: "DELETE exists", + pathItem: &v3.PathItem{Delete: &v3.Operation{}}, + method: "DELETE", + expected: true, + }, + { + name: "OPTIONS exists", + pathItem: &v3.PathItem{Options: &v3.Operation{}}, + method: "OPTIONS", + expected: true, + }, + { + name: "HEAD exists", + pathItem: &v3.PathItem{Head: &v3.Operation{}}, + method: "HEAD", + expected: true, + }, + { + name: "HEAD if GET exists", + pathItem: &v3.PathItem{Get: &v3.Operation{}}, + method: "HEAD", + expected: true, + }, + { + name: "PATCH exists", + pathItem: &v3.PathItem{Patch: &v3.Operation{}}, + method: "PATCH", + expected: true, + }, + { + name: "TRACE exists", + pathItem: &v3.PathItem{Trace: &v3.Operation{}}, + method: "TRACE", + expected: true, + }, + { + name: "unknown method", + pathItem: &v3.PathItem{Get: &v3.Operation{}}, + method: "UNKNOWN", + expected: false, + }, + { + name: "empty pathItem", + pathItem: &v3.PathItem{}, + method: "GET", + expected: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := pathHasMethod(tt.pathItem, tt.method) + assert.Equal(t, tt.expected, result) + }) + } +} + +func TestSelectMatches(t *testing.T) { + tests := []struct { + name string + candidates []pathCandidate + expectedWithMethod string // expected path for withMethod, or empty if nil + expectedHighest string // expected path for highest, or empty if nil + }{ + { + name: "single candidate with method", + candidates: []pathCandidate{ + {path: "/pets/{id}", score: 1001, hasMethod: true}, + }, + expectedWithMethod: "/pets/{id}", + expectedHighest: "/pets/{id}", + }, + { + name: "single candidate without method", + candidates: []pathCandidate{ + {path: "/pets/{id}", score: 1001, hasMethod: false}, + }, + expectedWithMethod: "", + expectedHighest: "/pets/{id}", + }, + { + name: "higher score wins", + candidates: []pathCandidate{ + {path: "/pets/{id}", score: 1001, hasMethod: true}, + {path: "/pets/mine", score: 2000, hasMethod: true}, + }, + expectedWithMethod: "/pets/mine", + expectedHighest: "/pets/mine", + }, + { + name: "higher score wins - reverse order", + candidates: []pathCandidate{ + {path: "/pets/mine", score: 2000, hasMethod: true}, + {path: "/pets/{id}", score: 1001, hasMethod: true}, + }, + expectedWithMethod: "/pets/mine", + expectedHighest: "/pets/mine", + }, + { + name: "higher score without method is skipped for withMethod", + candidates: []pathCandidate{ + {path: "/pets/{id}", score: 1001, hasMethod: true}, + {path: "/pets/mine", score: 2000, hasMethod: false}, + }, + expectedWithMethod: "/pets/{id}", + expectedHighest: "/pets/mine", + }, + { + name: "equal scores - first wins", + candidates: []pathCandidate{ + {path: "/pets/{petId}", score: 1001, hasMethod: true}, + {path: "/pets/{petName}", score: 1001, hasMethod: true}, + }, + expectedWithMethod: "/pets/{petId}", + expectedHighest: "/pets/{petId}", + }, + { + name: "empty candidates", + candidates: []pathCandidate{}, + expectedWithMethod: "", + expectedHighest: "", + }, + { + name: "all candidates without method", + candidates: []pathCandidate{ + {path: "/pets/{id}", score: 1001, hasMethod: false}, + {path: "/pets/mine", score: 2000, hasMethod: false}, + }, + expectedWithMethod: "", + expectedHighest: "/pets/mine", + }, + { + name: "three candidates mixed", + candidates: []pathCandidate{ + {path: "/{tenant}/users/{id}", score: 1002, hasMethod: true}, + {path: "/api/users/{id}", score: 2001, hasMethod: true}, + {path: "/api/users/me", score: 3000, hasMethod: true}, + }, + expectedWithMethod: "/api/users/me", + expectedHighest: "/api/users/me", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + withMethod, highest := selectMatches(tt.candidates) + + if tt.expectedWithMethod == "" { + assert.Nil(t, withMethod) + } else { + assert.NotNil(t, withMethod) + assert.Equal(t, tt.expectedWithMethod, withMethod.path) + } + + if tt.expectedHighest == "" { + assert.Nil(t, highest) + } else { + assert.NotNil(t, highest) + assert.Equal(t, tt.expectedHighest, highest.path) + } + }) + } +} diff --git a/requests/validate_body.go b/requests/validate_body.go index 6e9c13a3..6b74b073 100644 --- a/requests/validate_body.go +++ b/requests/validate_body.go @@ -4,7 +4,10 @@ package requests import ( + "bytes" + "encoding/json" "fmt" + "io" "net/http" "strings" @@ -14,6 +17,7 @@ import ( "github.com/pb33f/libopenapi-validator/errors" "github.com/pb33f/libopenapi-validator/helpers" "github.com/pb33f/libopenapi-validator/paths" + "github.com/pb33f/libopenapi-validator/schema_validation" ) func (v *requestBodyValidator) ValidateRequestBody(request *http.Request) (bool, []*errors.ValidationError) { @@ -27,8 +31,8 @@ func (v *requestBodyValidator) ValidateRequestBody(request *http.Request) (bool, func (v *requestBodyValidator) ValidateRequestBodyWithPathItem(request *http.Request, pathItem *v3.PathItem, pathValue string) (bool, []*errors.ValidationError) { if pathItem == nil { return false, []*errors.ValidationError{{ - ValidationType: helpers.ParameterValidationPath, - ValidationSubType: "missing", + ValidationType: helpers.PathValidation, + ValidationSubType: helpers.ValidationMissing, Message: fmt.Sprintf("%s Path '%s' not found", request.Method, request.URL.Path), Reason: fmt.Sprintf("The %s request contains a path of '%s' "+ "however that path, or the %s method for that path does not exist in the specification", @@ -66,12 +70,6 @@ func (v *requestBodyValidator) ValidateRequestBodyWithPathItem(request *http.Req return false, []*errors.ValidationError{errors.RequestContentTypeNotFound(operation, request, pathValue)} } - // we currently only support JSON validation for request bodies - // this will capture *everything* that contains some form of 'json' in the content type - if !strings.Contains(strings.ToLower(contentType), helpers.JSONType) { - return true, nil - } - // Nothing to validate if mediaType.Schema == nil { return true, nil @@ -80,6 +78,53 @@ func (v *requestBodyValidator) ValidateRequestBodyWithPathItem(request *http.Req // extract schema from media type schema := mediaType.Schema.Schema() + isJson := strings.Contains(strings.ToLower(contentType), helpers.JSONType) + + // we currently only support JSON, XML and URLEncoded validation for request bodies + if !isJson { + isXml := schema_validation.IsXMLContentType(contentType) + isUrlEncoded := schema_validation.IsURLEncodedContentType(contentType) + + xmlValid := isXml && v.options.AllowXMLBodyValidation + urlEncodedValid := isUrlEncoded && v.options.AllowURLEncodedBodyValidation + + if !xmlValid && !urlEncodedValid { + return true, nil + } + + if request != nil && request.Body != nil { + requestBody, _ := io.ReadAll(request.Body) + _ = request.Body.Close() + + stringedBody := string(requestBody) + var jsonBody any + var prevalidationErrors []*errors.ValidationError + + switch { + case xmlValid: + jsonBody, prevalidationErrors = schema_validation.TransformXMLToSchemaJSON(stringedBody, schema) + case urlEncodedValid: + jsonBody, prevalidationErrors = schema_validation.TransformURLEncodedToSchemaJSON(stringedBody, schema, mediaType.Encoding) + } + + if len(prevalidationErrors) > 0 { + return false, prevalidationErrors + } + + transformedBytes, err := json.Marshal(jsonBody) + if err != nil { + switch { + case isXml: + return false, []*errors.ValidationError{errors.InvalidXMLParsing(err.Error(), stringedBody)} + case isUrlEncoded: + return false, []*errors.ValidationError{errors.InvalidURLEncodedParsing(err.Error(), stringedBody)} + } + } + + request.Body = io.NopCloser(bytes.NewBuffer(transformedBytes)) + } + } + validationSucceeded, validationErrors := ValidateRequestSchema(&ValidateRequestSchemaInput{ Request: request, Schema: schema, @@ -99,7 +144,9 @@ func (v *requestBodyValidator) extractContentType(contentType string, operation return mediaType, true } ctMediaRange := strings.SplitN(ct, "/", 2) - for s, mediaTypeValue := range operation.RequestBody.Content.FromOldest() { + for contentPair := operation.RequestBody.Content.First(); contentPair != nil; contentPair = contentPair.Next() { + s := contentPair.Key() + mediaTypeValue := contentPair.Value() opMediaRange := strings.SplitN(s, "/", 2) if (opMediaRange[0] == "*" || opMediaRange[0] == ctMediaRange[0]) && (opMediaRange[1] == "*" || opMediaRange[1] == ctMediaRange[1]) { diff --git a/requests/validate_body_test.go b/requests/validate_body_test.go index c6e2e986..8dfaac1e 100644 --- a/requests/validate_body_test.go +++ b/requests/validate_body_test.go @@ -12,10 +12,12 @@ import ( "testing" "github.com/pb33f/libopenapi" - "github.com/pb33f/libopenapi-validator/config" - "github.com/pb33f/libopenapi-validator/paths" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/pb33f/libopenapi-validator/config" + "github.com/pb33f/libopenapi-validator/helpers" + "github.com/pb33f/libopenapi-validator/paths" ) func TestValidateBody_NotRequiredBody(t *testing.T) { @@ -1494,3 +1496,325 @@ components: assert.Len(t, errors[0].SchemaValidationErrors, 1) assert.Equal(t, "'test' is not valid email: missing @", errors[0].SchemaValidationErrors[0].Reason) } + +func TestValidateBody_StrictMode_UndeclaredProperty(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/createBurger: + post: + requestBody: + content: + application/json: + schema: + type: object + properties: + name: + type: string + patties: + type: integer` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewRequestBodyValidator(&m.Model, config.WithStrictMode()) + + // Include an undeclared property 'extra' + body := map[string]interface{}{ + "name": "Big Mac", + "patties": 2, + "extra": "undeclared property", + } + + bodyBytes, _ := json.Marshal(body) + + request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", + bytes.NewBuffer(bodyBytes)) + request.Header.Set("Content-Type", "application/json") + + valid, errors := v.ValidateRequestBody(request) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "extra") + assert.Contains(t, errors[0].Message, "not declared") +} + +func TestValidateBody_StrictMode_ValidRequest(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/createBurger: + post: + requestBody: + content: + application/json: + schema: + type: object + properties: + name: + type: string + patties: + type: integer` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewRequestBodyValidator(&m.Model, config.WithStrictMode()) + + // Only declared properties + body := map[string]interface{}{ + "name": "Big Mac", + "patties": 2, + } + + bodyBytes, _ := json.Marshal(body) + + request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", + bytes.NewBuffer(bodyBytes)) + request.Header.Set("Content-Type", "application/json") + + valid, errors := v.ValidateRequestBody(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestValidateRequestBody_XMLMarshalError(t *testing.T) { + spec := []byte(` +openapi: 3.1.0 +info: + title: Test Spec + version: 1.0.0 +paths: + /test: + post: + requestBody: + required: true + content: + application/xml: + schema: + type: object + properties: + bad_number: + type: number + responses: + '200': + description: Success +`) + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewRequestBodyValidator(&m.Model, config.WithXmlBodyValidation()) + + request, _ := http.NewRequest(http.MethodPost, "https://things.com/test", + bytes.NewBuffer([]byte("NaN"))) + request.Header.Set("Content-Type", "application/xml") + + valid, errors := v.ValidateRequestBody(request) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Equal(t, errors[0].Message, "xml example is malformed") +} + +func TestValidateRequestBody_URLEncodedMarshalError(t *testing.T) { + spec := []byte(` +openapi: 3.1.0 +info: + title: Test Spec + version: 1.0.0 +paths: + /test: + post: + requestBody: + required: true + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + bad_number: + type: number + responses: + '200': + description: Success +`) + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewRequestBodyValidator(&m.Model, config.WithURLEncodedBodyValidation()) + + request, _ := http.NewRequest(http.MethodPost, "https://things.com/test", + bytes.NewBuffer([]byte("bad_number=NaN"))) + request.Header.Set("Content-Type", helpers.URLEncodedContentType) + + valid, errors := v.ValidateRequestBody(request) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Equal(t, errors[0].Message, "Unable to parse form-urlencoded body") +} + +func TestValidateBody_URLEncodedRequest(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/createBurger: + post: + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + required: + - name + properties: + name: + type: string + patties: + type: integer` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewRequestBodyValidator(&m.Model, config.WithURLEncodedBodyValidation()) + + body := "name=cheeseburger&patties=23" + + request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", + bytes.NewBuffer([]byte(body))) + request.Header.Set("Content-Type", "application/x-www-form-urlencoded") + + valid, errors := v.ValidateRequestBody(request) + assert.True(t, valid) + assert.Len(t, errors, 0) + + body = "name=cheeseburger&patties=23.4" + + request, _ = http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", + bytes.NewBuffer([]byte(body))) + request.Header.Set("Content-Type", "application/x-www-form-urlencoded") + + valid, errors = v.ValidateRequestBody(request) + + assert.False(t, valid) + assert.Len(t, errors, 1) +} + +func TestValidateBody_XmlRequest(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/createBurger: + post: + requestBody: + content: + application/xml: + schema: + type: object + required: + - name + properties: + name: + type: string + patties: + type: integer + xml: + name: cost` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewRequestBodyValidator(&m.Model, config.WithXmlBodyValidation()) + + body := "cheeseburger23" + + request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", + bytes.NewBuffer([]byte(body))) + request.Header.Set("Content-Type", "application/xml") + + valid, errors := v.ValidateRequestBody(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestValidateBody_XmlMalformedRequest(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/createBurger: + post: + requestBody: + content: + application/xml: + schema: + type: object + required: + - name + properties: + name: + type: string + patties: + type: integer + xml: + name: cost` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewRequestBodyValidator(&m.Model, config.WithXmlBodyValidation()) + + body := "" + + request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", + bytes.NewBuffer([]byte(body))) + request.Header.Set("Content-Type", "application/xml") + + valid, errors := v.ValidateRequestBody(request) + + assert.False(t, valid) + assert.Len(t, errors, 1) + + err := errors[0] + assert.Equal(t, helpers.XmlValidation, err.ValidationType) + assert.Contains(t, err.Reason, "failed to parse xml") +} + +func TestValidateBody_XmlRequestTransformations(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/createBurger: + post: + requestBody: + content: + application/xml: + schema: + type: object + xml: + name: Burger + required: + - name + - patties + properties: + name: + type: string + patties: + type: integer + xml: + name: cost` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewRequestBodyValidator(&m.Model, config.WithXmlBodyValidation()) + + body := "cheeseburger23" + + request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", + bytes.NewBuffer([]byte(body))) + request.Header.Set("Content-Type", "application/xml") + + valid, errors := v.ValidateRequestBody(request) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} diff --git a/requests/validate_request.go b/requests/validate_request.go index cb89624b..275b556b 100644 --- a/requests/validate_request.go +++ b/requests/validate_request.go @@ -13,17 +13,19 @@ import ( "regexp" "strconv" - "github.com/pb33f/libopenapi-validator/cache" - "github.com/pb33f/libopenapi-validator/config" - "github.com/pb33f/libopenapi-validator/errors" - "github.com/pb33f/libopenapi-validator/helpers" - "github.com/pb33f/libopenapi-validator/schema_validation" "github.com/pb33f/libopenapi/datamodel/high/base" "github.com/pb33f/libopenapi/utils" "github.com/santhosh-tekuri/jsonschema/v6" "go.yaml.in/yaml/v4" "golang.org/x/text/language" "golang.org/x/text/message" + + "github.com/pb33f/libopenapi-validator/cache" + "github.com/pb33f/libopenapi-validator/config" + "github.com/pb33f/libopenapi-validator/errors" + "github.com/pb33f/libopenapi-validator/helpers" + "github.com/pb33f/libopenapi-validator/schema_validation" + "github.com/pb33f/libopenapi-validator/strict" ) var instanceLocationRegex = regexp.MustCompile(`^/(\d+)`) @@ -45,6 +47,7 @@ func ValidateRequestSchema(input *ValidateRequestSchemaInput) (bool, []*errors.V var renderedSchema, jsonSchema []byte var referenceSchema string var compiledSchema *jsonschema.Schema + var cachedNode *yaml.Node if input.Schema == nil { return false, []*errors.ValidationError{{ @@ -69,13 +72,39 @@ func ValidateRequestSchema(input *ValidateRequestSchemaInput) (bool, []*errors.V referenceSchema = cached.ReferenceSchema jsonSchema = cached.RenderedJSON compiledSchema = cached.CompiledSchema + cachedNode = cached.RenderedNode } } // Cache miss or no cache - render and compile if compiledSchema == nil { - renderedSchema, _ = input.Schema.RenderInline() + renderCtx := base.NewInlineRenderContext() + var renderErr error + renderedSchema, renderErr = input.Schema.RenderInlineWithContext(renderCtx) referenceSchema = string(renderedSchema) + + // If rendering failed (e.g., circular reference), return the render error + if renderErr != nil { + violation := &errors.SchemaValidationFailure{ + Reason: renderErr.Error(), + ReferenceSchema: referenceSchema, + } + validationErrors = append(validationErrors, &errors.ValidationError{ + ValidationType: helpers.RequestBodyValidation, + ValidationSubType: helpers.Schema, + Message: fmt.Sprintf("%s request body for '%s' failed schema rendering", + input.Request.Method, input.Request.URL.Path), + Reason: fmt.Sprintf("The request schema failed to render: %s", + renderErr.Error()), + SpecLine: 1, + SpecCol: 0, + SchemaValidationErrors: []*errors.SchemaValidationFailure{violation}, + HowToFix: errors.HowToFixInvalidRenderedSchema, + Context: referenceSchema, + }) + return false, validationErrors + } + jsonSchema, _ = utils.ConvertYAMLtoJSON(renderedSchema) var err error @@ -96,7 +125,7 @@ func ValidateRequestSchema(input *ValidateRequestSchemaInput) (bool, []*errors.V SpecLine: 1, SpecCol: 0, HowToFix: "check the request schema for invalid JSON Schema syntax, complex regex patterns, or unsupported schema constructs", - Context: referenceSchema, + Context: input.Schema, }) return false, validationErrors } @@ -141,7 +170,7 @@ func ValidateRequestSchema(input *ValidateRequestSchemaInput) (bool, []*errors.V SpecLine: 1, SpecCol: 0, HowToFix: errors.HowToFixInvalidSchema, - Context: referenceSchema, // attach the rendered schema to the error + Context: schema, }) return false, validationErrors } @@ -167,7 +196,7 @@ func ValidateRequestSchema(input *ValidateRequestSchemaInput) (bool, []*errors.V SpecLine: line, SpecCol: col, HowToFix: errors.HowToFixInvalidSchema, - Context: referenceSchema, // attach the rendered schema to the error + Context: schema, }) return false, validationErrors } @@ -182,9 +211,12 @@ func ValidateRequestSchema(input *ValidateRequestSchemaInput) (bool, []*errors.V schFlatErrs := jk.BasicOutput().Errors var schemaValidationErrors []*errors.SchemaValidationFailure - // re-encode the schema. - var renderedNode yaml.Node - _ = yaml.Unmarshal(renderedSchema, &renderedNode) + // Use cached node if available, otherwise parse + renderedNode := cachedNode + if renderedNode == nil { + renderedNode = new(yaml.Node) + _ = yaml.Unmarshal(renderedSchema, renderedNode) + } for q := range schFlatErrs { er := schFlatErrs[q] @@ -218,7 +250,6 @@ func ValidateRequestSchema(input *ValidateRequestSchemaInput) (bool, []*errors.V violation := &errors.SchemaValidationFailure{ Reason: errMsg, - Location: er.InstanceLocation, // DEPRECATED FieldName: helpers.ExtractFieldNameFromStringLocation(er.InstanceLocation), FieldPath: helpers.ExtractJSONPathFromStringLocation(er.InstanceLocation), InstancePath: helpers.ConvertStringLocationToPathSegments(er.InstanceLocation), @@ -266,9 +297,43 @@ func ValidateRequestSchema(input *ValidateRequestSchemaInput) (bool, []*errors.V SpecCol: col, SchemaValidationErrors: schemaValidationErrors, HowToFix: errors.HowToFixInvalidSchema, - Context: referenceSchema, // attach the rendered schema to the error + Context: schema, + }) + } + if len(validationErrors) > 0 { + return false, validationErrors + } + + // strict mode: check for undeclared properties in request body + if validationOptions.StrictMode && decodedObj != nil { + strictValidator := strict.NewValidator(validationOptions, input.Version) + strictResult := strictValidator.Validate(strict.Input{ + Schema: schema, + Data: decodedObj, + Direction: strict.DirectionRequest, + Options: validationOptions, + BasePath: "$.body", + Version: input.Version, }) + + if !strictResult.Valid { + for _, undeclared := range strictResult.UndeclaredValues { + validationErrors = append(validationErrors, + errors.UndeclaredPropertyError( + undeclared.Path, + undeclared.Name, + undeclared.Value, + undeclared.DeclaredProperties, + undeclared.Direction.String(), + request.URL.Path, + request.Method, + undeclared.SpecLine, + undeclared.SpecCol, + )) + } + } } + if len(validationErrors) > 0 { return false, validationErrors } diff --git a/requests/validate_request_test.go b/requests/validate_request_test.go index 9d64e431..c47f120e 100644 --- a/requests/validate_request_test.go +++ b/requests/validate_request_test.go @@ -9,10 +9,11 @@ import ( "testing" "github.com/pb33f/libopenapi" - "github.com/pb33f/libopenapi-validator/config" "github.com/pb33f/libopenapi/datamodel/high/base" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/pb33f/libopenapi-validator/config" ) func TestValidateRequestSchema(t *testing.T) { @@ -233,3 +234,44 @@ func indentLines(s string, indent string) string { } return strings.Join(lines, "\n") } + +func TestValidateRequestSchema_CircularReference(t *testing.T) { + // Test when schema has a circular reference that causes render failure + spec := `openapi: 3.1.0 +info: + title: Test + version: 1.0.0 +components: + schemas: + Error: + type: object + properties: + code: + type: string + details: + type: array + items: + $ref: '#/components/schemas/Error'` + + doc, err := libopenapi.NewDocument([]byte(spec)) + require.NoError(t, err) + model, errs := doc.BuildV3Model() + require.Empty(t, errs) + + // Verify circular reference was detected + require.Len(t, model.Index.GetCircularReferences(), 1) + + schema := model.Model.Components.Schemas.GetOrZero("Error") + require.NotNil(t, schema) + + valid, errors := ValidateRequestSchema(&ValidateRequestSchemaInput{ + Request: postRequestWithBody(`{"code": "abc", "details": [{"code": "def"}]}`), + Schema: schema.Schema(), + Version: 3.1, + }) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "failed schema rendering") + assert.Contains(t, errors[0].Reason, "circular reference") +} diff --git a/responses/validate_body.go b/responses/validate_body.go index 87bb53a8..da744cfb 100644 --- a/responses/validate_body.go +++ b/responses/validate_body.go @@ -4,7 +4,10 @@ package responses import ( + "bytes" + "encoding/json" "fmt" + "io" "net/http" "strconv" "strings" @@ -17,6 +20,7 @@ import ( "github.com/pb33f/libopenapi-validator/errors" "github.com/pb33f/libopenapi-validator/helpers" "github.com/pb33f/libopenapi-validator/paths" + "github.com/pb33f/libopenapi-validator/schema_validation" ) func (v *responseBodyValidator) ValidateResponseBody( @@ -33,8 +37,8 @@ func (v *responseBodyValidator) ValidateResponseBody( func (v *responseBodyValidator) ValidateResponseBodyWithPathItem(request *http.Request, response *http.Response, pathItem *v3.PathItem, pathFound string) (bool, []*errors.ValidationError) { if pathItem == nil { return false, []*errors.ValidationError{{ - ValidationType: helpers.ParameterValidationPath, - ValidationSubType: "missing", + ValidationType: helpers.PathValidation, + ValidationSubType: helpers.ValidationMissing, Message: fmt.Sprintf("%s Path '%s' not found", request.Method, request.URL.Path), Reason: fmt.Sprintf("The %s request contains a path of '%s' "+ "however that path, or the %s method for that path does not exist in the specification", @@ -109,8 +113,8 @@ func (v *responseBodyValidator) ValidateResponseBodyWithPathItem(request *http.R if foundResponse != nil { // check for headers in the response if foundResponse.Headers != nil { - if ok, herrs := ValidateResponseHeaders(request, response, foundResponse.Headers, pathFound, codeStr); !ok { - validationErrors = append(validationErrors, herrs...) + if ok, hErrs := ValidateResponseHeaders(request, response, foundResponse.Headers, pathFound, codeStr, config.WithExistingOpts(v.options)); !ok { + validationErrors = append(validationErrors, hErrs...) } } } @@ -131,26 +135,73 @@ func (v *responseBodyValidator) checkResponseSchema( ) []*errors.ValidationError { var validationErrors []*errors.ValidationError - // currently, we can only validate JSON based responses, so check for the presence - // of 'json' in the content type (what ever it may be) so we can perform a schema check on it. - // anything other than JSON, will be ignored. - if strings.Contains(strings.ToLower(contentType), helpers.JSONType) { - // extract schema from media type - if mediaType.Schema != nil { - schema := mediaType.Schema.Schema() - - // Validate response schema - valid, vErrs := ValidateResponseSchema(&ValidateResponseSchemaInput{ - Request: request, - Response: response, - Schema: schema, - Version: helpers.VersionToFloat(v.document.Version), - Options: []config.Option{config.WithExistingOpts(v.options)}, - }) - if !valid { - validationErrors = append(validationErrors, vErrs...) + if mediaType.Schema == nil { + return validationErrors + } + + // currently, we can only validate JSON, XML and URL Encoded based responses, so check for the presence + // of 'json' (what ever it may be) and for XML/URLEncoded content type so we can perform a schema check on it. + // anything other than JSON XML, or URL Encoded will be ignored. + + isXml := schema_validation.IsXMLContentType(contentType) + isUrlEncoded := schema_validation.IsURLEncodedContentType(contentType) + isJson := strings.Contains(strings.ToLower(contentType), helpers.JSONType) + + xmlValid := isXml && v.options.AllowXMLBodyValidation + urlEncodedValid := isUrlEncoded && v.options.AllowURLEncodedBodyValidation + + if !isJson && !xmlValid && !urlEncodedValid { + return validationErrors + } + + schema := mediaType.Schema.Schema() + + if !isJson { + if response != nil && response.Body != http.NoBody { + responseBody, _ := io.ReadAll(response.Body) + _ = response.Body.Close() + + stringedBody := string(responseBody) + var jsonBody any + var prevalidationErrors []*errors.ValidationError + + switch { + case xmlValid: + jsonBody, prevalidationErrors = schema_validation.TransformXMLToSchemaJSON(stringedBody, schema) + case urlEncodedValid: + jsonBody, prevalidationErrors = schema_validation.TransformURLEncodedToSchemaJSON(stringedBody, schema, mediaType.Encoding) } + + if len(prevalidationErrors) > 0 { + return prevalidationErrors + } + + transformedBytes, err := json.Marshal(jsonBody) + if err != nil { + switch { + case isXml: + return []*errors.ValidationError{errors.InvalidXMLParsing(err.Error(), stringedBody)} + case isUrlEncoded: + return []*errors.ValidationError{errors.InvalidURLEncodedParsing(err.Error(), stringedBody)} + } + } + + response.Body = io.NopCloser(bytes.NewBuffer(transformedBytes)) } } + + // Validate response schema + valid, vErrs := ValidateResponseSchema(&ValidateResponseSchemaInput{ + Request: request, + Response: response, + Schema: schema, + Version: helpers.VersionToFloat(v.document.Version), + Options: []config.Option{config.WithExistingOpts(v.options)}, + }) + + if !valid { + validationErrors = append(validationErrors, vErrs...) + } + return validationErrors } diff --git a/responses/validate_body_test.go b/responses/validate_body_test.go index 9e7e75e0..8170d69c 100644 --- a/responses/validate_body_test.go +++ b/responses/validate_body_test.go @@ -5,25 +5,90 @@ package responses import ( "bytes" + "context" "encoding/json" "errors" "fmt" + "io" "net/http" "net/http/httptest" - "net/url" "strings" - "sync" "testing" "github.com/pb33f/libopenapi" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/pb33f/libopenapi-validator/config" "github.com/pb33f/libopenapi-validator/helpers" "github.com/pb33f/libopenapi-validator/paths" ) +type validateResponseTestBed struct { + responseBodyValidator ResponseBodyValidator + httpTestServer *httptest.Server + responseHandlerFunc http.HandlerFunc +} + +func newvalidateResponseTestBed( + t *testing.T, + openApiSpec []byte, +) *validateResponseTestBed { + doc, err := libopenapi.NewDocument(openApiSpec) + if err != nil { + t.Fatalf("failed to create openapi document: %v", err) + } + + m, buildV3ModelErr := doc.BuildV3Model() + if buildV3ModelErr != nil { + t.Fatalf("failed to build v3 model: %v", err) + } + + tb := validateResponseTestBed{responseBodyValidator: NewResponseBodyValidator(&m.Model, config.WithXmlBodyValidation(), config.WithURLEncodedBodyValidation())} + tb.httpTestServer = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if tb.responseHandlerFunc != nil { + tb.responseHandlerFunc(w, r) + return + } + + w.WriteHeader(http.StatusOK) + })) + + t.Cleanup(func() { + tb.httpTestServer.Close() + }) + + return &tb +} + +func (tb *validateResponseTestBed) makeRequestWithReponse( + t *testing.T, + method string, + path string, + responseHandler http.HandlerFunc, +) ( + *http.Request, + *http.Response, +) { + tb.responseHandlerFunc = responseHandler + + req, err := http.NewRequestWithContext(context.TODO(), method, tb.httpTestServer.URL+path, nil) + if err != nil { + t.Fatalf("failed to create http request: %v", err) + } + + res, err := http.DefaultClient.Do(req) + if err != nil { + t.Fatalf("failed to perform http request: %v", err) + } + + return req, res +} + func TestValidateBody_MissingContentType(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -39,54 +104,37 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - body := map[string]interface{}{ - "name": "Big Mac", - "patties": false, - "vegetarian": 2, - } - - bodyBytes, _ := json.Marshal(body) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, "cheeky/monkey") - w.WriteHeader(http.StatusOK) - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, "cheeky/monkey") + w.WriteHeader(http.StatusOK) + _, _ = w.Write([]byte(`{"name":"Big Mac","patties":false,"vegetarian":2}`)) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.False(t, valid) assert.Len(t, errors, 1) assert.Equal(t, "POST / 200 operation response content type 'cheeky/monkey' does not exist", errors[0].Message) - assert.Equal(t, "The content type is invalid, Use one of the 1 "+ - "supported types for this operation: application/json", errors[0].HowToFix) - assert.Equal(t, request.Method, errors[0].RequestMethod) - assert.Equal(t, request.URL.Path, errors[0].RequestPath) + assert.Equal(t, "The content type is invalid, Use one of the 1 supported types for this operation: application/json", errors[0].HowToFix) + assert.Equal(t, req.Method, errors[0].RequestMethod) + assert.Equal(t, req.URL.Path, errors[0].RequestPath) assert.Equal(t, "/burgers/createBurger", errors[0].SpecPath) } func TestValidateBody_MissingContentType4XX(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -98,54 +146,45 @@ paths: type: object properties: error: - type: string` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - body := map[string]interface{}{ - "name": "Big Mac", - "patties": false, - "vegetarian": 2, - } - - bodyBytes, _ := json.Marshal(body) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, "cheeky/monkey") - w.WriteHeader(http.StatusBadRequest) - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + type: string`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + bodyBytes, err := json.Marshal(map[string]interface{}{ + "name": "Big Mac", + "patties": false, + "vegetarian": 2, + }) + + require.NoError(t, err, "failed to marshal body") + + w.Header().Set(helpers.ContentTypeHeader, "cheeky/monkey") + w.WriteHeader(http.StatusBadRequest) + _, _ = w.Write(bodyBytes) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.False(t, valid) assert.Len(t, errors, 1) assert.Equal(t, "POST / 4XX operation response content type 'cheeky/monkey' does not exist", errors[0].Message) - assert.Equal(t, "The content type is invalid, Use one of the 1 "+ - "supported types for this operation: application/json", errors[0].HowToFix) - assert.Equal(t, request.Method, errors[0].RequestMethod) - assert.Equal(t, request.URL.Path, errors[0].RequestPath) + assert.Equal(t, "The content type is invalid, Use one of the 1 supported types for this operation: application/json", errors[0].HowToFix) + assert.Equal(t, req.Method, errors[0].RequestMethod) + assert.Equal(t, req.URL.Path, errors[0].RequestPath) assert.Equal(t, "/burgers/createBurger", errors[0].SpecPath) } func TestValidateBody_MissingPath(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -161,52 +200,44 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - body := map[string]interface{}{ - "name": "Big Mac", - "patties": false, - "vegetarian": 2, - } - - bodyBytes, _ := json.Marshal(body) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/I do not exist", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, "cheeky/monkey") // won't even matter! - w.WriteHeader(http.StatusUnprocessableEntity) // does not matter. - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/I do not exist", + func(w http.ResponseWriter, r *http.Request) { + bodyBytes, err := json.Marshal(map[string]interface{}{ + "name": "Big Mac", + "patties": false, + "vegetarian": 2, + }) + + require.NoError(t, err, "failed to marshal body") + + w.Header().Set(helpers.ContentTypeHeader, "cheeky/monkey") // won't even matter! + w.WriteHeader(http.StatusUnprocessableEntity) // does not matter. + _, _ = w.Write(bodyBytes) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.False(t, valid) assert.Len(t, errors, 1) assert.Equal(t, "POST Path '/I do not exist' not found", errors[0].Message) - assert.Equal(t, request.Method, errors[0].RequestMethod) - assert.Equal(t, request.URL.Path, errors[0].RequestPath) + assert.Equal(t, req.Method, errors[0].RequestMethod) + assert.Equal(t, req.URL.Path, errors[0].RequestPath) assert.Equal(t, "", errors[0].SpecPath) } func TestValidateBody_SetPath(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -222,44 +253,35 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - body := map[string]interface{}{ - "name": "Big Mac", - "patties": false, - "vegetarian": 2, - } - - bodyBytes, _ := json.Marshal(body) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/I do not exist", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/I do not exist", + func(w http.ResponseWriter, r *http.Request) { + bodyBytes, err := json.Marshal(map[string]interface{}{ + "name": "Big Mac", + "patties": false, + "vegetarian": 2, + }) + + require.NoError(t, err, "failed to marshal body") + + w.Header().Set(helpers.ContentTypeHeader, "cheeky/monkey") // won't even matter! + w.WriteHeader(http.StatusUnprocessableEntity) // does not matter. + _, _ = w.Write(bodyBytes) + }, + ) // preset the path - path, _, pv := paths.FindPath(request, &m.Model, &sync.Map{}) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, "cheeky/monkey") // won't even matter! - w.WriteHeader(http.StatusUnprocessableEntity) // does not matter. - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + m := tb.responseBodyValidator.(*responseBodyValidator).document + path, _, pv := paths.FindPath(req, m, nil) // validate! - valid, errors := v.ValidateResponseBodyWithPathItem(request, response, path, pv) + valid, errors := tb.responseBodyValidator.ValidateResponseBodyWithPathItem(req, res, path, pv) assert.False(t, valid) assert.Len(t, errors, 1) @@ -267,7 +289,9 @@ paths: } func TestValidateBody_SetPath_missing_operation(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -283,47 +307,39 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - body := map[string]interface{}{ - "name": "Big Mac", - "patties": 2, - "vegetarian": false, - } - - bodyBytes, _ := json.Marshal(body) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + bodyBytes, err := json.Marshal(map[string]interface{}{ + "name": "Big Mac", + "patties": 2, + "vegetarian": false, + }) + + require.NoError(t, err, "failed to marshal body") + + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) // won't even matter! + w.WriteHeader(http.StatusOK) + _, _ = w.Write(bodyBytes) + }, + ) // preset the path - path, _, pv := paths.FindPath(request, &m.Model, nil) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) // won't even matter! - w.WriteHeader(http.StatusOK) - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + m := tb.responseBodyValidator.(*responseBodyValidator).document + path, _, pv := paths.FindPath(req, m, nil) - request2, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) + // Create a different request with GET method to test missing operation + request2, _ := http.NewRequest(http.MethodGet, req.URL.String(), nil) request2.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) // validate! - valid, errors := v.ValidateResponseBodyWithPathItem(request2, response, path, pv) + valid, errors := tb.responseBodyValidator.ValidateResponseBodyWithPathItem(request2, res, path, pv) assert.False(t, valid) assert.Len(t, errors, 1) @@ -331,7 +347,9 @@ paths: } func TestValidateBody_MissingStatusCode(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -347,41 +365,31 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - body := map[string]interface{}{ - "name": "Big Mac", - "patties": false, - "vegetarian": 2, - } - - bodyBytes, _ := json.Marshal(body) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, "cheeky/monkey") // won't even matter! - w.WriteHeader(http.StatusUnprocessableEntity) // undefined in the spec. - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + bodyBytes, err := json.Marshal(map[string]interface{}{ + "name": "Big Mac", + "patties": false, + "vegetarian": 2, + }) + + require.NoError(t, err, "failed to marshal body") + + w.Header().Set(helpers.ContentTypeHeader, "cheeky/monkey") // won't even matter! + w.WriteHeader(http.StatusUnprocessableEntity) // undefined in the spec. + _, _ = w.Write(bodyBytes) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.False(t, valid) assert.Len(t, errors, 1) @@ -390,7 +398,9 @@ paths: } func TestValidateBody_InvalidBasicSchema(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -406,44 +416,35 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - // mix up the primitives to fire two schema violations. - body := map[string]interface{}{ - "name": "Big Mac", - "patties": false, - "vegetarian": 2, - } - - bodyBytes, _ := json.Marshal(body) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + // mix up the primitives to fire two schema violations. + bodyBytes, err := json.Marshal(map[string]interface{}{ + "name": "Big Mac", + "patties": false, + "vegetarian": 2, + }) + + require.NoError(t, err, "failed to marshal body") + + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write(bodyBytes) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) + // doubletap to hit cache - _, _ = v.ValidateResponseBody(request, response) + _, _ = tb.responseBodyValidator.ValidateResponseBody(req, res) assert.False(t, valid) assert.Len(t, errors, 1) @@ -451,7 +452,9 @@ paths: } func TestValidateBody_NoBody(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -467,43 +470,37 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", http.NoBody) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(nil) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + // Don't write anything - this creates a response with no body + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) + // doubletap to hit cache - _, _ = v.ValidateResponseBody(request, response) + _, _ = tb.responseBodyValidator.ValidateResponseBody(req, res) - assert.True(t, valid) - assert.Len(t, errors, 0) - // assert.Len(t, errors[0].SchemaValidationErrors, 2) + // With the real HTTP server, an empty body is now properly detected + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Equal(t, "POST response object is missing for '/burgers/createBurger'", errors[0].Message) } func TestValidateBody_InvalidResponseBodyNil(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -519,38 +516,36 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", http.NoBody) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // invalid response - response := &http.Response{ - Header: http.Header{}, - StatusCode: http.StatusOK, - // The http Client and Transport guarantee that Body is always non-nil - // and will be set to [http.NoBody] if no body is present. - Body: http.NoBody, - } - response.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + // Don't write anything - this creates a response with no body + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) + // doubletap to hit cache - _, _ = v.ValidateResponseBody(request, response) + _, _ = tb.responseBodyValidator.ValidateResponseBody(req, res) assert.False(t, valid) - assert.Len(t, errors, 1) + require.Len(t, errors, 1) + assert.ErrorContains(t, errors[0], "response object is missing") } func TestValidateBody_InvalidResponseBodyError(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -566,32 +561,33 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", http.NoBody) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + // Don't write anything - this creates a response with no body + }, + ) - // invalid response - response := &http.Response{ - Header: http.Header{}, - StatusCode: http.StatusOK, - Body: &errorReader{}, - } - response.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) + // simulate an error reading the body + res.Body = &errorReader{} // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) + // doubletap to hit cache - _, _ = v.ValidateResponseBody(request, response) + _, _ = tb.responseBodyValidator.ValidateResponseBody(req, res) assert.False(t, valid) - assert.Len(t, errors, 1) + require.Len(t, errors, 1) + assert.ErrorContains(t, errors[0], "The response body cannot be decoded: some io error") } func TestValidateBody_InvalidBasicSchema_SetPath(t *testing.T) { @@ -646,7 +642,7 @@ paths: response := res.Result() // preset the path - path, _, pv := paths.FindPath(request, &m.Model, &sync.Map{}) + path, _, pv := paths.FindPath(request, &m.Model, nil) // validate! valid, errors := v.ValidateResponseBodyWithPathItem(request, response, path, pv) @@ -658,7 +654,9 @@ paths: } func TestValidateBody_ValidComplexSchema(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -715,12 +713,9 @@ components: type: integer vegetarian: type: boolean - required: [name, patties, vegetarian]` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) + required: [name, patties, vegetarian]`, + ), + ) body := map[string]interface{}{ "name": "Big Mac", @@ -735,33 +730,28 @@ components: bodyBytes, _ := json.Marshal(body) - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write(bodyBytes) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.True(t, valid) assert.Len(t, errors, 0) } func TestValidateBody_InvalidComplexSchema(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -818,46 +808,36 @@ components: type: integer vegetarian: type: boolean - required: [name, patties, vegetarian]` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - body := map[string]interface{}{ - "name": "Big Mac", - "patties": 2, - "vegetarian": true, - "fat": 10.0, - "salt": 0.5, - "meat": "beef", - "usedOil": 12345, // invalid, should be bool - "usedAnimalFat": false, - } - - bodyBytes, _ := json.Marshal(body) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + required: [name, patties, vegetarian]`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + bodyBytes, err := json.Marshal(map[string]interface{}{ + "name": "Big Mac", + "patties": 2, + "vegetarian": true, + "fat": 10.0, + "salt": 0.5, + "meat": "beef", + "usedOil": 12345, // invalid, should be bool + "usedAnimalFat": false, + }) + + require.NoError(t, err, "failed to marshal body") + + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write(bodyBytes) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.False(t, valid) assert.Len(t, errors, 1) @@ -866,7 +846,9 @@ components: } func TestValidateBody_ValidBasicSchema(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -882,48 +864,40 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - body := map[string]interface{}{ - "name": "Big Mac", - "patties": 2, - "vegetarian": false, - } - - bodyBytes, _ := json.Marshal(body) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + bodyBytes, err := json.Marshal(map[string]interface{}{ + "name": "Big Mac", + "patties": 2, + "vegetarian": false, + }) + + require.NoError(t, err, "failed to marshal body") + + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write(bodyBytes) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.True(t, valid) assert.Len(t, errors, 0) } func TestValidateBody_ValidBasicSchema_WithFullContentTypeHeader(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -939,50 +913,42 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - body := map[string]interface{}{ - "name": "Big Mac", - "patties": 2, - "vegetarian": false, - } - - bodyBytes, _ := json.Marshal(body) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - // inject a full content type header, including charset and boundary - w.Header().Set(helpers.ContentTypeHeader, - fmt.Sprintf("%s; charset=utf-8; boundary=---12223344", helpers.JSONContentType)) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + bodyBytes, err := json.Marshal(map[string]interface{}{ + "name": "Big Mac", + "patties": 2, + "vegetarian": false, + }) + + require.NoError(t, err, "failed to marshal body") + + // inject a full content type header, including charset and boundary + w.Header().Set(helpers.ContentTypeHeader, + fmt.Sprintf("%s; charset=utf-8; boundary=---12223344", helpers.JSONContentType)) + w.WriteHeader(http.StatusOK) + _, _ = w.Write(bodyBytes) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.True(t, valid) assert.Len(t, errors, 0) } func TestValidateBody_ValidBasicSchemaUsingDefault(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -998,48 +964,40 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - body := map[string]interface{}{ - "name": "Big Mac", - "patties": 2, - "vegetarian": false, - } - - bodyBytes, _ := json.Marshal(body) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + bodyBytes, err := json.Marshal(map[string]interface{}{ + "name": "Big Mac", + "patties": 2, + "vegetarian": false, + }) + + require.NoError(t, err, "failed to marshal body") + + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write(bodyBytes) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.True(t, valid) assert.Len(t, errors, 0) } func TestValidateBody_InvalidBasicSchemaUsingDefault_MissingContentType(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -1055,50 +1013,42 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - // primitives are now correct. - body := map[string]interface{}{ - "name": "Big Mac", - "patties": 2, - "vegetarian": false, - } + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + // primitives are now correct. + bodyBytes, err := json.Marshal(map[string]interface{}{ + "name": "Big Mac", + "patties": 2, + "vegetarian": false, + }) + + require.NoError(t, err, "failed to marshal body") + + w.Header().Set(helpers.ContentTypeHeader, "chicken/nuggets;chicken=soup") + w.WriteHeader(http.StatusOK) + _, _ = w.Write(bodyBytes) + }, + ) - bodyBytes, _ := json.Marshal(body) + // validate! + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, "chicken/nuggets;chicken=soup") - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, r.Header.Get(helpers.ContentTypeHeader)) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() - - // validate! - valid, errors := v.ValidateResponseBody(request, response) - - assert.False(t, valid) - assert.Len(t, errors, 1) - assert.Equal(t, "POST / 200 operation response content type 'chicken/nuggets' does not exist", errors[0].Message) -} + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Equal(t, "POST / 200 operation response content type 'chicken/nuggets' does not exist", errors[0].Message) +} func TestValidateBody_InvalidSchemaMultiple(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -1118,51 +1068,42 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - var items []map[string]interface{} - items = append(items, map[string]interface{}{ - "patties": 1, - "vegetarian": true, - }) - items = append(items, map[string]interface{}{ - "name": "Quarter Pounder", - "patties": true, - "vegetarian": false, - }) - items = append(items, map[string]interface{}{ - "name": "Big Mac", - "patties": 2, - "vegetarian": false, - }) - - bodyBytes, _ := json.Marshal(items) - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(bodyBytes)) - request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(bodyBytes) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + bodyBytes, err := json.Marshal([]map[string]interface{}{ + { + "patties": 1, + "vegetarian": true, + }, + { + "name": "Quarter Pounder", + "patties": true, + "vegetarian": false, + }, + { + "name": "Big Mac", + "patties": 2, + "vegetarian": false, + }, + }) + + require.NoError(t, err, "failed to marshal body") + + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write(bodyBytes) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.False(t, valid) assert.Len(t, errors, 1) @@ -1171,7 +1112,9 @@ paths: } func TestValidateBody_EmptyContentType_Valid(t *testing.T) { - spec := `openapi: "3.0.0" + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: "3.0.0" info: title: Healthcheck version: '0.1.0' @@ -1181,39 +1124,32 @@ paths: responses: '200': description: pet response - content: {}` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - // build a request - request, _ := http.NewRequest(http.MethodGet, "https://things.com/health", nil) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(nil) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + content: {}`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodGet, + "/health", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write(nil) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.True(t, valid) assert.Len(t, errors, 0) } func TestValidateBody_InvalidBodyJSON(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 paths: /burgers/createBurger: post: @@ -1229,35 +1165,23 @@ paths: patties: type: integer vegetarian: - type: boolean` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - badJson := []byte("{\"bad\": \"json\",}") - - // build a request - request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader(badJson)) - request.Header.Set(helpers.ContentTypeHeader, "application/json") - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, r.Header.Get(helpers.ContentTypeHeader)) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(badJson) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + type: boolean`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodPost, + "/burgers/createBurger", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, "application/json") + w.WriteHeader(http.StatusOK) + _, _ = w.Write([]byte("{\"bad\": \"json\",}")) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.False(t, valid) assert.Len(t, errors, 1) @@ -1267,7 +1191,9 @@ paths: } func TestValidateBody_NoContentType_Valid(t *testing.T) { - spec := `openapi: "3.0.0" + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: "3.0.0" info: title: Healthcheck version: '0.1.0' @@ -1276,32 +1202,23 @@ paths: get: responses: '200': - description: pet response` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - // build a request - request, _ := http.NewRequest(http.MethodGet, "https://things.com/health", nil) - - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(nil) - } - - // fire the request - handler(res, request) - - // record response - response := res.Result() + description: pet response`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodGet, + "/health", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write(nil) + }, + ) // validate! - valid, errors := v.ValidateResponseBody(request, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.True(t, valid) assert.Len(t, errors, 0) @@ -1310,7 +1227,9 @@ paths: // https://github.com/pb33f/libopenapi-validator/issues/107 // https://github.com/pb33f/libopenapi-validator/issues/103 func TestNewValidator_TestCircularRefsInValidation_Response(t *testing.T) { - spec := `openapi: 3.1.0 + tb := newvalidateResponseTestBed( + t, + []byte(`openapi: 3.1.0 info: title: Panic at response validation version: 1.0.0 @@ -1336,34 +1255,22 @@ components: details: type: array items: - $ref: '#/components/schemas/Error'` - - doc, _ := libopenapi.NewDocument([]byte(spec)) - - m, _ := doc.BuildV3Model() - v := NewResponseBodyValidator(&m.Model) - - req := &http.Request{ - Method: http.MethodDelete, - URL: &url.URL{ - Path: "/operations", + $ref: '#/components/schemas/Error'`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodDelete, + "/operations", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write(nil) }, - } - // simulate a request/response - res := httptest.NewRecorder() - handler := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) - w.WriteHeader(http.StatusOK) - _, _ = w.Write(nil) - } + ) - // fire the request - handler(res, req) - - // record response - response := res.Result() - - valid, errors := v.ValidateResponseBody(req, response) + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) assert.False(t, valid) assert.Len(t, errors, 1) @@ -1376,6 +1283,129 @@ components: "Expected error about circular reference or JSON pointer not found, got: %s", errors[0].Reason) } +func TestValidateResponseBody_XMLMarshalError(t *testing.T) { + tb := newvalidateResponseTestBed( + t, + []byte(` +openapi: 3.1.0 +info: + title: Test Spec + version: 1.0.0 +paths: + /test: + get: + responses: + '200': + description: Success + content: + application/xml: + schema: + type: object + properties: + bad_number: + type: number +`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodGet, + "/test", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, "application/xml") + w.WriteHeader(http.StatusOK) + _, _ = w.Write([]byte("NaN")) + }, + ) + + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Equal(t, errors[0].Message, "xml example is malformed") +} + +func TestValidateResponseBody_URLEncodedMarshalError(t *testing.T) { + tb := newvalidateResponseTestBed( + t, + []byte(` +openapi: 3.1.0 +info: + title: Test Spec + version: 1.0.0 +paths: + /test: + get: + responses: + '200': + description: Success + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + bad_number: + type: number +`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodGet, + "/test", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, helpers.URLEncodedContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write([]byte("bad_number=NaN")) + }, + ) + + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Equal(t, errors[0].Message, "Unable to parse form-urlencoded body") +} + +func TestValidateResponseBody_NilSchema(t *testing.T) { + tb := newvalidateResponseTestBed( + t, + []byte(` +openapi: 3.1.0 +info: + title: Test Spec + version: 1.0.0 +paths: + /test: + get: + responses: + '200': + description: Success + content: + application/json: {} +`, + ), + ) + + req, res := tb.makeRequestWithReponse( + t, + http.MethodGet, + "/test", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, helpers.JSONContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write(nil) + }, + ) + + valid, errors := tb.responseBodyValidator.ValidateResponseBody(req, res) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + func TestValidateBody_CheckHeader(t *testing.T) { spec := `openapi: "3.0.0" info: @@ -1488,16 +1518,13 @@ paths: found := false for _, err := range validationErrors { if err.ValidationSubType == helpers.Schema && - err.SchemaValidationErrors != nil && - len(err.SchemaValidationErrors) > 0 { - for _, schemaErr := range err.SchemaValidationErrors { - if schemaErr.Location == "schema compilation" && - schemaErr.Reason != "" { - found = true - assert.Contains(t, schemaErr.Reason, "failed to compile JSON schema") - assert.Contains(t, err.HowToFix, "complex regex patterns") - break - } + len(err.SchemaValidationErrors) == 0 { + // Schema compilation errors don't have SchemaValidationFailure objects + if strings.Contains(err.Reason, "failed to compile JSON schema") { + found = true + assert.Contains(t, err.Reason, "failed to compile JSON schema") + assert.Contains(t, err.HowToFix, "complex regex patterns") + break } } } @@ -1512,6 +1539,372 @@ paths: } } +func TestValidateBody_StrictMode_UndeclaredProperty(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/getBurger: + get: + responses: + '200': + content: + application/json: + schema: + type: object + properties: + name: + type: string + patties: + type: integer` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewResponseBodyValidator(&m.Model, config.WithStrictMode()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/getBurger", nil) + + // Response with undeclared property 'extra' + responseBody := `{"name": "Big Mac", "patties": 2, "extra": "undeclared"}` + response := &http.Response{ + Header: http.Header{}, + StatusCode: http.StatusOK, + Body: io.NopCloser(strings.NewReader(responseBody)), + } + response.Header.Set("Content-Type", "application/json") + + valid, errs := v.ValidateResponseBody(request, response) + + assert.False(t, valid) + assert.Len(t, errs, 1) + assert.Contains(t, errs[0].Message, "extra") + assert.Contains(t, errs[0].Message, "not declared") +} + +func TestValidateBody_StrictMode_ValidResponse(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/getBurger: + get: + responses: + '200': + content: + application/json: + schema: + type: object + properties: + name: + type: string + patties: + type: integer` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewResponseBodyValidator(&m.Model, config.WithStrictMode()) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/getBurger", nil) + + // Response with only declared properties + responseBody := `{"name": "Big Mac", "patties": 2}` + response := &http.Response{ + Header: http.Header{}, + StatusCode: http.StatusOK, + Body: io.NopCloser(strings.NewReader(responseBody)), + } + response.Header.Set("Content-Type", "application/json") + + valid, errs := v.ValidateResponseBody(request, response) + + assert.True(t, valid) + assert.Len(t, errs, 0) +} + +func TestValidateBody_ValidURLEncodedBody(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/createBurger: + post: + responses: + default: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + name: + type: string + patties: + type: integer` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewResponseBodyValidator(&m.Model, config.WithURLEncodedBodyValidation()) + + body := "name=test&patties=2" + + request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader([]byte(body))) + request.Header.Set(helpers.ContentTypeHeader, helpers.URLEncodedContentType) + + res := httptest.NewRecorder() + handler := func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, helpers.URLEncodedContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write([]byte(body)) + } + + handler(res, request) + response := res.Result() + + valid, errors := v.ValidateResponseBody(request, response) + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestValidateBody_InvalidURLEncoded(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/createBurger: + post: + responses: + default: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + name: + type: string + patties: + type: integer` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewResponseBodyValidator(&m.Model, config.WithURLEncodedBodyValidation()) + + body := "name=test&patties=true" + + request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader([]byte(body))) + request.Header.Set(helpers.ContentTypeHeader, helpers.URLEncodedContentType) + + res := httptest.NewRecorder() + handler := func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, helpers.URLEncodedContentType) + w.WriteHeader(http.StatusOK) + _, _ = w.Write([]byte(body)) + } + + handler(res, request) + response := res.Result() + + valid, errors := v.ValidateResponseBody(request, response) + assert.False(t, valid) + assert.Len(t, errors, 1) +} + +func TestValidateBody_ValidXmlDecode(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/createBurger: + post: + responses: + default: + content: + application/xml: + schema: + type: object + properties: + name: + type: string + patties: + type: integer` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewResponseBodyValidator(&m.Model, config.WithXmlBodyValidation()) + + body := "test2" + + // build a request + request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader([]byte(body))) + request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) + + // simulate a request/response + res := httptest.NewRecorder() + handler := func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, "application/xml") + w.WriteHeader(http.StatusOK) + _, _ = w.Write([]byte(body)) + } + + // fire the request + handler(res, request) + + // record response + response := res.Result() + + // validate! + valid, errors := v.ValidateResponseBody(request, response) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestValidateBody_ValidXmlFailedValidation(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/createBurger: + post: + responses: + default: + content: + application/xml: + schema: + type: object + properties: + name: + type: string + patties: + type: integer` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewResponseBodyValidator(&m.Model, config.WithXmlBodyValidation()) + + body := "20text" + + // build a request + request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader([]byte(body))) + request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) + + // simulate a request/response + res := httptest.NewRecorder() + handler := func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, "application/xml") + w.WriteHeader(http.StatusOK) + _, _ = w.Write([]byte(body)) + } + + // fire the request + handler(res, request) + + // record response + response := res.Result() + + // validate! + valid, errors := v.ValidateResponseBody(request, response) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Len(t, errors[0].SchemaValidationErrors, 1) +} + +func TestValidateBody_IgnoreXmlValidation(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/createBurger: + post: + responses: + default: + content: + application/xml: + schema: + type: object + properties: + name: + type: string + patties: + type: integer + vegetarian: + type: boolean` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewResponseBodyValidator(&m.Model) + + body := "invalidbodycausenoxml" + + // build a request + request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader([]byte(body))) + request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) + + // simulate a request/response + res := httptest.NewRecorder() + handler := func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, "application/xml") + w.WriteHeader(http.StatusOK) + _, _ = w.Write([]byte(body)) + } + + // fire the request + handler(res, request) + + // record response + response := res.Result() + + // validate! + valid, errors := v.ValidateResponseBody(request, response) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} + +func TestValidateBody_InvalidXmlParse(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /burgers/createBurger: + post: + responses: + default: + content: + application/xml: + schema: + type: object + properties: + name: + type: string + patties: + type: integer + vegetarian: + type: boolean` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + m, _ := doc.BuildV3Model() + v := NewResponseBodyValidator(&m.Model, config.WithXmlBodyValidation()) + + body := "" + + // build a request + request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger", bytes.NewReader([]byte(body))) + request.Header.Set(helpers.ContentTypeHeader, helpers.JSONContentType) + + // simulate a request/response + res := httptest.NewRecorder() + handler := func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(helpers.ContentTypeHeader, "application/xml") + w.WriteHeader(http.StatusOK) + _, _ = w.Write([]byte(body)) + } + + // fire the request + handler(res, request) + + // record response + response := res.Result() + + // validate! + valid, errors := v.ValidateResponseBody(request, response) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Equal(t, "xml example is malformed", errors[0].Message) +} + type errorReader struct{} func (er *errorReader) Read(p []byte) (n int, err error) { diff --git a/responses/validate_headers.go b/responses/validate_headers.go index 2d5499ca..0cdd85bb 100644 --- a/responses/validate_headers.go +++ b/responses/validate_headers.go @@ -8,14 +8,16 @@ import ( "net/http" "strings" - "github.com/pb33f/libopenapi-validator/helpers" - "github.com/pb33f/libopenapi-validator/parameters" + "github.com/pb33f/libopenapi/orderedmap" + v3 "github.com/pb33f/libopenapi/datamodel/high/v3" lowv3 "github.com/pb33f/libopenapi/datamodel/low/v3" - "github.com/pb33f/libopenapi/orderedmap" "github.com/pb33f/libopenapi-validator/config" "github.com/pb33f/libopenapi-validator/errors" + "github.com/pb33f/libopenapi-validator/helpers" + "github.com/pb33f/libopenapi-validator/parameters" + "github.com/pb33f/libopenapi-validator/strict" ) // ValidateResponseHeaders validates the response headers against the OpenAPI spec. @@ -40,7 +42,9 @@ func ValidateResponseHeaders( // iterate through the response headers for name, v := range response.Header { // check if the model is in the spec - for k, header := range headers.FromOldest() { + for pair := headers.First(); pair != nil; pair = pair.Next() { + k := pair.Key() + header := pair.Value() if strings.EqualFold(k, name) { locatedHeaders[strings.ToLower(name)] = headerPair{ name: k, @@ -52,16 +56,12 @@ func ValidateResponseHeaders( } // determine if any required headers are missing from the response - for name, header := range headers.FromOldest() { + for pair := headers.First(); pair != nil; pair = pair.Next() { + name := pair.Key() + header := pair.Value() if header.Required { if _, ok := locatedHeaders[strings.ToLower(name)]; !ok { - // Construct full OpenAPI path for KeywordLocation - // e.g., /paths/~1health/get/responses/200/headers/chicken-nuggets/required - escapedPath := strings.ReplaceAll(pathTemplate, "~", "~0") - escapedPath = strings.ReplaceAll(escapedPath, "/", "~1") - method := strings.ToLower(request.Method) - keywordLocation := fmt.Sprintf("/paths/%s/%s/responses/%s/headers/%s/required", - escapedPath, method, statusCode, name) + keywordLocation := helpers.ConstructResponseHeaderJSONPointer(pathTemplate, request.Method, statusCode, name, "required") validationErrors = append(validationErrors, &errors.ValidationError{ ValidationType: helpers.ResponseBodyValidation, @@ -97,8 +97,35 @@ func ValidateResponseHeaders( } } } - if len(validationErrors) == 0 { - return true, nil + + if len(validationErrors) > 0 { + return false, validationErrors + } + + // strict mode: check for undeclared response headers + if options.StrictMode { + // convert orderedmap to regular map for strict validation + declaredMap := make(map[string]*v3.Header) + for name, header := range headers.FromOldest() { + declaredMap[name] = header + } + + undeclaredHeaders := strict.ValidateResponseHeaders(response.Header, &declaredMap, options) + for _, undeclared := range undeclaredHeaders { + validationErrors = append(validationErrors, + errors.UndeclaredHeaderError( + undeclared.Name, + undeclared.Value.(string), + undeclared.DeclaredProperties, + undeclared.Direction.String(), + request.URL.Path, + request.Method, + )) + } + } + + if len(validationErrors) > 0 { + return false, validationErrors } - return false, validationErrors + return true, nil } diff --git a/responses/validate_headers_test.go b/responses/validate_headers_test.go index ddcf5214..290d7d13 100644 --- a/responses/validate_headers_test.go +++ b/responses/validate_headers_test.go @@ -10,6 +10,8 @@ import ( "github.com/pb33f/libopenapi" "github.com/stretchr/testify/assert" + + "github.com/pb33f/libopenapi-validator/config" ) func TestValidateResponseHeaders(t *testing.T) { @@ -130,3 +132,91 @@ paths: assert.True(t, valid) assert.Len(t, errors, 0) } + +func TestValidateResponseHeaders_StrictMode(t *testing.T) { + spec := `openapi: "3.0.0" +info: + title: Healthcheck + version: '0.1.0' +paths: + /health: + get: + responses: + '200': + headers: + x-request-id: + description: request ID + required: false + schema: + type: string + description: healthy response` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + // build a request + request, _ := http.NewRequest(http.MethodGet, "https://things.com/health", nil) + + // simulate a response with an undeclared header + res := httptest.NewRecorder() + handler := func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("X-Request-Id", "abc-123") + w.Header().Set("X-Undeclared-Header", "should fail in strict mode") + w.WriteHeader(http.StatusOK) + } + + handler(res, request) + response := res.Result() + + headers := m.Model.Paths.PathItems.GetOrZero("/health").Get.Responses.Codes.GetOrZero("200").Headers + + // validate with strict mode - should find undeclared header + valid, errors := ValidateResponseHeaders(request, response, headers, "/health", "200", config.WithStrictMode()) + + assert.False(t, valid) + assert.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "X-Undeclared-Header") + assert.Contains(t, errors[0].Message, "not declared") +} + +func TestValidateResponseHeaders_StrictMode_NoUndeclared(t *testing.T) { + spec := `openapi: "3.0.0" +info: + title: Healthcheck + version: '0.1.0' +paths: + /health: + get: + responses: + '200': + headers: + x-request-id: + description: request ID + required: false + schema: + type: string + description: healthy response` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + m, _ := doc.BuildV3Model() + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/health", nil) + + // response with only declared headers (x-request-id is declared, Content-Type is default-ignored) + res := httptest.NewRecorder() + handler := func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("X-Request-Id", "abc-123") + w.WriteHeader(http.StatusOK) + } + + handler(res, request) + response := res.Result() + + headers := m.Model.Paths.PathItems.GetOrZero("/health").Get.Responses.Codes.GetOrZero("200").Headers + + // validate with strict mode - should pass (no undeclared headers) + valid, errors := ValidateResponseHeaders(request, response, headers, "/health", "200", config.WithStrictMode()) + + assert.True(t, valid) + assert.Len(t, errors, 0) +} diff --git a/responses/validate_response.go b/responses/validate_response.go index b6633e64..4a8c120a 100644 --- a/responses/validate_response.go +++ b/responses/validate_response.go @@ -13,17 +13,19 @@ import ( "regexp" "strconv" - "github.com/pb33f/libopenapi-validator/cache" - "github.com/pb33f/libopenapi-validator/config" - "github.com/pb33f/libopenapi-validator/errors" - "github.com/pb33f/libopenapi-validator/helpers" - "github.com/pb33f/libopenapi-validator/schema_validation" "github.com/pb33f/libopenapi/datamodel/high/base" "github.com/pb33f/libopenapi/utils" "github.com/santhosh-tekuri/jsonschema/v6" "go.yaml.in/yaml/v4" "golang.org/x/text/language" "golang.org/x/text/message" + + "github.com/pb33f/libopenapi-validator/cache" + "github.com/pb33f/libopenapi-validator/config" + "github.com/pb33f/libopenapi-validator/errors" + "github.com/pb33f/libopenapi-validator/helpers" + "github.com/pb33f/libopenapi-validator/schema_validation" + "github.com/pb33f/libopenapi-validator/strict" ) var instanceLocationRegex = regexp.MustCompile(`^/(\d+)`) @@ -49,6 +51,7 @@ func ValidateResponseSchema(input *ValidateResponseSchemaInput) (bool, []*errors var renderedSchema, jsonSchema []byte var referenceSchema string var compiledSchema *jsonschema.Schema + var cachedNode *yaml.Node if input.Schema == nil { return false, []*errors.ValidationError{{ @@ -72,13 +75,39 @@ func ValidateResponseSchema(input *ValidateResponseSchemaInput) (bool, []*errors renderedSchema = cached.RenderedInline referenceSchema = cached.ReferenceSchema compiledSchema = cached.CompiledSchema + cachedNode = cached.RenderedNode } } // Cache miss or no cache - render and compile if compiledSchema == nil { - renderedSchema, _ = input.Schema.RenderInline() + renderCtx := base.NewInlineRenderContext() + var renderErr error + renderedSchema, renderErr = input.Schema.RenderInlineWithContext(renderCtx) referenceSchema = string(renderedSchema) + + // If rendering failed (e.g., circular reference), return the render error + if renderErr != nil { + violation := &errors.SchemaValidationFailure{ + Reason: renderErr.Error(), + ReferenceSchema: referenceSchema, + } + validationErrors = append(validationErrors, &errors.ValidationError{ + ValidationType: helpers.ResponseBodyValidation, + ValidationSubType: helpers.Schema, + Message: fmt.Sprintf("%d response body for '%s' failed schema rendering", + input.Response.StatusCode, input.Request.URL.Path), + Reason: fmt.Sprintf("The response schema for status code '%d' failed to render: %s", + input.Response.StatusCode, renderErr.Error()), + SpecLine: 1, + SpecCol: 0, + SchemaValidationErrors: []*errors.SchemaValidationFailure{violation}, + HowToFix: "check the response schema for circular references or invalid structures", + Context: referenceSchema, + }) + return false, validationErrors + } + jsonSchema, _ = utils.ConvertYAMLtoJSON(renderedSchema) var err error @@ -100,7 +129,7 @@ func ValidateResponseSchema(input *ValidateResponseSchemaInput) (bool, []*errors SpecLine: 1, SpecCol: 0, HowToFix: "check the response schema for invalid JSON Schema syntax, complex regex patterns, or unsupported schema constructs", - Context: referenceSchema, + Context: input.Schema, }) return false, validationErrors } @@ -122,6 +151,11 @@ func ValidateResponseSchema(input *ValidateResponseSchemaInput) (bool, []*errors schema := input.Schema if response == nil || response.Body == http.NoBody { + + // skip response body validation for head request after processing schema + if response != nil && request != nil && request.Method == http.MethodHead { + return len(validationErrors) == 0, validationErrors + } // cannot decode the response body, so it's not valid validationErrors = append(validationErrors, &errors.ValidationError{ ValidationType: "response", @@ -132,7 +166,7 @@ func ValidateResponseSchema(input *ValidateResponseSchemaInput) (bool, []*errors SpecLine: 1, SpecCol: 0, HowToFix: "ensure response object has been set", - Context: referenceSchema, // attach the rendered schema to the error + Context: schema, }) return false, validationErrors } @@ -149,7 +183,7 @@ func ValidateResponseSchema(input *ValidateResponseSchemaInput) (bool, []*errors SpecLine: 1, SpecCol: 0, HowToFix: "ensure body is not empty", - Context: referenceSchema, // attach the rendered schema to the error + Context: schema, }) return false, validationErrors } @@ -161,6 +195,27 @@ func ValidateResponseSchema(input *ValidateResponseSchemaInput) (bool, []*errors var decodedObj interface{} if len(responseBody) > 0 { + // Per RFC7231, a response to a HEAD request MUST NOT include a message body. + if request != nil && request.Method == http.MethodHead { + violation := &errors.SchemaValidationFailure{ + Reason: "HEAD responses must not include a message body", + ReferenceObject: string(responseBody), + ReferenceSchema: referenceSchema, + } + validationErrors = append(validationErrors, &errors.ValidationError{ + ValidationType: helpers.ResponseBodyValidation, + ValidationSubType: helpers.Schema, + Message: fmt.Sprintf("%s response for '%s' must not include a body", + request.Method, request.URL.Path), + Reason: "The response to a HEAD request must not contain a body", + SpecLine: 1, + SpecCol: 0, + SchemaValidationErrors: []*errors.SchemaValidationFailure{violation}, + HowToFix: "ensure no response body is present for HEAD requests", + Context: referenceSchema, + }) + return false, validationErrors + } err := json.Unmarshal(responseBody, &decodedObj) if err != nil { // cannot decode the response body, so it's not valid @@ -173,7 +228,7 @@ func ValidateResponseSchema(input *ValidateResponseSchemaInput) (bool, []*errors SpecLine: 1, SpecCol: 0, HowToFix: errors.HowToFixInvalidSchema, - Context: referenceSchema, // attach the rendered schema to the error + Context: schema, }) return false, validationErrors } @@ -193,9 +248,11 @@ func ValidateResponseSchema(input *ValidateResponseSchemaInput) (bool, []*errors schFlatErrs := jk.BasicOutput().Errors var schemaValidationErrors []*errors.SchemaValidationFailure - // re-encode the schema once for error reporting - var renderedNode yaml.Node - _ = yaml.Unmarshal(renderedSchema, &renderedNode) + renderedNode := cachedNode + if renderedNode == nil { + renderedNode = new(yaml.Node) + _ = yaml.Unmarshal(renderedSchema, renderedNode) + } for q := range schFlatErrs { er := schFlatErrs[q] @@ -226,7 +283,6 @@ func ValidateResponseSchema(input *ValidateResponseSchemaInput) (bool, []*errors violation := &errors.SchemaValidationFailure{ Reason: errMsg, - Location: er.InstanceLocation, // DEPRECATED FieldName: helpers.ExtractFieldNameFromStringLocation(er.InstanceLocation), FieldPath: helpers.ExtractJSONPathFromStringLocation(er.InstanceLocation), InstancePath: helpers.ConvertStringLocationToPathSegments(er.InstanceLocation), @@ -274,9 +330,43 @@ func ValidateResponseSchema(input *ValidateResponseSchemaInput) (bool, []*errors SpecCol: col, SchemaValidationErrors: schemaValidationErrors, HowToFix: errors.HowToFixInvalidSchema, - Context: referenceSchema, // attach the rendered schema to the error + Context: schema, }) } + if len(validationErrors) > 0 { + return false, validationErrors + } + + // strict mode: check for undeclared properties in response body + if validationOptions.StrictMode && decodedObj != nil { + strictValidator := strict.NewValidator(validationOptions, input.Version) + strictResult := strictValidator.Validate(strict.Input{ + Schema: schema, + Data: decodedObj, + Direction: strict.DirectionResponse, + Options: validationOptions, + BasePath: "$.body", + Version: input.Version, + }) + + if !strictResult.Valid { + for _, undeclared := range strictResult.UndeclaredValues { + validationErrors = append(validationErrors, + errors.UndeclaredPropertyError( + undeclared.Path, + undeclared.Name, + undeclared.Value, + undeclared.DeclaredProperties, + undeclared.Direction.String(), + request.URL.Path, + request.Method, + undeclared.SpecLine, + undeclared.SpecCol, + )) + } + } + } + if len(validationErrors) > 0 { return false, validationErrors } diff --git a/responses/validate_response_test.go b/responses/validate_response_test.go index 3520c8b6..5a9eb310 100644 --- a/responses/validate_response_test.go +++ b/responses/validate_response_test.go @@ -9,10 +9,11 @@ import ( "testing" "github.com/pb33f/libopenapi" - "github.com/pb33f/libopenapi-validator/config" "github.com/pb33f/libopenapi/datamodel/high/base" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/pb33f/libopenapi-validator/config" ) func TestValidateResponseSchema(t *testing.T) { @@ -248,3 +249,98 @@ func TestValidateResponseSchema_NilSchemaGoLow(t *testing.T) { assert.Equal(t, "schema cannot be rendered", errors[0].Message) assert.Contains(t, errors[0].Reason, "does not have low-level information") } + +func TestValidateResponseSchema_CircularReference(t *testing.T) { + // Test when schema has a circular reference that causes render failure + spec := `openapi: 3.1.0 +info: + title: Test + version: 1.0.0 +components: + schemas: + Error: + type: object + properties: + code: + type: string + details: + type: array + items: + $ref: '#/components/schemas/Error'` + + doc, err := libopenapi.NewDocument([]byte(spec)) + require.NoError(t, err) + model, errs := doc.BuildV3Model() + require.Empty(t, errs) + + // Verify circular reference was detected + require.Len(t, model.Index.GetCircularReferences(), 1) + + schema := model.Model.Components.Schemas.GetOrZero("Error") + require.NotNil(t, schema) + + valid, errors := ValidateResponseSchema(&ValidateResponseSchemaInput{ + Request: postRequest(), + Response: responseWithBody(`{"code": "abc", "details": [{"code": "def"}]}`), + Schema: schema.Schema(), + Version: 3.1, + }) + + assert.False(t, valid) + require.Len(t, errors, 1) + assert.Contains(t, errors[0].Message, "failed schema rendering") + assert.Contains(t, errors[0].Reason, "circular reference") +} + +func TestValidateResponseSchema_ResponseMissing(t *testing.T) { + schema := parseSchemaFromSpec(t, `type: object +properties: + name: + type: string`, 3.1) + + // Response body missing (NoBody) for a non-HEAD request should error + valid, errs := ValidateResponseSchema(&ValidateResponseSchemaInput{ + Request: postRequest(), + Response: &http.Response{StatusCode: http.StatusOK, Body: http.NoBody}, + Schema: schema, + Version: 3.1, + }) + + assert.False(t, valid) + require.Len(t, errs, 1) + assert.Contains(t, errs[0].Message, "response object is missing") +} + +func TestValidateResponseSchema_HeadEmptySkipsValidation(t *testing.T) { + schema := parseSchemaFromSpec(t, `type: object`, 3.1) + + req, _ := http.NewRequest(http.MethodHead, "/test", nil) + resp := &http.Response{StatusCode: http.StatusOK, Body: http.NoBody} + + valid, errs := ValidateResponseSchema(&ValidateResponseSchemaInput{ + Request: req, + Response: resp, + Schema: schema, + Version: 3.1, + }) + + assert.True(t, valid) + assert.Len(t, errs, 0) +} + +func TestValidateResponseSchema_HeadWithBodyFails(t *testing.T) { + schema := parseSchemaFromSpec(t, `type: object`, 3.1) + + req, _ := http.NewRequest(http.MethodHead, "/test", nil) + + valid, errs := ValidateResponseSchema(&ValidateResponseSchemaInput{ + Request: req, + Response: responseWithBody(`{"name":"bob"}`), + Schema: schema, + Version: 3.1, + }) + + assert.False(t, valid) + require.Len(t, errs, 1) + assert.Contains(t, errs[0].Reason, "must not contain a body") +} diff --git a/schema_validation/locate_schema_property.go b/schema_validation/locate_schema_property.go index 4ade2f46..a84ce377 100644 --- a/schema_validation/locate_schema_property.go +++ b/schema_validation/locate_schema_property.go @@ -5,6 +5,7 @@ package schema_validation import ( "github.com/pb33f/jsonpath/pkg/jsonpath" + "github.com/pb33f/jsonpath/pkg/jsonpath/config" "github.com/pb33f/libopenapi/utils" "go.yaml.in/yaml/v4" ) @@ -26,7 +27,7 @@ func LocateSchemaPropertyNodeByJSONPath(doc *yaml.Node, JSONPath string) *yaml.N if path == "" { doneChan <- true } - jsonPath, _ := jsonpath.NewPath(path) + jsonPath, _ := jsonpath.NewPath(path, config.WithLazyContextTracking()) locatedNodes := jsonPath.Query(doc) if len(locatedNodes) > 0 { locatedNode = locatedNodes[0] diff --git a/schema_validation/property_locator.go b/schema_validation/property_locator.go new file mode 100644 index 00000000..dce4377d --- /dev/null +++ b/schema_validation/property_locator.go @@ -0,0 +1,306 @@ +// Copyright 2025 Princess B33f Heavy Industries / Dave Shanley +// SPDX-License-Identifier: MIT + +package schema_validation + +import ( + "regexp" + "strings" + + "github.com/santhosh-tekuri/jsonschema/v6" + "go.yaml.in/yaml/v4" + + liberrors "github.com/pb33f/libopenapi-validator/errors" + "github.com/pb33f/libopenapi-validator/helpers" +) + +// PropertyNameInfo contains extracted information about a property name validation error +type PropertyNameInfo struct { + PropertyName string // The property name that violated validation (e.g., "$defs-atmVolatility_type") + ParentLocation []string // The path to the parent containing the property (e.g., ["components", "schemas"]) + EnhancedReason string // A more detailed error message with context + Pattern string // The pattern that was violated, if applicable +} + +var ( + // invalidPropertyNameRegex matches errors like: "invalid propertyName 'X'" + invalidPropertyNameRegex = regexp.MustCompile(`invalid propertyName '([^']+)'`) + + // patternMismatchRegex matches errors like: "'X' does not match pattern 'Y'" + patternMismatchRegex = regexp.MustCompile(`'([^']+)' does not match pattern '([^']+)'`) +) + +// extractPropertyNameFromError extracts property name information from a jsonschema.ValidationError +// when BasicOutput doesn't provide useful InstanceLocation. +// This handles Priority 1 (invalid propertyName) and Priority 2 (pattern mismatch) cases. +// +// Returns PropertyNameInfo with extracted details, or nil if no relevant information found. +// Note: ValidationError.Error() includes all cause information in the formatted string, +// so we only need to check the root error message. +func extractPropertyNameFromError(ve *jsonschema.ValidationError) *PropertyNameInfo { + if ve == nil { + return nil + } + + // Check error message for patterns (Error() includes all cause information) + return checkErrorForPropertyInfo(ve) +} + +// checkErrorForPropertyInfo examines a single ValidationError for property name patterns. +// This is extracted as a separate function to avoid duplication and improve testability. +func checkErrorForPropertyInfo(ve *jsonschema.ValidationError) *PropertyNameInfo { + errMsg := ve.Error() + return checkErrorMessageForPropertyInfo(errMsg, ve.InstanceLocation, ve) +} + +// checkErrorMessageForPropertyInfo extracts property name info from an error message string. +// This is separated to improve testability while keeping validation error traversal logic intact. +func checkErrorMessageForPropertyInfo(errMsg string, instanceLocation []string, ve *jsonschema.ValidationError) *PropertyNameInfo { + // Check for "invalid propertyName 'X'" first (most specific error message) + if matches := invalidPropertyNameRegex.FindStringSubmatch(errMsg); len(matches) > 1 { + propertyName := matches[1] + info := &PropertyNameInfo{ + PropertyName: propertyName, + ParentLocation: instanceLocation, + } + + // try to extract pattern information from deeper causes if available + var pattern string + if ve != nil { + pattern = extractPatternFromCauses(ve) + } + + if pattern != "" { + info.Pattern = pattern + info.EnhancedReason = buildEnhancedReason(propertyName, pattern) + } else { + info.EnhancedReason = "invalid propertyName '" + propertyName + "'" + } + + return info + } + + // Check for "'X' does not match pattern 'Y'" as fallback (pattern violation) + if matches := patternMismatchRegex.FindStringSubmatch(errMsg); len(matches) > 2 { + return &PropertyNameInfo{ + PropertyName: matches[1], + ParentLocation: instanceLocation, + Pattern: matches[2], + EnhancedReason: buildEnhancedReason(matches[1], matches[2]), + } + } + + return nil +} + +// extractPatternFromCauses looks through error causes to find pattern violation details. +// Since ValidationError.Error() includes all cause information, we check the formatted error string. +func extractPatternFromCauses(ve *jsonschema.ValidationError) string { + if ve == nil { + return "" + } + + // Check the error message which includes all cause information + errMsg := ve.Error() + if matches := patternMismatchRegex.FindStringSubmatch(errMsg); len(matches) > 2 { + return matches[2] + } + + return "" +} + +// buildEnhancedReason constructs a detailed error message with property name and pattern +func buildEnhancedReason(propertyName, pattern string) string { + var buf strings.Builder + buf.Grow(len(propertyName) + len(pattern) + 50) // pre-allocate to avoid reallocation + buf.WriteString("invalid propertyName '") + buf.WriteString(propertyName) + buf.WriteString("': does not match pattern '") + buf.WriteString(pattern) + buf.WriteString("'") + return buf.String() +} + +// findPropertyKeyNodeInYAML searches the YAML tree for a property key node at a specific location. +// It first navigates to the parent location, then searches for the property name as a map key. +// +// Parameters: +// - rootNode: The root YAML node to search from +// - propertyName: The property key to find (e.g., "$defs-atmVolatility_type") +// - parentPath: Path segments to the parent (e.g., ["components", "schemas"]) +// +// Returns the YAML node for the property key, or nil if not found. +func findPropertyKeyNodeInYAML(rootNode *yaml.Node, propertyName string, parentPath []string) *yaml.Node { + if rootNode == nil || propertyName == "" { + return nil + } + + // Navigate to parent location first + currentNode := rootNode + for _, segment := range parentPath { + currentNode = navigateToYAMLChild(currentNode, segment) + if currentNode == nil { + return nil + } + } + + // Search for the property name as a map key + return findMapKeyNode(currentNode, propertyName) +} + +// navigateToYAMLChild navigates from a parent node to a child by name. +// Handles both document root navigation and map content navigation. +func navigateToYAMLChild(parent *yaml.Node, childName string) *yaml.Node { + if parent == nil { + return nil + } + + // If parent is a document node, navigate to its content + if parent.Kind == yaml.DocumentNode && len(parent.Content) > 0 { + parent = parent.Content[0] + } + + // Navigate through mapping node + if parent.Kind == yaml.MappingNode { + return findMapKeyValue(parent, childName) + } + + return nil +} + +// findMapKeyValue searches a mapping node for a key and returns its value node +func findMapKeyValue(mappingNode *yaml.Node, keyName string) *yaml.Node { + if mappingNode.Kind != yaml.MappingNode { + return nil + } + + // mapping nodes have key-value pairs: [key1, value1, key2, value2, ...] + for i := 0; i < len(mappingNode.Content); i += 2 { + keyNode := mappingNode.Content[i] + if keyNode.Value == keyName { + // return the value node (i+1) + if i+1 < len(mappingNode.Content) { + return mappingNode.Content[i+1] + } + } + } + + return nil +} + +// findMapKeyNode searches a mapping node for a key and returns the key node itself (not the value) +func findMapKeyNode(mappingNode *yaml.Node, keyName string) *yaml.Node { + if mappingNode == nil { + return nil + } + + // if it's a document node, unwrap to content + if mappingNode.Kind == yaml.DocumentNode && len(mappingNode.Content) > 0 { + mappingNode = mappingNode.Content[0] + } + + if mappingNode.Kind != yaml.MappingNode { + return nil + } + + // mapping nodes have key-value pairs: [key1, value1, key2, value2, ...] + for i := 0; i < len(mappingNode.Content); i += 2 { + keyNode := mappingNode.Content[i] + if keyNode.Value == keyName { + return keyNode // contains line/column metadata for error reporting + } + } + + return nil +} + +// applyPropertyNameFallback attempts to enrich a violation with property name information +// when the primary location method fails. Returns true if enrichment was applied. +func applyPropertyNameFallback( + propertyInfo *PropertyNameInfo, + rootNode *yaml.Node, + violation *liberrors.SchemaValidationFailure, +) bool { + if propertyInfo == nil { + return false + } + + return enrichSchemaValidationFailure( + propertyInfo, + rootNode, + &violation.Line, + &violation.Column, + &violation.Reason, + &violation.FieldName, + &violation.FieldPath, + &violation.InstancePath, + ) +} + +// enrichSchemaValidationFailure attempts to enhance a SchemaValidationFailure with better +// location information by searching the YAML tree when the standard location is empty. +// +// This function: +// 1. searches YAML tree for the property key in various locations +// 2. updates Line, Column, Reason, and other fields if found +// +// Returns true if enrichment was performed, false otherwise. +func enrichSchemaValidationFailure( + failure *PropertyNameInfo, + rootNode *yaml.Node, + line *int, + column *int, + reason *string, + fieldName *string, + fieldPath *string, + instancePath *[]string, +) bool { + if failure == nil { + return false + } + + // search for the property key in the YAML tree with multiple fallback locations + // since InstanceLocation may be empty for property name errors + var foundNode *yaml.Node + + // try with the provided parent location first + if len(failure.ParentLocation) > 0 { + foundNode = findPropertyKeyNodeInYAML(rootNode, failure.PropertyName, failure.ParentLocation) + } + + // common fallback locations for OpenAPI property name errors + if foundNode == nil { + foundNode = findPropertyKeyNodeInYAML(rootNode, failure.PropertyName, []string{"components", "schemas"}) + } + if foundNode == nil { + foundNode = findPropertyKeyNodeInYAML(rootNode, failure.PropertyName, []string{"components"}) + } + if foundNode == nil { + foundNode = findPropertyKeyNodeInYAML(rootNode, failure.PropertyName, []string{}) + } + + if foundNode == nil { + return false + } + + // populate location metadata from YAML node + *line = foundNode.Line + *column = foundNode.Column + + if failure.EnhancedReason != "" { + *reason = failure.EnhancedReason + } + + *fieldName = failure.PropertyName + + // construct JSONPath from parent location segments + if len(failure.ParentLocation) > 0 { + *fieldPath = helpers.ExtractJSONPathFromStringLocation("/" + strings.Join(failure.ParentLocation, "/") + "/" + failure.PropertyName) + *instancePath = failure.ParentLocation + } else { + *fieldPath = helpers.ExtractJSONPathFromStringLocation("/" + failure.PropertyName) + *instancePath = []string{} + } + + return true +} diff --git a/schema_validation/property_locator_test.go b/schema_validation/property_locator_test.go new file mode 100644 index 00000000..56b74ad3 --- /dev/null +++ b/schema_validation/property_locator_test.go @@ -0,0 +1,1097 @@ +// Copyright 2025 Princess B33f Heavy Industries / Dave Shanley +// SPDX-License-Identifier: MIT + +package schema_validation + +import ( + "testing" + + "github.com/pb33f/libopenapi" + "github.com/stretchr/testify/assert" + "go.yaml.in/yaml/v4" +) + +func TestExtractPropertyNameFromError_InvalidPropertyName(t *testing.T) { + // We can't easily create a complete ValidationError without the jsonschema library internals, + // so we test the regex patterns separately in TestCheckErrorForPropertyInfo_* + // This test verifies that nil is returned for nil input + info := extractPropertyNameFromError(nil) + assert.Nil(t, info) +} + +func TestCheckErrorForPropertyInfo_InvalidPropertyName(t *testing.T) { + // Test the regex patterns that power property name extraction + // We test the regexes directly since we can't easily create proper ValidationError objects + testCases := []struct { + name string + errorMsg string + expectedProp string + shouldMatch bool + }{ + { + name: "Simple invalid property name", + errorMsg: "invalid propertyName '$defs-atmVolatility_type'", + expectedProp: "$defs-atmVolatility_type", + shouldMatch: true, + }, + { + name: "Property name with special chars", + errorMsg: "invalid propertyName '$ref-test_value'", + expectedProp: "$ref-test_value", + shouldMatch: true, + }, + { + name: "Property name with @", + errorMsg: "invalid propertyName '@invalid'", + expectedProp: "@invalid", + shouldMatch: true, + }, + { + name: "No match - different error", + errorMsg: "some other validation error", + shouldMatch: false, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + // Test the invalidPropertyNameRegex + matches := invalidPropertyNameRegex.FindStringSubmatch(tc.errorMsg) + if tc.shouldMatch { + assert.Len(t, matches, 2) + assert.Equal(t, tc.expectedProp, matches[1]) + } else { + assert.Len(t, matches, 0) + } + }) + } +} + +func TestCheckErrorForPropertyInfo_PatternMismatch(t *testing.T) { + testCases := []struct { + name string + errorMsg string + expectedValue string + expectedPattern string + }{ + { + name: "Standard pattern mismatch", + errorMsg: "'$defs-atmVolatility_type' does not match pattern '^[a-zA-Z0-9._-]+$'", + expectedValue: "$defs-atmVolatility_type", + expectedPattern: "^[a-zA-Z0-9._-]+$", + }, + { + name: "Complex pattern", + errorMsg: "'invalid@value' does not match pattern '^[a-zA-Z]+$'", + expectedValue: "invalid@value", + expectedPattern: "^[a-zA-Z]+$", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + matches := patternMismatchRegex.FindStringSubmatch(tc.errorMsg) + assert.Len(t, matches, 3) + assert.Equal(t, tc.expectedValue, matches[1]) + assert.Equal(t, tc.expectedPattern, matches[2]) + }) + } +} + +func TestCheckErrorMessageForPropertyInfo_InvalidPropertyNameWithPattern(t *testing.T) { + // Test the invalidPropertyName pattern WITH pattern extraction via real ValidationError + spec := `openapi: 3.1.0 +info: + title: Test With Pattern + version: 1.0.0 +components: + schemas: + $with-pattern: + type: object` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + _, errors := ValidateOpenAPIDocument(doc) + + if len(errors) > 0 && len(errors[0].SchemaValidationErrors) > 0 { + sve := errors[0].SchemaValidationErrors[0] + if sve.OriginalJsonSchemaError != nil { + // Test extractPatternFromCauses directly with the real error + pattern := extractPatternFromCauses(sve.OriginalJsonSchemaError) + assert.NotEmpty(t, pattern, "Should extract pattern from ValidationError") + + // Also test the info extraction + info := checkErrorForPropertyInfo(sve.OriginalJsonSchemaError) + assert.NotNil(t, info) + assert.Equal(t, "$with-pattern", info.PropertyName) + assert.NotEmpty(t, info.Pattern, "Pattern should be extracted from causes") + } + } +} + +func TestExtractPatternFromCauses_ErrorWithoutPattern(t *testing.T) { + // Test extractPatternFromCauses when Error() doesn't match the pattern regex + // We need a ValidationError whose Error() doesn't contain the pattern format + // Since we can't easily create one, we test that the function returns "" for non-matching messages + + // Create a spec with a validation error that won't have pattern information + spec := `openapi: 3.0.0 +info: + title: Test Without Pattern Info + version: 1.0.0 + contact: + invalid: this is not a valid contact` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + _, errors := ValidateOpenAPIDocument(doc) + + if len(errors) > 0 && len(errors[0].SchemaValidationErrors) > 0 { + for _, sve := range errors[0].SchemaValidationErrors { + if sve.OriginalJsonSchemaError != nil { + // Call extractPatternFromCauses - may return empty string for errors without pattern + pattern := extractPatternFromCauses(sve.OriginalJsonSchemaError) + // Pattern might be empty for non-property-name errors (covering line 108) + _ = pattern + } + } + } +} + +func TestCheckErrorMessageForPropertyInfo_InvalidPropertyNameNoPattern(t *testing.T) { + // Test the invalidPropertyName pattern WITHOUT pattern extraction (ve = nil) + // This tests the else branch at line 84-86 + errMsg := "invalid propertyName '$no-pattern-test'" + instanceLoc := []string{"components"} + + info := checkErrorMessageForPropertyInfo(errMsg, instanceLoc, nil) + assert.NotNil(t, info) + assert.Equal(t, "$no-pattern-test", info.PropertyName) + assert.Equal(t, "invalid propertyName '$no-pattern-test'", info.EnhancedReason) + assert.Empty(t, info.Pattern, "Pattern should be empty when ve is nil") +} + +func TestCheckErrorMessageForPropertyInfo_PatternMismatchDirect(t *testing.T) { + // Test the patternMismatchRegex branch (line 92-99) + errMsg := "'$invalid' does not match pattern '^[a-zA-Z0-9._-]+$'" + instanceLoc := []string{"test"} + + info := checkErrorMessageForPropertyInfo(errMsg, instanceLoc, nil) + assert.NotNil(t, info) + assert.Equal(t, "$invalid", info.PropertyName) + assert.Equal(t, "^[a-zA-Z0-9._-]+$", info.Pattern) + assert.Contains(t, info.EnhancedReason, "does not match pattern") +} + +func TestCheckErrorMessageForPropertyInfo_NoMatch(t *testing.T) { + // Test when no patterns match (returns nil at line 101) + errMsg := "some completely different error message" + instanceLoc := []string{} + + info := checkErrorMessageForPropertyInfo(errMsg, instanceLoc, nil) + assert.Nil(t, info, "Should return nil when no patterns match") +} + +func TestBuildEnhancedReason(t *testing.T) { + testCases := []struct { + name string + propertyName string + pattern string + expected string + }{ + { + name: "Standard case", + propertyName: "$defs-test", + pattern: "^[a-zA-Z0-9._-]+$", + expected: "invalid propertyName '$defs-test': does not match pattern '^[a-zA-Z0-9._-]+$'", + }, + { + name: "Empty pattern", + propertyName: "test", + pattern: "", + expected: "invalid propertyName 'test': does not match pattern ''", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + result := buildEnhancedReason(tc.propertyName, tc.pattern) + assert.Equal(t, tc.expected, result) + }) + } +} + +func TestExtractPatternFromCauses_Nil(t *testing.T) { + // Test nil input + pattern := extractPatternFromCauses(nil) + assert.Empty(t, pattern) +} + +func TestExtractPatternFromCauses_WithRealError(t *testing.T) { + // Test pattern extraction with a real ValidationError from ValidateOpenAPIDocument + spec := `openapi: 3.1.0 +info: + title: Test Pattern Extraction + version: 1.0.0 +components: + schemas: + $pattern-test: + type: object` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + _, errors := ValidateOpenAPIDocument(doc) + + if len(errors) > 0 && len(errors[0].SchemaValidationErrors) > 0 { + sve := errors[0].SchemaValidationErrors[0] + if sve.OriginalJsonSchemaError != nil { + // Test pattern extraction + pattern := extractPatternFromCauses(sve.OriginalJsonSchemaError) + assert.NotEmpty(t, pattern, "Should extract pattern from error") + assert.Equal(t, "^[a-zA-Z0-9._-]+$", pattern) + } + } +} + +func TestExtractPatternFromCauses_NoMatch(t *testing.T) { + // Test the return "" path when error message doesn't contain pattern (line 108) + // We use checkErrorMessageForPropertyInfo which internally calls extractPatternFromCauses + errMsg := "invalid propertyName '$test'" // Has property name but NO pattern in message + instanceLoc := []string{} + + // When ve is nil, extractPatternFromCauses won't be called with pattern info + // But we can test the "no pattern found" path with a different error message + info := checkErrorMessageForPropertyInfo(errMsg, instanceLoc, nil) + assert.NotNil(t, info) + // Should have property name but no pattern since ve=nil prevents extraction + assert.Equal(t, "$test", info.PropertyName) + assert.Empty(t, info.Pattern, "Pattern should be empty when not in message and ve=nil") + + // Also verify the regex doesn't match + testMsg := "some error without pattern" + matches := patternMismatchRegex.FindStringSubmatch(testMsg) + assert.Len(t, matches, 0, "Should not match error without pattern") +} + +func TestExtractPropertyNameFromError_Nil(t *testing.T) { + info := extractPropertyNameFromError(nil) + assert.Nil(t, info) +} + +func TestExtractPropertyNameFromError_DirectExtraction(t *testing.T) { + // Test that extractPropertyNameFromError works by checking the root error message + // (which includes all cause information from jsonschema library) + spec := `openapi: 3.1.0 +info: + title: Test Direct Extraction + version: 1.0.0 +components: + schemas: + $direct-test: + type: object` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + _, errors := ValidateOpenAPIDocument(doc) + if len(errors) > 0 && len(errors[0].SchemaValidationErrors) > 0 { + sve := errors[0].SchemaValidationErrors[0] + if sve.OriginalJsonSchemaError != nil { + // Test extraction from root error + info := extractPropertyNameFromError(sve.OriginalJsonSchemaError) + assert.NotNil(t, info, "Should extract property name from root error") + assert.Equal(t, "$direct-test", info.PropertyName) + assert.NotEmpty(t, info.EnhancedReason) + + // Test extractPatternFromCauses on the root error + pattern := extractPatternFromCauses(sve.OriginalJsonSchemaError) + assert.NotEmpty(t, pattern, "Should extract pattern from error message") + assert.Equal(t, "^[a-zA-Z0-9._-]+$", pattern) + } + } +} + +func TestExtractPropertyNameFromError_ReturnNilPath(t *testing.T) { + // Test the "return nil" path at line 54 when no patterns match and no causes have info + // We use a real validation error from a different type of violation + spec := `openapi: 3.1.0 +info: + title: Test + version: 1.0.0 +paths: + /test: + get: + responses: + 200: + description: OK + content: + application/json: + schema: + type: object + required: + - missingField + properties: + otherField: + type: string` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + // This creates a valid OpenAPI spec, so we get no validation errors + // But we can use it to test the nil return path + valid, errors := ValidateOpenAPIDocument(doc) + + if valid { + // No errors - good, this tests that we handle valid specs + assert.True(t, valid) + } else if len(errors) > 0 && len(errors[0].SchemaValidationErrors) > 0 { + // If there are errors, test extraction (might not find property name info) + sve := errors[0].SchemaValidationErrors[0] + if sve.OriginalJsonSchemaError != nil { + info := extractPropertyNameFromError(sve.OriginalJsonSchemaError) + // Info might be nil for non-property-name errors + _ = info + } + } +} + +func TestFindPropertyKeyNodeInYAML_Success(t *testing.T) { + yamlContent := ` +components: + schemas: + $defs-atmVolatility_type: + type: object + properties: + value: + type: string +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + // Find the problematic property name + foundNode := findPropertyKeyNodeInYAML(rootNode.Content[0], "$defs-atmVolatility_type", []string{"components", "schemas"}) + assert.NotNil(t, foundNode) + assert.Equal(t, "$defs-atmVolatility_type", foundNode.Value) + assert.Greater(t, foundNode.Line, 0) + assert.Greater(t, foundNode.Column, 0) +} + +func TestFindPropertyKeyNodeInYAML_NotFound(t *testing.T) { + yamlContent := ` +components: + schemas: + ValidSchema: + type: object +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + foundNode := findPropertyKeyNodeInYAML(rootNode.Content[0], "NonExistent", []string{"components", "schemas"}) + assert.Nil(t, foundNode) +} + +func TestFindPropertyKeyNodeInYAML_InvalidParentPath(t *testing.T) { + yamlContent := ` +components: + schemas: + TestSchema: + type: object +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + foundNode := findPropertyKeyNodeInYAML(rootNode.Content[0], "TestSchema", []string{"invalid", "path"}) + assert.Nil(t, foundNode) +} + +func TestFindPropertyKeyNodeInYAML_NilRootNode(t *testing.T) { + foundNode := findPropertyKeyNodeInYAML(nil, "test", []string{"components"}) + assert.Nil(t, foundNode) +} + +func TestFindPropertyKeyNodeInYAML_EmptyPropertyName(t *testing.T) { + yamlContent := ` +components: + schemas: + TestSchema: + type: object +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + foundNode := findPropertyKeyNodeInYAML(rootNode.Content[0], "", []string{"components", "schemas"}) + assert.Nil(t, foundNode) +} + +func TestFindPropertyKeyNodeInYAML_EmptyParentPath(t *testing.T) { + yamlContent := ` +TestProperty: + type: object +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + foundNode := findPropertyKeyNodeInYAML(rootNode.Content[0], "TestProperty", []string{}) + assert.NotNil(t, foundNode) + assert.Equal(t, "TestProperty", foundNode.Value) +} + +func TestNavigateToYAMLChild_Success(t *testing.T) { + yamlContent := ` +components: + schemas: + TestSchema: + type: object +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + // Navigate to components + child := navigateToYAMLChild(rootNode.Content[0], "components") + assert.NotNil(t, child) + assert.Equal(t, yaml.MappingNode, child.Kind) +} + +func TestNavigateToYAMLChild_NotFound(t *testing.T) { + yamlContent := ` +components: + schemas: + TestSchema: + type: object +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + child := navigateToYAMLChild(rootNode.Content[0], "nonexistent") + assert.Nil(t, child) +} + +func TestNavigateToYAMLChild_NilParent(t *testing.T) { + child := navigateToYAMLChild(nil, "test") + assert.Nil(t, child) +} + +func TestNavigateToYAMLChild_DocumentNode(t *testing.T) { + yamlContent := ` +test: + value: 123 +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + // rootNode itself is a DocumentNode + child := navigateToYAMLChild(&rootNode, "test") + assert.NotNil(t, child) +} + +func TestNavigateToYAMLChild_NonMappingNode(t *testing.T) { + yamlContent := ` +- item1 +- item2 +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + // Try to navigate a sequence node as if it were a map + child := navigateToYAMLChild(rootNode.Content[0], "test") + assert.Nil(t, child) +} + +func TestFindMapKeyValue_Success(t *testing.T) { + yamlContent := ` +key1: value1 +key2: value2 +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + valueNode := findMapKeyValue(rootNode.Content[0], "key1") + assert.NotNil(t, valueNode) + assert.Equal(t, "value1", valueNode.Value) +} + +func TestFindMapKeyValue_NotFound(t *testing.T) { + yamlContent := ` +key1: value1 +key2: value2 +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + valueNode := findMapKeyValue(rootNode.Content[0], "key3") + assert.Nil(t, valueNode) +} + +func TestFindMapKeyValue_NonMappingNode(t *testing.T) { + yamlContent := ` +- item1 +- item2 +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + valueNode := findMapKeyValue(rootNode.Content[0], "test") + assert.Nil(t, valueNode) +} + +func TestFindMapKeyNode_Success(t *testing.T) { + yamlContent := ` +key1: value1 +key2: value2 +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + keyNode := findMapKeyNode(rootNode.Content[0], "key1") + assert.NotNil(t, keyNode) + assert.Equal(t, "key1", keyNode.Value) +} + +func TestFindMapKeyNode_NotFound(t *testing.T) { + yamlContent := ` +key1: value1 +key2: value2 +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + keyNode := findMapKeyNode(rootNode.Content[0], "key3") + assert.Nil(t, keyNode) +} + +func TestFindMapKeyNode_NilNode(t *testing.T) { + keyNode := findMapKeyNode(nil, "test") + assert.Nil(t, keyNode) +} + +func TestFindMapKeyNode_DocumentNode(t *testing.T) { + yamlContent := ` +test: value +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + // Pass the document node itself + keyNode := findMapKeyNode(&rootNode, "test") + assert.NotNil(t, keyNode) + assert.Equal(t, "test", keyNode.Value) +} + +func TestFindMapKeyNode_NonMappingNode(t *testing.T) { + yamlContent := ` +- item1 +- item2 +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + keyNode := findMapKeyNode(rootNode.Content[0], "test") + assert.Nil(t, keyNode) +} + +func TestEnrichSchemaValidationFailure_Success(t *testing.T) { + yamlContent := ` +components: + schemas: + $defs-atmVolatility_type: + type: object +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + failure := &PropertyNameInfo{ + PropertyName: "$defs-atmVolatility_type", + ParentLocation: []string{"components", "schemas"}, + EnhancedReason: "invalid propertyName '$defs-atmVolatility_type': does not match pattern '^[a-zA-Z0-9._-]+$'", + Pattern: "^[a-zA-Z0-9._-]+$", + } + + var line, column int + var reason, fieldName, fieldPath string + var instancePath []string + + enriched := enrichSchemaValidationFailure( + failure, + rootNode.Content[0], + &line, + &column, + &reason, + &fieldName, + &fieldPath, + &instancePath, + ) + + assert.True(t, enriched) + assert.Greater(t, line, 0) + assert.Greater(t, column, 0) + assert.Equal(t, "invalid propertyName '$defs-atmVolatility_type': does not match pattern '^[a-zA-Z0-9._-]+$'", reason) + assert.Equal(t, "$defs-atmVolatility_type", fieldName) + assert.Contains(t, fieldPath, "$defs-atmVolatility_type") + assert.Equal(t, []string{"components", "schemas"}, instancePath) +} + +func TestEnrichSchemaValidationFailure_NilFailure(t *testing.T) { + yamlContent := ` +test: value +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + var line, column int + var reason, fieldName, fieldPath string + var instancePath []string + + enriched := enrichSchemaValidationFailure( + nil, + rootNode.Content[0], + &line, + &column, + &reason, + &fieldName, + &fieldPath, + &instancePath, + ) + + assert.False(t, enriched) + assert.Equal(t, 0, line) + assert.Equal(t, 0, column) +} + +func TestEnrichSchemaValidationFailure_PropertyNotFound(t *testing.T) { + yamlContent := ` +components: + schemas: + ValidSchema: + type: object +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + failure := &PropertyNameInfo{ + PropertyName: "NonExistent", + ParentLocation: []string{"components", "schemas"}, + EnhancedReason: "test reason", + } + + var line, column int + var reason, fieldName, fieldPath string + var instancePath []string + + enriched := enrichSchemaValidationFailure( + failure, + rootNode.Content[0], + &line, + &column, + &reason, + &fieldName, + &fieldPath, + &instancePath, + ) + + assert.False(t, enriched) + assert.Equal(t, 0, line) + assert.Equal(t, 0, column) +} + +func TestEnrichSchemaValidationFailure_EmptyParentLocation(t *testing.T) { + yamlContent := ` +$defs-test: + type: object +` + + var rootNode yaml.Node + err := yaml.Unmarshal([]byte(yamlContent), &rootNode) + assert.NoError(t, err) + + failure := &PropertyNameInfo{ + PropertyName: "$defs-test", + ParentLocation: []string{}, + EnhancedReason: "test reason", + } + + var line, column int + var reason, fieldName, fieldPath string + var instancePath []string + + enriched := enrichSchemaValidationFailure( + failure, + rootNode.Content[0], + &line, + &column, + &reason, + &fieldName, + &fieldPath, + &instancePath, + ) + + assert.True(t, enriched) + assert.Greater(t, line, 0) + assert.Equal(t, "test reason", reason) + assert.Equal(t, "$defs-test", fieldName) + assert.Equal(t, []string{}, instancePath) +} + +func TestCheckErrorForPropertyInfo_NoMatch(t *testing.T) { + // checkErrorForPropertyInfo calls ve.Error() which requires a properly initialized ValidationError. + // We can't easily create one without the jsonschema library internals. + // The regex patterns are tested separately in TestCheckErrorForPropertyInfo_* tests above. + // This test is redundant with TestExtractPropertyNameFromError_NoCauses + t.Skip("Skipping as we cannot create a proper ValidationError without internal state") +} + +// TestPropertyLocator_Integration_InvalidPropertyName tests the full flow from ValidateOpenAPIDocument +// through the property locator functions. This provides coverage for extractPropertyNameFromError +// and checkErrorForPropertyInfo which require real ValidationError objects from jsonschema. +func TestPropertyLocator_Integration_InvalidPropertyName(t *testing.T) { + spec := `openapi: 3.1.0 +info: + title: Test Invalid Property Name + version: 1.0.0 +components: + schemas: + $defs-atmVolatility_type: + type: object + properties: + value: + type: string` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + // Before integration - validate without our fallback logic + // This just verifies the test scenario triggers a validation error + valid, errors := ValidateOpenAPIDocument(doc) + assert.False(t, valid) + assert.Len(t, errors, 1) + + // The validator should find the error + assert.Len(t, errors[0].SchemaValidationErrors, 1) + sve := errors[0].SchemaValidationErrors[0] + + // After integration, the fallback logic should populate Line and Column + assert.Greater(t, sve.Line, 0, "Line should be populated by fallback logic") + assert.Greater(t, sve.Column, 0, "Column should be populated by fallback logic") + + // Verify the enhanced error message includes the property name and pattern + assert.Contains(t, sve.Reason, "$defs-atmVolatility_type", "Reason should include property name") + assert.Contains(t, sve.Reason, "does not match pattern", "Reason should include pattern info") + + // Verify additional fields are populated + assert.Equal(t, "$defs-atmVolatility_type", sve.FieldName, "FieldName should be extracted") + assert.Contains(t, sve.FieldPath, "$defs-atmVolatility_type", "FieldPath should include property name") + + // Original validation check that extractPropertyNameFromError works + assert.NotNil(t, sve.OriginalJsonSchemaError, "OriginalError should be populated") + + info := extractPropertyNameFromError(sve.OriginalJsonSchemaError) + // This should successfully extract the property name + assert.NotNil(t, info, "Should extract property name info from error") + assert.Equal(t, "$defs-atmVolatility_type", info.PropertyName) + assert.Contains(t, info.EnhancedReason, "$defs-atmVolatility_type") + assert.Contains(t, info.EnhancedReason, "does not match pattern") + assert.NotEmpty(t, info.Pattern, "Pattern should be extracted") + + // Explicitly test checkErrorForPropertyInfo with the root error and causes + // to ensure coverage of different code paths + rootInfo := checkErrorForPropertyInfo(sve.OriginalJsonSchemaError) + if rootInfo == nil && len(sve.OriginalJsonSchemaError.Causes) > 0 { + // Check first cause + causeInfo := checkErrorForPropertyInfo(sve.OriginalJsonSchemaError.Causes[0]) + _ = causeInfo + } + + // Explicitly test extractPatternFromCauses to exercise recursive pattern extraction + pattern := extractPatternFromCauses(sve.OriginalJsonSchemaError) + if pattern != "" { + assert.Equal(t, "^[a-zA-Z0-9._-]+$", pattern) + } + + // Verify we can find it in the YAML + docInfo := doc.GetSpecInfo() + + // The parent location might be empty or have "components", "schemas" depending on how + // the error was structured. Let's try different combinations. + foundNode := findPropertyKeyNodeInYAML(docInfo.RootNode.Content[0], info.PropertyName, []string{"components", "schemas"}) + if foundNode == nil { + // Try without parent location + foundNode = findPropertyKeyNodeInYAML(docInfo.RootNode.Content[0], info.PropertyName, []string{}) + } + if foundNode == nil { + // Try with just components + foundNode = findPropertyKeyNodeInYAML(docInfo.RootNode.Content[0], info.PropertyName, []string{"components"}) + } + + assert.NotNil(t, foundNode, "Should find property key in YAML tree") + if foundNode != nil { + assert.Greater(t, foundNode.Line, 0) + assert.Equal(t, "$defs-atmVolatility_type", foundNode.Value) + } +} + +// TestPropertyLocator_Integration_MultipleInvalidSchemas tests extraction with multiple invalid property names +func TestPropertyLocator_Integration_MultipleInvalidSchemas(t *testing.T) { + // Multiple invalid property names to test recursive cause traversal + spec := `openapi: 3.1.0 +info: + title: Test Multiple Invalid Names + version: 1.0.0 +components: + schemas: + $first-invalid: + type: object + $second-invalid: + type: string + parameters: + $param-invalid: + name: test + in: query + schema: + type: string` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + valid, errors := ValidateOpenAPIDocument(doc) + assert.False(t, valid) + + // Should find multiple errors + assert.Greater(t, len(errors), 0) + if len(errors) > 0 && len(errors[0].SchemaValidationErrors) > 0 { + // Each error should have property info extracted + foundCount := 0 + patternExtractedCount := 0 + noPatternCount := 0 + + for _, sve := range errors[0].SchemaValidationErrors { + if sve.OriginalJsonSchemaError != nil { + info := extractPropertyNameFromError(sve.OriginalJsonSchemaError) + if info != nil { + foundCount++ + assert.NotEmpty(t, info.PropertyName) + + // Test both branches of pattern extraction + if info.Pattern != "" { + patternExtractedCount++ + assert.NotEmpty(t, info.EnhancedReason) + assert.Contains(t, info.EnhancedReason, "does not match pattern") + } else { + // This covers the else branch in checkErrorForPropertyInfo (line 74-76) + noPatternCount++ + assert.Contains(t, info.EnhancedReason, "invalid propertyName") + } + + // Test extractPatternFromCauses coverage + pattern := extractPatternFromCauses(sve.OriginalJsonSchemaError) + // Pattern may or may not be found depending on error structure + _ = pattern + } + } + } + // At least one error should have property info extracted + assert.Greater(t, foundCount, 0, "Should extract property info from at least one error") + } +} + +// TestValidateOpenAPIDocument_Issue726_InvalidPropertyName tests the fix for GitHub issue #726 +// (https://github.com/daveshanley/vacuum/issues/726) +// +// Issue: Invalid spec (not valid against OAS 3 schema) reports errors at line 0:0 +// +// The problem was that when an OpenAPI document contained invalid property names +// (e.g., starting with '$' which doesn't match the required pattern '^[a-zA-Z0-9._-]+$'), +// the validator would correctly identify the error but report it at location 0:0 +// instead of the actual line number where the invalid property was defined. +// +// This test verifies that after the fix, the validator: +// 1. Correctly identifies the invalid property name +// 2. Reports the actual line number (not 0:0) +// 3. Provides an enhanced error message with the property name and pattern +// 4. Populates all relevant fields (FieldName, FieldPath, etc.) +func TestValidateOpenAPIDocument_Issue726_InvalidPropertyName(t *testing.T) { + // This spec has an invalid schema name: $defs-atmVolatility_type + // The '$' at the beginning violates the OpenAPI pattern: ^[a-zA-Z0-9._-]+$ + spec := `openapi: 3.1.0 +info: + title: Test Spec with Invalid Property Name + version: 1.0.0 +components: + schemas: + $defs-atmVolatility_type: + type: object + properties: + volatility: + type: number` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + // Validate the document + valid, errors := ValidateOpenAPIDocument(doc) + + // Should not be valid due to invalid property name + assert.False(t, valid, "Document should not be valid") + assert.Len(t, errors, 1, "Should have exactly one validation error") + + // Check the validation error structure + assert.Len(t, errors[0].SchemaValidationErrors, 1, "Should have exactly one schema validation error") + + sve := errors[0].SchemaValidationErrors[0] + + // CRITICAL: Line and Column should NOT be 0 (this was the bug) + assert.Greater(t, sve.Line, 0, "Line should be greater than 0 (bug fix verification)") + assert.Greater(t, sve.Column, 0, "Column should be greater than 0 (bug fix verification)") + + // The line should point to where $defs-atmVolatility_type is defined (line 7 in this spec) + assert.Equal(t, 7, sve.Line, "Line should point to the invalid property name") + + // Verify the enhanced error message includes the property name and pattern + assert.Contains(t, sve.Reason, "$defs-atmVolatility_type", + "Reason should include the invalid property name") + assert.Contains(t, sve.Reason, "does not match pattern", + "Reason should explain the pattern mismatch") + assert.Contains(t, sve.Reason, "^[a-zA-Z0-9._-]+$", + "Reason should include the required pattern") + + // Verify additional fields are populated correctly + assert.Equal(t, "$defs-atmVolatility_type", sve.FieldName, + "FieldName should be extracted from the error") + assert.Contains(t, sve.FieldPath, "$defs-atmVolatility_type", + "FieldPath should include the property name") + + // Verify OriginalError is preserved for debugging + assert.NotNil(t, sve.OriginalJsonSchemaError, "OriginalError should be populated for debugging") +} + +// TestValidateOpenAPIDocument_Issue726_MultipleInvalidPropertyNames tests that the fix +// works correctly when there are multiple invalid property names in the same document. +func TestValidateOpenAPIDocument_Issue726_MultipleInvalidPropertyNames(t *testing.T) { + spec := `openapi: 3.1.0 +info: + title: Test Spec with Multiple Invalid Property Names + version: 1.0.0 +components: + schemas: + $invalid-name-1: + type: object + properties: + field1: + type: string + $invalid-name-2: + type: object + properties: + field2: + type: string` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + valid, errors := ValidateOpenAPIDocument(doc) + + assert.False(t, valid) + assert.Len(t, errors, 1) + + // Should have errors for both invalid property names + assert.GreaterOrEqual(t, len(errors[0].SchemaValidationErrors), 1, + "Should have at least one schema validation error") + + // Check that all errors have valid line numbers (not 0) + for i, sve := range errors[0].SchemaValidationErrors { + assert.Greater(t, sve.Line, 0, + "Error %d: Line should be greater than 0", i) + } +} + +// TestValidateOpenAPIDocument_Issue726_ValidPropertyNames is a negative test that verifies +// the fix doesn't break validation of valid specs. +func TestValidateOpenAPIDocument_Issue726_ValidPropertyNames(t *testing.T) { + // This spec has valid schema names + spec := `openapi: 3.1.0 +info: + title: Test Spec with Valid Property Names + version: 1.0.0 +components: + schemas: + ValidSchemaName: + type: object + properties: + field1: + type: string + AnotherValidName: + type: object + properties: + field2: + type: string` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + valid, errors := ValidateOpenAPIDocument(doc) + + // Should be valid + assert.True(t, valid, "Document with valid property names should be valid") + assert.Len(t, errors, 0, "Should have no validation errors") +} + +// TestValidateOpenAPIDocument_Issue726_BackwardCompatibility ensures that the fix +// doesn't break existing error reporting for errors that already had line numbers. +func TestValidateOpenAPIDocument_Issue726_BackwardCompatibility(t *testing.T) { + // This spec has a different type of validation error (missing required field) + // to ensure the fix doesn't break other validation errors + spec := `openapi: 3.1.0 +info: + title: Test Spec` + // version is required but missing + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + valid, errors := ValidateOpenAPIDocument(doc) + + // Should not be valid + assert.False(t, valid) + assert.Greater(t, len(errors), 0) + + // All errors should have valid line numbers + for _, verr := range errors { + for i, sve := range verr.SchemaValidationErrors { + // Line might be 0 for some error types, but that's okay - we're just + // checking that the fix didn't break existing error reporting + assert.GreaterOrEqual(t, sve.Line, 0, + "Error %d: Line should not be negative", i) + } + } +} diff --git a/schema_validation/urlencoded_validator.go b/schema_validation/urlencoded_validator.go new file mode 100644 index 00000000..ebfbd7c7 --- /dev/null +++ b/schema_validation/urlencoded_validator.go @@ -0,0 +1,61 @@ +// Copyright 2026 Princess B33f Heavy Industries / Dave Shanley +// SPDX-License-Identifier: MIT + +package schema_validation + +import ( + "log/slog" + "os" + + "github.com/pb33f/libopenapi/datamodel/high/base" + v3 "github.com/pb33f/libopenapi/datamodel/high/v3" + "github.com/pb33f/libopenapi/orderedmap" + + "github.com/pb33f/libopenapi-validator/config" + liberrors "github.com/pb33f/libopenapi-validator/errors" +) + +// URLEncodedValidator is an interface that defines methods for validating URL encoded strings against OpenAPI schemas. +// There are 2 methods for validating URL encoded: +// +// ValidateURLEncodedString validates an URL encoded string against a schema, applying OpenAPI object transformations. +// ValidateURLEncodedStringWithVersion - version-aware URL encoded validation that allows OpenAPI 3.0 keywords when version is specified. +type URLEncodedValidator interface { + // ValidateURLEncodedString validates an URL encoded string against a schema, applying OpenAPI object transformations. + // Uses OpenAPI 3.1+ validation by default (strict JSON Schema compliance). + ValidateURLEncodedString(schema *base.Schema, encoding *orderedmap.Map[string, *v3.Encoding], urlEncodedString string) (bool, []*liberrors.ValidationError) + + // ValidateURLEncodedStringWithVersion validates an URL encoded string with version-specific rules. + // When version is 3.0, OpenAPI 3.0-specific keywords like 'nullable' are allowed and processed. + // When version is 3.1+, OpenAPI 3.0-specific keywords like 'nullable' will cause validation to fail. + ValidateURLEncodedStringWithVersion(schema *base.Schema, encoding *orderedmap.Map[string, *v3.Encoding], urlEncodedString string, version float32) (bool, []*liberrors.ValidationError) +} + +type urlEncodedValidator struct { + schemaValidator *schemaValidator + logger *slog.Logger +} + +// NewURLEncodedValidatorWithLogger creates a new URLEncodedValidator instance with a custom logger. +func NewURLEncodedValidatorWithLogger(logger *slog.Logger, opts ...config.Option) URLEncodedValidator { + options := config.NewValidationOptions(opts...) + // Create an internal schema validator for JSON validation after URLEncoded transformation + sv := &schemaValidator{options: options, logger: logger} + return &urlEncodedValidator{schemaValidator: sv, logger: logger} +} + +// NewURLEncodedValidator creates a new URLEncodedValidator instance with default logging configuration. +func NewURLEncodedValidator(opts ...config.Option) URLEncodedValidator { + logger := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{ + Level: slog.LevelError, + })) + return NewURLEncodedValidatorWithLogger(logger, opts...) +} + +func (x *urlEncodedValidator) ValidateURLEncodedString(schema *base.Schema, encoding *orderedmap.Map[string, *v3.Encoding], urlEncodedString string) (bool, []*liberrors.ValidationError) { + return x.validateURLEncodedWithVersion(schema, encoding, urlEncodedString, x.logger, 3.1) +} + +func (x *urlEncodedValidator) ValidateURLEncodedStringWithVersion(schema *base.Schema, encoding *orderedmap.Map[string, *v3.Encoding], urlEncodedString string, version float32) (bool, []*liberrors.ValidationError) { + return x.validateURLEncodedWithVersion(schema, encoding, urlEncodedString, x.logger, version) +} diff --git a/schema_validation/validate_document.go b/schema_validation/validate_document.go index 9282bd5e..635f7335 100644 --- a/schema_validation/validate_document.go +++ b/schema_validation/validate_document.go @@ -1,4 +1,4 @@ -// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley // SPDX-License-Identifier: MIT package schema_validation @@ -34,6 +34,22 @@ func ValidateOpenAPIDocument(doc libopenapi.Document, opts ...config.Option) (bo info := doc.GetSpecInfo() loadedSchema := info.APISchema var validationErrors []*liberrors.ValidationError + + // Check if SpecJSON is nil before dereferencing + if info.SpecJSON == nil { + validationErrors = append(validationErrors, &liberrors.ValidationError{ + ValidationType: helpers.Schema, + ValidationSubType: "document", + Message: "OpenAPI document validation failed", + Reason: "The document's SpecJSON is nil, indicating the document was not properly parsed or is empty", + SpecLine: 1, + SpecCol: 0, + HowToFix: "ensure the OpenAPI document is valid YAML/JSON and can be properly parsed by libopenapi", + Context: "document root", + }) + return false, validationErrors + } + decodedDocument := *info.SpecJSON // Compile the JSON Schema @@ -41,7 +57,7 @@ func ValidateOpenAPIDocument(doc libopenapi.Document, opts ...config.Option) (bo if err != nil { // schema compilation failed, return validation error instead of panicking validationErrors = append(validationErrors, &liberrors.ValidationError{ - ValidationType: "schema", + ValidationType: helpers.Schema, ValidationSubType: "compilation", Message: "OpenAPI document schema compilation failed", Reason: fmt.Sprintf("The OpenAPI schema failed to compile: %s", err.Error()), @@ -66,6 +82,9 @@ func ValidateOpenAPIDocument(doc libopenapi.Document, opts ...config.Option) (bo // flatten the validationErrors schFlatErrs := jk.BasicOutput().Errors + // Extract property name info once before processing errors (performance optimization) + propertyInfo := extractPropertyNameFromError(jk) + for q := range schFlatErrs { er := schFlatErrs[q] @@ -77,15 +96,14 @@ func ValidateOpenAPIDocument(doc libopenapi.Document, opts ...config.Option) (bo // locate the violated property in the schema located := LocateSchemaPropertyNodeByJSONPath(info.RootNode.Content[0], er.InstanceLocation) - violation := &liberrors.SchemaValidationFailure{ - Reason: errMsg, - Location: er.InstanceLocation, - FieldName: helpers.ExtractFieldNameFromStringLocation(er.InstanceLocation), - FieldPath: helpers.ExtractJSONPathFromStringLocation(er.InstanceLocation), - InstancePath: helpers.ConvertStringLocationToPathSegments(er.InstanceLocation), - KeywordLocation: er.KeywordLocation, - OriginalJsonSchemaError: jk, - } + violation := &liberrors.SchemaValidationFailure{ + Reason: errMsg, + FieldName: helpers.ExtractFieldNameFromStringLocation(er.InstanceLocation), + FieldPath: helpers.ExtractJSONPathFromStringLocation(er.InstanceLocation), + InstancePath: helpers.ConvertStringLocationToPathSegments(er.InstanceLocation), + KeywordLocation: er.KeywordLocation, + OriginalJsonSchemaError: jk, + } // if we have a location within the schema, add it to the error if located != nil { @@ -101,6 +119,9 @@ func ValidateOpenAPIDocument(doc libopenapi.Document, opts ...config.Option) (bo // location of the violation within the rendered schema. violation.Line = line violation.Column = located.Column + } else { + // handles property name validation errors that don't provide useful InstanceLocation + applyPropertyNameFallback(propertyInfo, info.RootNode.Content[0], violation) } schemaValidationErrors = append(schemaValidationErrors, violation) } diff --git a/schema_validation/validate_document_test.go b/schema_validation/validate_document_test.go index b6104f62..3f454376 100644 --- a/schema_validation/validate_document_test.go +++ b/schema_validation/validate_document_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley // SPDX-License-Identifier: MIT package schema_validation @@ -62,21 +62,16 @@ func validateOpenAPIDocumentWithMalformedSchema(loadedSchema string, decodedDocu _, err := helpers.NewCompiledSchema("schema", []byte(loadedSchema), options) if err != nil { // schema compilation failed, return validation error instead of panicking - violation := &liberrors.SchemaValidationFailure{ - Reason: fmt.Sprintf("failed to compile OpenAPI schema: %s", err.Error()), - Location: "schema compilation", - ReferenceSchema: loadedSchema, - } + // NO SchemaValidationFailure for pre-validation errors like compilation failures validationErrors = append(validationErrors, &liberrors.ValidationError{ - ValidationType: "schema", - ValidationSubType: "compilation", - Message: "OpenAPI document schema compilation failed", - Reason: fmt.Sprintf("The OpenAPI schema failed to compile: %s", err.Error()), - SpecLine: 1, - SpecCol: 0, - SchemaValidationErrors: []*liberrors.SchemaValidationFailure{violation}, - HowToFix: "check the OpenAPI schema for invalid JSON Schema syntax, complex regex patterns, or unsupported schema constructs", - Context: loadedSchema, + ValidationType: helpers.Schema, + ValidationSubType: "compilation", + Message: "OpenAPI document schema compilation failed", + Reason: fmt.Sprintf("The OpenAPI schema failed to compile: %s", err.Error()), + SpecLine: 1, + SpecCol: 0, + HowToFix: "check the OpenAPI schema for invalid JSON Schema syntax, complex regex patterns, or unsupported schema constructs", + Context: loadedSchema, }) return false, validationErrors } @@ -106,7 +101,7 @@ func TestValidateDocument_SchemaCompilationFailure(t *testing.T) { // Verify we got a schema compilation error with the exact same structure validationError := errors[0] - assert.Equal(t, "schema", validationError.ValidationType) + assert.Equal(t, helpers.Schema, validationError.ValidationType) assert.Equal(t, "compilation", validationError.ValidationSubType) assert.Equal(t, "OpenAPI document schema compilation failed", validationError.Message) assert.Contains(t, validationError.Reason, "The OpenAPI schema failed to compile") @@ -115,12 +110,8 @@ func TestValidateDocument_SchemaCompilationFailure(t *testing.T) { assert.Equal(t, 1, validationError.SpecLine) assert.Equal(t, 0, validationError.SpecCol) - // Verify schema validation errors - assert.NotEmpty(t, validationError.SchemaValidationErrors) - schemaErr := validationError.SchemaValidationErrors[0] - assert.Equal(t, "schema compilation", schemaErr.Location) - assert.Contains(t, schemaErr.Reason, "failed to compile OpenAPI schema") - assert.Equal(t, malformedSchema, schemaErr.ReferenceSchema) + // Schema compilation errors don't have SchemaValidationFailure objects + assert.Empty(t, validationError.SchemaValidationErrors) } // TestValidateDocument_CompilationFailure tests the actual ValidateOpenAPIDocument function @@ -175,3 +166,38 @@ info: assert.Len(t, errors, 1) assert.Len(t, errors[0].SchemaValidationErrors, 6) } + +func TestValidateDocument_NilSpecJSON(t *testing.T) { + // Create a document with minimal valid OpenAPI content + spec := `openapi: 3.1.0 +info: + version: 1.0.0 + title: Test +` + + doc, _ := libopenapi.NewDocument([]byte(spec)) + + // Simulate the nil SpecJSON scenario by setting it to nil + info := doc.GetSpecInfo() + info.SpecJSON = nil + + // validate! + valid, errors := ValidateOpenAPIDocument(doc) + + // Should fail validation due to nil SpecJSON + assert.False(t, valid) + assert.Len(t, errors, 1) + + // Verify error structure + validationError := errors[0] + assert.Equal(t, helpers.Schema, validationError.ValidationType) + assert.Equal(t, "document", validationError.ValidationSubType) + assert.Equal(t, "OpenAPI document validation failed", validationError.Message) + assert.Contains(t, validationError.Reason, "SpecJSON is nil") + assert.Contains(t, validationError.HowToFix, "ensure the OpenAPI document is valid") + assert.Equal(t, 1, validationError.SpecLine) + assert.Equal(t, 0, validationError.SpecCol) + + // Pre-validation errors should not have SchemaValidationErrors + assert.Empty(t, validationError.SchemaValidationErrors) +} diff --git a/schema_validation/validate_schema.go b/schema_validation/validate_schema.go index b2def790..7f1f0553 100644 --- a/schema_validation/validate_schema.go +++ b/schema_validation/validate_schema.go @@ -1,6 +1,5 @@ // Copyright 2023 Princess B33f Heavy Industries / Dave Shanley // SPDX-License-Identifier: MIT - package schema_validation import ( @@ -8,14 +7,15 @@ import ( "errors" "fmt" "log/slog" + "math" "os" "reflect" "regexp" "strconv" "sync" + "github.com/pb33f/libopenapi-validator/cache" "github.com/pb33f/libopenapi/datamodel/high/base" - "github.com/pb33f/libopenapi/utils" "github.com/santhosh-tekuri/jsonschema/v6" "go.yaml.in/yaml/v4" "golang.org/x/text/language" @@ -122,39 +122,101 @@ func (s *schemaValidator) validateSchemaWithVersion(schema *base.Schema, payload return false, validationErrors } - // extract index of schema, and check the version - // schemaIndex := schema.GoLow().Index var renderedSchema []byte + var renderedNode *yaml.Node + var compiledSchema *jsonschema.Schema + + // Check cache first — reuses existing SchemaCache (populated by NewValidationOptions). + var cacheKey uint64 + canCache := s.options.SchemaCache != nil && schema.GoLow() != nil + if canCache { + // Include version in key so 3.0 (nullable) and 3.1 compile differently. + cacheKey = schema.GoLow().Hash() ^ uint64(math.Float32bits(version)) + if cached, ok := s.options.SchemaCache.Load(cacheKey); ok && + cached != nil && cached.CompiledSchema != nil { + renderedSchema = cached.RenderedInline + renderedNode = cached.RenderedNode + compiledSchema = cached.CompiledSchema + } + } - // render the schema, to be used for validation, stop this from running concurrently, mutations are made to state - // and, it will cause async issues. - s.lock.Lock() - var e error - renderedSchema, e = schema.RenderInline() - if e != nil { - // schema cannot be rendered, so it's not valid! - validationErrors = append(validationErrors, &liberrors.ValidationError{ - ValidationType: helpers.RequestBodyValidation, - ValidationSubType: helpers.Schema, - Message: "schema does not pass validation", - Reason: fmt.Sprintf("The schema cannot be decoded: %s", e.Error()), - SpecLine: schema.GoLow().GetRootNode().Line, - SpecCol: schema.GoLow().GetRootNode().Column, - HowToFix: liberrors.HowToFixInvalidSchema, - Context: string(renderedSchema), - }) + // Cache miss — render, convert to JSON, and compile. + if compiledSchema == nil { + renderCtx := base.NewInlineRenderContextForValidation() + s.lock.Lock() + nodeIface, renderErr := schema.MarshalYAMLInlineWithContext(renderCtx) s.lock.Unlock() - return false, validationErrors - } - s.lock.Unlock() + if renderErr != nil { + validationErrors = append(validationErrors, &liberrors.ValidationError{ + ValidationType: helpers.RequestBodyValidation, + ValidationSubType: helpers.Schema, + Message: "schema does not pass validation", + Reason: fmt.Sprintf("The schema cannot be decoded: %s", renderErr.Error()), + SpecLine: schema.GoLow().GetRootNode().Line, + SpecCol: schema.GoLow().GetRootNode().Column, + HowToFix: liberrors.HowToFixInvalidSchema, + Context: string(renderedSchema), + }) + return false, validationErrors + } + + // MarshalYAMLInlineWithContext returns *yaml.Node (from NodeBuilder.Render) + renderedNode, _ = nodeIface.(*yaml.Node) + + // yaml.Node → map → JSON bytes (skips yaml.Marshal + yaml.Unmarshal round-trip) + var jsonMap map[string]interface{} + if renderedNode != nil { + _ = renderedNode.Decode(&jsonMap) + } + jsonSchema, _ := json.Marshal(jsonMap) - jsonSchema, _ := utils.ConvertYAMLtoJSON(renderedSchema) + // YAML bytes generated once for error messages / context strings + renderedSchema, _ = yaml.Marshal(renderedNode) + + path := "" + if schema.GoLow().GetIndex() != nil { + path = schema.GoLow().GetIndex().GetSpecAbsolutePath() + } + + var compileErr error + compiledSchema, compileErr = helpers.NewCompiledSchemaWithVersion(path, jsonSchema, s.options, version) + if compileErr != nil { + line := 1 + col := 0 + if schema.GoLow().Type.KeyNode != nil { + line = schema.GoLow().Type.KeyNode.Line + col = schema.GoLow().Type.KeyNode.Column + } + validationErrors = append(validationErrors, &liberrors.ValidationError{ + ValidationType: helpers.Schema, + ValidationSubType: helpers.Schema, + Message: "schema compilation failed", + Reason: fmt.Sprintf("Schema compilation failed: %s", compileErr.Error()), + SpecLine: line, + SpecCol: col, + HowToFix: liberrors.HowToFixInvalidSchema, + Context: string(renderedSchema), + }) + return false, validationErrors + } + + // Store in cache for subsequent validations of the same schema. + if canCache && compiledSchema != nil { + s.options.SchemaCache.Store(cacheKey, &cache.SchemaCacheEntry{ + Schema: schema, + RenderedInline: renderedSchema, + ReferenceSchema: string(renderedSchema), + RenderedJSON: jsonSchema, + CompiledSchema: compiledSchema, + RenderedNode: renderedNode, + }) + } + } if decodedObject == nil && len(payload) > 0 { err := json.Unmarshal(payload, &decodedObject) if err != nil { - // cannot decode the request body, so it's not valid line := 1 col := 0 @@ -174,38 +236,12 @@ func (s *schemaValidator) validateSchemaWithVersion(schema *base.Schema, payload }) return false, validationErrors } - - } - - path := "" - if schema.GoLow().GetIndex() != nil { - path = schema.GoLow().GetIndex().GetSpecAbsolutePath() } - jsch, err := helpers.NewCompiledSchemaWithVersion(path, jsonSchema, s.options, version) var schemaValidationErrors []*liberrors.SchemaValidationFailure - if err != nil { - line := 1 - col := 0 - if schema.GoLow().Type.KeyNode != nil { - line = schema.GoLow().Type.KeyNode.Line - col = schema.GoLow().Type.KeyNode.Column - } - validationErrors = append(validationErrors, &liberrors.ValidationError{ - ValidationType: helpers.Schema, - ValidationSubType: helpers.Schema, - Message: "schema compilation failed", - Reason: fmt.Sprintf("Schema compilation failed: %s", err.Error()), - SpecLine: line, - SpecCol: col, - HowToFix: liberrors.HowToFixInvalidSchema, - Context: string(renderedSchema), - }) - return false, validationErrors - } - if jsch != nil && decodedObject != nil { - scErrs := jsch.Validate(decodedObject) + if compiledSchema != nil && decodedObject != nil { + scErrs := compiledSchema.Validate(decodedObject) if scErrs != nil { var jk *jsonschema.ValidationError @@ -214,7 +250,7 @@ func (s *schemaValidator) validateSchemaWithVersion(schema *base.Schema, payload // flatten the validationErrors schFlatErr := jk.BasicOutput().Errors schemaValidationErrors = extractBasicErrors(schFlatErr, renderedSchema, - decodedObject, payload, jk, schemaValidationErrors) + renderedNode, decodedObject, payload, jk, schemaValidationErrors) } line := 1 col := 0 @@ -242,10 +278,28 @@ func (s *schemaValidator) validateSchemaWithVersion(schema *base.Schema, payload } func extractBasicErrors(schFlatErrs []jsonschema.OutputUnit, - renderedSchema []byte, decodedObject interface{}, + renderedSchema []byte, renderedNode *yaml.Node, + decodedObject interface{}, payload []byte, jk *jsonschema.ValidationError, schemaValidationErrors []*liberrors.SchemaValidationFailure, ) []*liberrors.SchemaValidationFailure { + // Extract property name info once before processing errors (performance optimization) + propertyInfo := extractPropertyNameFromError(jk) + + // Determine root content node ONCE (not per-error). + // NodeBuilder.Render() returns MappingNode directly, no DocumentNode unwrapping needed. + var rootNode *yaml.Node + if renderedNode != nil { + rootNode = renderedNode + } else if len(renderedSchema) > 0 { + // Fallback: parse bytes ONCE + var docNode yaml.Node + _ = yaml.Unmarshal(renderedSchema, &docNode) + if len(docNode.Content) > 0 { + rootNode = docNode.Content[0] + } + } + for q := range schFlatErrs { er := schFlatErrs[q] @@ -255,12 +309,11 @@ func extractBasicErrors(schFlatErrs []jsonschema.OutputUnit, } if er.Error != nil { - // re-encode the schema. - var renderedNode yaml.Node - _ = yaml.Unmarshal(renderedSchema, &renderedNode) - // locate the violated property in the schema - located := LocateSchemaPropertyNodeByJSONPath(renderedNode.Content[0], er.KeywordLocation) + var located *yaml.Node + if rootNode != nil { + located = LocateSchemaPropertyNodeByJSONPath(rootNode, er.KeywordLocation) + } // extract the element specified by the instance val := instanceLocationRegex.FindStringSubmatch(er.InstanceLocation) @@ -280,7 +333,6 @@ func extractBasicErrors(schFlatErrs []jsonschema.OutputUnit, violation := &liberrors.SchemaValidationFailure{ Reason: errMsg, - Location: er.InstanceLocation, FieldName: helpers.ExtractFieldNameFromStringLocation(er.InstanceLocation), FieldPath: helpers.ExtractJSONPathFromStringLocation(er.InstanceLocation), InstancePath: helpers.ConvertStringLocationToPathSegments(er.InstanceLocation), @@ -303,6 +355,9 @@ func extractBasicErrors(schFlatErrs []jsonschema.OutputUnit, // location of the violation within the rendered schema. violation.Line = line violation.Column = located.Column + } else if rootNode != nil { + // handles property name validation errors that don't provide useful InstanceLocation + applyPropertyNameFallback(propertyInfo, rootNode, violation) } schemaValidationErrors = append(schemaValidationErrors, violation) } diff --git a/schema_validation/validate_schema_coercion_test.go b/schema_validation/validate_schema_coercion_test.go index a237bae4..a8036dc3 100644 --- a/schema_validation/validate_schema_coercion_test.go +++ b/schema_validation/validate_schema_coercion_test.go @@ -8,8 +8,9 @@ import ( "testing" "github.com/pb33f/libopenapi" - "github.com/pb33f/libopenapi-validator/config" "github.com/stretchr/testify/assert" + + "github.com/pb33f/libopenapi-validator/config" ) func TestSchemaValidator_ScalarCoercion_Boolean(t *testing.T) { diff --git a/schema_validation/validate_schema_extract_errors_test.go b/schema_validation/validate_schema_extract_errors_test.go new file mode 100644 index 00000000..825bffaa --- /dev/null +++ b/schema_validation/validate_schema_extract_errors_test.go @@ -0,0 +1,80 @@ +// Copyright 2026 Princess B33f Heavy Industries / Dave Shanley +// SPDX-License-Identifier: MIT + +package schema_validation + +import ( + "testing" + + "github.com/santhosh-tekuri/jsonschema/v6" + "github.com/stretchr/testify/assert" + "go.yaml.in/yaml/v4" + "golang.org/x/text/message" +) + +type stubErrorKind struct { + msg string +} + +func (s stubErrorKind) KeywordPath() []string { + return nil +} + +func (s stubErrorKind) LocalizedString(_ *message.Printer) string { + return s.msg +} + +func adjustedLine(node *yaml.Node) int { + line := node.Line + if (node.Kind == yaml.MappingNode || node.Kind == yaml.SequenceNode) && line > 0 { + line-- + } + return line +} + +func TestExtractBasicErrors_FallbackRenderedSchema_AdjustsLines(t *testing.T) { + renderedSchema := []byte(`type: object +required: + - item +properties: + item: + type: object`) + payload := []byte(`{"item":{}}`) + + flatErrors := []jsonschema.OutputUnit{ + { + KeywordLocation: "/properties/item", + AbsoluteKeywordLocation: "#/properties/item", + InstanceLocation: "/item", + Error: &jsonschema.OutputError{ + Kind: stubErrorKind{msg: "item is invalid"}, + }, + }, + { + KeywordLocation: "/required", + AbsoluteKeywordLocation: "#/required", + InstanceLocation: "/item", + Error: &jsonschema.OutputError{ + Kind: stubErrorKind{msg: "required is invalid"}, + }, + }, + } + + failures := extractBasicErrors(flatErrors, renderedSchema, nil, map[string]any{"item": map[string]any{}}, payload, nil, nil) + assert.Len(t, failures, 2) + + var docNode yaml.Node + err := yaml.Unmarshal(renderedSchema, &docNode) + assert.NoError(t, err) + assert.NotEmpty(t, docNode.Content) + + mappingNode := LocateSchemaPropertyNodeByJSONPath(docNode.Content[0], "/properties/item") + sequenceNode := LocateSchemaPropertyNodeByJSONPath(docNode.Content[0], "/required") + + assert.NotNil(t, mappingNode) + assert.NotNil(t, sequenceNode) + assert.Equal(t, adjustedLine(mappingNode), failures[0].Line) + assert.Equal(t, mappingNode.Column, failures[0].Column) + assert.Equal(t, adjustedLine(sequenceNode), failures[1].Line) + assert.Equal(t, sequenceNode.Column, failures[1].Column) +} diff --git a/schema_validation/validate_schema_openapi_test.go b/schema_validation/validate_schema_openapi_test.go index 54c01ea9..a1932487 100644 --- a/schema_validation/validate_schema_openapi_test.go +++ b/schema_validation/validate_schema_openapi_test.go @@ -8,8 +8,9 @@ import ( "testing" "github.com/pb33f/libopenapi" - "github.com/pb33f/libopenapi-validator/config" "github.com/stretchr/testify/assert" + + "github.com/pb33f/libopenapi-validator/config" ) func TestSchemaValidator_NullableKeyword_OpenAPI30_Success(t *testing.T) { diff --git a/schema_validation/validate_schema_test.go b/schema_validation/validate_schema_test.go index 7bf63036..29ca82b0 100644 --- a/schema_validation/validate_schema_test.go +++ b/schema_validation/validate_schema_test.go @@ -1097,3 +1097,218 @@ components: }) } } + +// TestValidateSchema_Discriminator_OneOf_WithRefs_Issue788 tests that validation works correctly +// when a schema has discriminator + oneOf with $ref to component schemas. +// This was a regression in vacuum v0.21.2+ where the validator would fail with +// "JSON schema compile failed: json-pointer not found" because discriminator refs +// were being preserved instead of inlined. +// https://github.com/daveshanley/vacuum/issues/788 +func TestValidateSchema_Discriminator_OneOf_WithRefs_Issue788(t *testing.T) { + spec := `openapi: 3.1.0 +info: + title: Test Discriminator OneOf With Refs + version: 1.0.0 +components: + schemas: + ProductWidget: + type: object + required: + - productName + - quantity + - color + properties: + productName: + type: string + enum: + - Widget + quantity: + type: integer + minimum: 1 + color: + type: string + enum: + - Red + - Blue + - Green + ProductGadget: + type: object + required: + - productName + - quantity + - size + properties: + productName: + type: string + enum: + - Gadget + quantity: + type: integer + minimum: 1 + size: + type: string + enum: + - Small + - Medium + - Large + Product: + oneOf: + - $ref: '#/components/schemas/ProductWidget' + - $ref: '#/components/schemas/ProductGadget' + discriminator: + propertyName: productName` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + model, errs := doc.BuildV3Model() + assert.Empty(t, errs) + + productSchema := model.Model.Components.Schemas.GetOrZero("Product").Schema() + + // Valid Widget product + validWidget := map[string]interface{}{ + "productName": "Widget", + "quantity": 1, + "color": "Green", + } + + validator := NewSchemaValidator() + valid, validationErrors := validator.ValidateSchemaObject(productSchema, validWidget) + + // This should pass without "json-pointer not found" error + assert.True(t, valid, "validation should pass for valid product with discriminator oneOf refs") + assert.Empty(t, validationErrors, "no validation errors should be present") +} + +// TestValidateSchema_Discriminator_AnyOf_WithRefs tests anyOf with discriminator and $refs +func TestValidateSchema_Discriminator_AnyOf_WithRefs(t *testing.T) { + spec := `openapi: 3.1.0 +info: + title: Test Discriminator AnyOf With Refs + version: 1.0.0 +components: + schemas: + Cat: + type: object + required: + - petType + - meow + properties: + petType: + type: string + const: cat + meow: + type: boolean + Dog: + type: object + required: + - petType + - bark + properties: + petType: + type: string + const: dog + bark: + type: boolean + Pet: + anyOf: + - $ref: '#/components/schemas/Cat' + - $ref: '#/components/schemas/Dog' + discriminator: + propertyName: petType` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + model, errs := doc.BuildV3Model() + assert.Empty(t, errs) + + petSchema := model.Model.Components.Schemas.GetOrZero("Pet").Schema() + + // Valid cat + validCat := map[string]interface{}{ + "petType": "cat", + "meow": true, + } + + validator := NewSchemaValidator() + valid, validationErrors := validator.ValidateSchemaObject(petSchema, validCat) + + assert.True(t, valid, "validation should pass for valid cat with discriminator anyOf refs") + assert.Empty(t, validationErrors, "no validation errors should be present") +} + +// TestValidateSchema_Discriminator_OneOf_WithRefs_InvalidData tests that invalid data +// still fails validation correctly (not a false negative) +func TestValidateSchema_Discriminator_OneOf_WithRefs_InvalidData(t *testing.T) { + spec := `openapi: 3.1.0 +info: + title: Test Discriminator OneOf Invalid + version: 1.0.0 +components: + schemas: + ProductWidget: + type: object + required: + - productName + - quantity + - color + properties: + productName: + type: string + enum: + - Widget + quantity: + type: integer + minimum: 1 + color: + type: string + enum: + - Red + - Blue + ProductGadget: + type: object + required: + - productName + - quantity + - size + properties: + productName: + type: string + enum: + - Gadget + quantity: + type: integer + minimum: 1 + size: + type: string + Product: + oneOf: + - $ref: '#/components/schemas/ProductWidget' + - $ref: '#/components/schemas/ProductGadget' + discriminator: + propertyName: productName` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + model, errs := doc.BuildV3Model() + assert.Empty(t, errs) + + productSchema := model.Model.Components.Schemas.GetOrZero("Product").Schema() + + // Invalid product - missing required field 'color' for Widget + invalidProduct := map[string]interface{}{ + "productName": "Widget", + "quantity": 1, + // missing required 'color' field + } + + validator := NewSchemaValidator() + valid, validationErrors := validator.ValidateSchemaObject(productSchema, invalidProduct) + + // This should fail because 'color' is required for Widget + assert.False(t, valid, "validation should fail for invalid product") + assert.NotEmpty(t, validationErrors, "validation errors should be present") +} diff --git a/schema_validation/validate_urlencoded.go b/schema_validation/validate_urlencoded.go new file mode 100644 index 00000000..f908db3f --- /dev/null +++ b/schema_validation/validate_urlencoded.go @@ -0,0 +1,392 @@ +package schema_validation + +import ( + "encoding/json" + "fmt" + "log/slog" + "net/url" + "regexp" + "slices" + "sort" + "strconv" + "strings" + + "github.com/pb33f/libopenapi-validator/errors" + "github.com/pb33f/libopenapi-validator/helpers" + "github.com/pb33f/libopenapi/datamodel/high/base" + v3 "github.com/pb33f/libopenapi/datamodel/high/v3" + "github.com/pb33f/libopenapi/orderedmap" +) + +var rxReserved = regexp.MustCompile(`[:/?#\[\]@!$&'()*+,;=]`) + +func TransformURLEncodedToSchemaJSON(bodyString string, schema *base.Schema, encoding *orderedmap.Map[string, *v3.Encoding]) (map[string]any, []*errors.ValidationError) { + rawValues, err := url.ParseQuery(bodyString) + if err != nil { + return nil, []*errors.ValidationError{errors.InvalidURLEncodedParsing("empty form-urlencoded context", bodyString)} + } + + jsonMap := unflattenValues(rawValues) + + var validationErrors []*errors.ValidationError + + if schema != nil { + if schema.Properties != nil { + for pair := orderedmap.First(schema.Properties); pair != nil; pair = pair.Next() { + propName := pair.Key() + propSchema := pair.Value().Schema() + + var contentEncoding *v3.Encoding + var allowReserved bool + + if encoding != nil { + contentEncoding = encoding.GetOrZero(propName) + + if contentEncoding != nil { + allowReserved = contentEncoding.AllowReserved + } + } + + if val, exists := jsonMap[propName]; exists { + newVal, err := applyEncodingRules(val, contentEncoding, propSchema) + if err != nil { + contentType := "" + if contentEncoding != nil { + contentType = contentEncoding.ContentType + } + + validationErrors = append(validationErrors, errors.InvalidTypeEncoding(propSchema, propName, contentType)) + } else { + jsonMap[propName] = newVal + val = newVal + } + + validateEncodingRecursive(propName, val, allowReserved, &validationErrors, propSchema) + } + } + } + + coerced := coerceValue(jsonMap, schema) + if asMap, ok := coerced.(map[string]any); ok { + jsonMap = asMap + } + } + + return jsonMap, validationErrors +} + +func applyEncodingRules(data any, encoding *v3.Encoding, schema *base.Schema) (any, error) { + style := "form" + explode := true + contentType := "" + + if encoding != nil { + contentType = encoding.ContentType + + if encoding.Style != "" { + style = encoding.Style + contentType = "" + } + + if encoding.AllowReserved { + contentType = "" + } + + if encoding.Explode != nil { + explode = *encoding.Explode + contentType = "" + } else if style != "form" { + explode = false + } + } + + if contentType != "" && !IsURLEncodedContentType(contentType) && !strings.Contains(contentType, "text/plain") { + if strVal, ok := data.(string); ok { + if strings.Contains(contentType, helpers.JSONContentType) { + var parsed any + if err := json.Unmarshal([]byte(strVal), &parsed); err == nil { + return parsed, nil + } + return nil, fmt.Errorf("value matches content-type '%s' but could not be parsed", contentType) + } + } + } + + if isArraySchema(schema) { + if strVal, ok := data.(string); ok { + if !explode { + switch style { + case helpers.Form: + return strings.Split(strVal, ","), nil + case helpers.SpaceDelimited: + return strings.Split(strVal, " "), nil + case helpers.PipeDelimited: + return strings.Split(strVal, "|"), nil + } + } + } + } + + if style == helpers.DeepObject { + if _, ok := data.(map[string]any); !ok { + return data, nil + } + } + + return data, nil +} + +func unflattenValues(values url.Values) map[string]any { + result := make(map[string]any) + + for k, v := range values { + if strings.Contains(k, "[") { + buildDeepMap(result, k, v) + } else { + if len(v) == 1 { + result[k] = v[0] + } else { + result[k] = v + } + } + } + return result +} + +func buildDeepMap(root map[string]any, key string, value []string) { + parts := strings.FieldsFunc(key, func(r rune) bool { + return r == '[' || r == ']' + }) + + current := root + for i, part := range parts { + isLeaf := i == len(parts)-1 + + if isLeaf { + if len(value) == 1 { + current[part] = value[0] + } else { + current[part] = value + } + } else { + if _, ok := current[part]; !ok { + current[part] = make(map[string]any) + } + if nextMap, ok := current[part].(map[string]any); ok { + current = nextMap + } else { + return + } + } + } +} + +func validateEncodingRecursive(path string, val any, allowReserved bool, errs *[]*errors.ValidationError, schema *base.Schema) { + if allowReserved { + return + } + + switch v := val.(type) { + case string: + if rxReserved.MatchString(v) { + *errs = append(*errs, errors.ReservedURLEncodedValue(schema, path, v)) + } + case []any: + for i, item := range v { + validateEncodingRecursive(fmt.Sprintf("%s[%d]", path, i), item, allowReserved, errs, schema) + } + case map[string]any: + for k, item := range v { + validateEncodingRecursive(fmt.Sprintf("%s[%s]", path, k), item, allowReserved, errs, schema) + } + case []string: + for i, item := range v { + if rxReserved.MatchString(item) { + *errs = append(*errs, errors.ReservedURLEncodedValue(schema, fmt.Sprintf("%s[%d]", path, i), item)) + } + } + } +} + +func coerceValue(data any, schema *base.Schema) any { + if schema == nil { + return data + } + + targetTypes := []string{} + if len(schema.Type) > 0 { + targetTypes = append(targetTypes, schema.Type...) + } + + extractTypes := func(proxies []*base.SchemaProxy) { + for _, proxy := range proxies { + sch := proxy.Schema() + if len(sch.Type) > 0 { + targetTypes = append(targetTypes, sch.Type...) + } + } + } + extractTypes(schema.AllOf) + extractTypes(schema.OneOf) + extractTypes(schema.AnyOf) + + if len(targetTypes) == 0 { + return data + } + + for _, t := range targetTypes { + converted, ok := tryConvert(data, t, schema) + if ok { + return converted + } + } + return data +} + +func tryConvert(data any, targetType string, schema *base.Schema) (any, bool) { + var strVal string + var isString bool + + switch v := data.(type) { + case string: + strVal = v + isString = true + case []string: + if len(v) > 0 { + strVal = v[0] + isString = true + } + } + + switch targetType { + case helpers.Integer: + if !isString || strVal == "" { + return nil, false + } + i, err := strconv.ParseInt(strVal, 10, 64) + if err == nil { + return i, true + } + + case helpers.Number: + if !isString || strVal == "" { + return nil, false + } + f, err := strconv.ParseFloat(strVal, 64) + if err == nil { + return f, true + } + + case helpers.Boolean: + if !isString { + return nil, false + } + b, err := strconv.ParseBool(strVal) + if err == nil { + return b, true + } + + case helpers.String: + if isString { + return strVal, true + } + return fmt.Sprintf("%v", data), true + + case helpers.Array: + var arr []any + itemSchema := getSchemaItem(schema) + + if vSlice, ok := data.([]any); ok { + for _, s := range vSlice { + arr = append(arr, coerceValue(s, itemSchema)) + } + return arr, true + } + + if vStringSlice, ok := data.([]string); ok { + for _, s := range vStringSlice { + arr = append(arr, coerceValue(s, itemSchema)) + } + return arr, true + } + + if vMap, ok := data.(map[string]any); ok { + keys := make([]int, 0, len(vMap)) + mapIsArray := true + for k := range vMap { + idx, err := strconv.Atoi(k) + if err != nil { + mapIsArray = false + break + } + keys = append(keys, idx) + } + if mapIsArray { + sort.Ints(keys) + for _, k := range keys { + val := vMap[strconv.Itoa(k)] + arr = append(arr, coerceValue(val, itemSchema)) + } + return arr, true + } + } + + if isString { + arr = append(arr, coerceValue(strVal, itemSchema)) + return arr, true + } + + case helpers.Object: + if m, ok := data.(map[string]any); ok { + newMap := make(map[string]any) + for k, v := range m { + newMap[k] = v + } + if schema.Properties != nil { + for pair := orderedmap.First(schema.Properties); pair != nil; pair = pair.Next() { + propName := pair.Key() + if val, exists := newMap[propName]; exists { + newMap[propName] = coerceValue(val, pair.Value().Schema()) + } + } + } + return newMap, true + } + } + + return nil, false +} + +func isArraySchema(schema *base.Schema) bool { + if schema == nil { + return false + } + + return slices.Contains(schema.Type, helpers.Array) +} + +func getSchemaItem(schema *base.Schema) *base.Schema { + if schema.Items != nil && schema.Items.IsA() { + return schema.Items.A.Schema() + } + return nil +} + +func (v *urlEncodedValidator) validateURLEncodedWithVersion(schema *base.Schema, encoding *orderedmap.Map[string, *v3.Encoding], bodyString string, log *slog.Logger, version float32) (bool, []*errors.ValidationError) { + if schema == nil { + log.Info("schema is empty and cannot be validated") + return false, nil + } + + transformedJSON, prevalidationErrors := TransformURLEncodedToSchemaJSON(bodyString, schema, encoding) + if len(prevalidationErrors) > 0 { + return false, prevalidationErrors + } + + return v.schemaValidator.validateSchemaWithVersion(schema, nil, transformedJSON, log, version) +} + +func IsURLEncodedContentType(mediaType string) bool { + mt := strings.ToLower(strings.TrimSpace(mediaType)) + return strings.HasPrefix(mt, helpers.URLEncodedContentType) +} diff --git a/schema_validation/validate_urlencoded_test.go b/schema_validation/validate_urlencoded_test.go new file mode 100644 index 00000000..4fb928ca --- /dev/null +++ b/schema_validation/validate_urlencoded_test.go @@ -0,0 +1,497 @@ +package schema_validation + +import ( + "testing" + + "github.com/pb33f/libopenapi" + derrors "github.com/pb33f/libopenapi-validator/errors" + "github.com/pb33f/libopenapi-validator/helpers" + "github.com/pb33f/libopenapi/datamodel/high/base" + v3 "github.com/pb33f/libopenapi/datamodel/high/v3" + "github.com/pb33f/libopenapi/orderedmap" + "github.com/stretchr/testify/assert" +) + +func TestIsURLEncodedContentType(t *testing.T) { + tests := []struct { + input string + expected bool + }{ + {"application/x-www-form-urlencoded", true}, + {"APPLICATION/X-WWW-FORM-URLENCODED", true}, + {"application/x-www-form-urlencoded; charset=utf-8", true}, + {"application/json", false}, + {"", false}, + } + + for _, tt := range tests { + assert.Equal(t, tt.expected, IsURLEncodedContentType(tt.input)) + } +} + +func TestUnflattenValues(t *testing.T) { + vals := map[string][]string{ + "simple": {"val"}, + "arr[]": {"1", "2"}, + "obj[prop]": {"v1"}, + "deep[a][b]": {"v2"}, + "double": {"1", "2"}, + } + + result := unflattenValues(vals) + + assert.Equal(t, "val", result["simple"]) + assert.Equal(t, []string{"1", "2"}, result["arr"]) + assert.Equal(t, []string{"1", "2"}, result["double"]) + + obj, ok := result["obj"].(map[string]any) + assert.True(t, ok) + assert.Equal(t, "v1", obj["prop"]) + + deep, ok := result["deep"].(map[string]any) + assert.True(t, ok) + inner, ok := deep["a"].(map[string]any) + assert.True(t, ok) + assert.Equal(t, "v2", inner["b"]) +} + +func TestBuildDeepMap_BranchCoverage(t *testing.T) { + root := make(map[string]any) + + root["collision"] = "string_value" + + buildDeepMap(root, "collision[sub]", []string{"val"}) + + assert.Equal(t, "string_value", root["collision"]) + + root2 := make(map[string]any) + buildDeepMap(root2, "arr[key]", []string{"a", "b"}) + + inner := root2["arr"].(map[string]any) + assert.Equal(t, []string{"a", "b"}, inner["key"]) +} + +func TestTransformURLEncodedToSchemaJSON(t *testing.T) { + t.Run("Malformed URL Encoding", func(t *testing.T) { + res, errs := TransformURLEncodedToSchemaJSON("bad_encoding=%zz", nil, nil) + assert.Nil(t, res) + assert.Len(t, errs, 1) + assert.Equal(t, helpers.URLEncodedValidation, errs[0].ValidationType) + }) + + t.Run("Schema is Nil", func(t *testing.T) { + res, errs := TransformURLEncodedToSchemaJSON("foo=bar", nil, nil) + assert.Empty(t, errs) + assert.Equal(t, "bar", res["foo"]) + }) + + t.Run("Apply Encoding Rules & Reserved Characters", func(t *testing.T) { + props := orderedmap.New[string, *base.SchemaProxy]() + props.Set("jsonField", base.CreateSchemaProxy(&base.Schema{Type: []string{helpers.Object}})) + props.Set("restricted", base.CreateSchemaProxy(&base.Schema{Type: []string{helpers.String}})) + + schema := &base.Schema{Properties: props} + + encodings := orderedmap.New[string, *v3.Encoding]() + encodings.Set("jsonField", &v3.Encoding{ContentType: helpers.JSONContentType}) + encodings.Set("restricted", &v3.Encoding{AllowReserved: false}) + + body := `jsonField={"id":1}&restricted=badvalue!` + + res, errs := TransformURLEncodedToSchemaJSON(body, schema, encodings) + + assert.IsType(t, map[string]any{}, res["jsonField"]) + + assert.Len(t, errs, 1) + assert.Contains(t, errs[0].Message, "contains reserved characters") + }) + + t.Run("Encoding Error (Invalid JSON content type)", func(t *testing.T) { + props := orderedmap.New[string, *base.SchemaProxy]() + props.Set("badJson", base.CreateSchemaProxy(&base.Schema{})) + schema := &base.Schema{Properties: props} + + encodings := orderedmap.New[string, *v3.Encoding]() + encodings.Set("badJson", &v3.Encoding{ContentType: helpers.JSONContentType}) + + res, errs := TransformURLEncodedToSchemaJSON(`badJson={invalid`, schema, encodings) + assert.Len(t, errs, 1) + + assert.Equal(t, helpers.URLEncodedValidation, errs[0].ValidationType) + + assert.Equal(t, "{invalid", res["badJson"]) + }) + + t.Run("Coercion triggered", func(t *testing.T) { + props := orderedmap.New[string, *base.SchemaProxy]() + props.Set("num", base.CreateSchemaProxy(&base.Schema{Type: []string{helpers.Integer}})) + schema := &base.Schema{Properties: props, Type: []string{helpers.Object}} + + res, errs := TransformURLEncodedToSchemaJSON("num=123", schema, nil) + assert.Empty(t, errs) + assert.Equal(t, int64(123), res["num"]) + }) +} + +func TestApplyEncodingRules(t *testing.T) { + boolPtr := func(b bool) *bool { return &b } + + t.Run("DeepObject Style", func(t *testing.T) { + enc := &v3.Encoding{Style: "deepObject"} + + res, _ := applyEncodingRules("not-map", enc, nil) + assert.Equal(t, "not-map", res) + + m := map[string]any{"k": "v"} + res2, _ := applyEncodingRules(m, enc, nil) + assert.Equal(t, m, res2) + }) + + t.Run("Array Delimiters", func(t *testing.T) { + schema := &base.Schema{Type: []string{helpers.Array}} + + encSpace := &v3.Encoding{Style: "spaceDelimited"} + res, _ := applyEncodingRules("a b c", encSpace, schema) + assert.Equal(t, []string{"a", "b", "c"}, res) + + encPipe := &v3.Encoding{Style: "pipeDelimited"} + res, _ = applyEncodingRules("a|b|c", encPipe, schema) + assert.Equal(t, []string{"a", "b", "c"}, res) + + encForm := &v3.Encoding{Style: "form", Explode: boolPtr(false)} + res, _ = applyEncodingRules("a,b,c", encForm, schema) + assert.Equal(t, []string{"a", "b", "c"}, res) + }) +} + +func TestValidateEncodingRecursive(t *testing.T) { + var errs []*derrors.ValidationError + + validateEncodingRecursive("p", "val!", true, &errs, nil) + assert.Empty(t, errs) + + validateEncodingRecursive("p", "val!", false, &errs, nil) + assert.Len(t, errs, 1) + + errs = nil + validateEncodingRecursive("arr", []any{"ok", "bad!"}, false, &errs, nil) + assert.Len(t, errs, 1) + + errs = nil + validateEncodingRecursive("map", map[string]any{"k": "bad!"}, false, &errs, nil) + assert.Len(t, errs, 1) + + errs = nil + validateEncodingRecursive("s_arr", []string{"ok", "bad!"}, false, &errs, nil) + assert.Len(t, errs, 1) +} + +func TestCoerceValue(t *testing.T) { + schemaInt := &base.Schema{Type: []string{helpers.Integer}} + schemaNum := &base.Schema{Type: []string{helpers.Number}} + schemaBool := &base.Schema{Type: []string{helpers.Boolean}} + schemaStr := &base.Schema{Type: []string{helpers.String}} + + t.Run("Complex Schema Aggregation (AllOf)", func(t *testing.T) { + s := &base.Schema{ + AllOf: []*base.SchemaProxy{ + base.CreateSchemaProxy(schemaInt), + }, + } + res := coerceValue("123", s) + assert.Equal(t, int64(123), res) + }) + + t.Run("No Target Types", func(t *testing.T) { + res := coerceValue("val", &base.Schema{}) + assert.Equal(t, "val", res) + res = coerceValue("newVal", nil) + assert.Equal(t, "newVal", res) + }) + + t.Run("String Slice input (take first)", func(t *testing.T) { + res := coerceValue([]string{"123"}, schemaInt) + assert.Equal(t, int64(123), res) + }) + + t.Run("Integer Conversions", func(t *testing.T) { + assert.Equal(t, "abc", coerceValue("abc", schemaInt)) + assert.Equal(t, "", coerceValue("", schemaInt)) + assert.Equal(t, 123, coerceValue(123, schemaInt)) + assert.Equal(t, int64(123), coerceValue("123", schemaInt)) + }) + + t.Run("Number Conversions", func(t *testing.T) { + assert.Equal(t, 12.34, coerceValue("12.34", schemaNum)) + assert.Equal(t, "abc", coerceValue("abc", schemaNum)) + assert.Equal(t, 13.2, coerceValue(13.2, schemaNum)) + assert.Equal(t, 5, coerceValue(5, nil)) + }) + + t.Run("Boolean Conversions", func(t *testing.T) { + assert.Equal(t, true, coerceValue("true", schemaBool)) + assert.Equal(t, 123, coerceValue(123, schemaBool)) + }) + + t.Run("String Conversions", func(t *testing.T) { + assert.Equal(t, "val", coerceValue("val", schemaStr)) + assert.Equal(t, "123", coerceValue(123, schemaStr)) + }) + + t.Run("Array Conversions", func(t *testing.T) { + arrSchema := &base.Schema{ + Type: []string{helpers.Array}, + Items: &base.DynamicValue[*base.SchemaProxy, bool]{A: base.CreateSchemaProxy(&base.Schema{ + Type: []string{helpers.Integer}, + })}, + } + + noItem := coerceValue("a", &base.Schema{ + Type: []string{helpers.Array}, + }) + assert.Equal(t, []any{"a"}, noItem) + + res1 := coerceValue([]any{"1", "2"}, arrSchema) + assert.Equal(t, []any{int64(1), int64(2)}, res1) + + res2 := coerceValue([]string{"1", "2"}, arrSchema) + assert.Equal(t, []any{int64(1), int64(2)}, res2) + + mapInput := map[string]any{"1": "20", "0": "10"} + res3 := coerceValue(mapInput, arrSchema) + assert.IsType(t, []any{}, res3) + sliceRes := res3.([]any) + assert.Equal(t, int64(10), sliceRes[0]) + assert.Equal(t, int64(20), sliceRes[1]) + + mapBad := map[string]any{"foo": "bar"} + res4 := coerceValue(mapBad, arrSchema) + assert.Equal(t, mapBad, res4) + + res5 := coerceValue("10", arrSchema) + assert.Equal(t, []any{int64(10)}, res5) + }) + + t.Run("Object Conversions", func(t *testing.T) { + objSchema := &base.Schema{ + Type: []string{helpers.Object}, + Properties: orderedmap.New[string, *base.SchemaProxy](), + } + objSchema.Properties.Set("num", base.CreateSchemaProxy(schemaInt)) + + input := map[string]any{"num": "55", "other": "val"} + + res := coerceValue(input, objSchema) + resMap, ok := res.(map[string]any) + assert.True(t, ok) + assert.Equal(t, int64(55), resMap["num"]) + assert.Equal(t, "val", resMap["other"]) + }) +} + +func TestIsArraySchema(t *testing.T) { + assert.False(t, isArraySchema(nil)) + assert.False(t, isArraySchema(&base.Schema{Type: []string{"string"}})) + assert.True(t, isArraySchema(&base.Schema{Type: []string{"array"}})) +} + +func TestComplexBodies(t *testing.T) { + spec := `{ + "openapi": "3.1.0", + "paths": { + "/posts": { + "put": { + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "encoding": { + "payload": { + "contentType": "application/json" + }, + "title": { + "allowReserved": true + }, + "pipeArr": { + "style": "pipeDelimited" + }, + "spaceArr": { + "style": "spaceDelimited" + }, + "unexplodedArr": { + "explode": false + } + }, + "schema": { + "additionalProperties": false, + "properties": { + "content": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": {"oneOf": [ + { + "type": ["boolean"] + }, + { + "type": ["integer"] + }]} + } + } + }, + "bool": { + "type": ["boolean"], + "enum": [false] + }, + "reserved": { + "type": ["string"] + }, + "title": { + "type": ["string"] + }, + "pipeArr": { + "type": "array", + "items": {"type": "integer"} + }, + "spaceArr": { + "type": "array", + "items": {"type": "integer"} + }, + "unexplodedArr": { + "type": "array", + "items": {"type": "integer"} + }, + "payload": { + "type": "object", + "additionalProperties": false, + "properties": { + "hey": { + "type": "array", + "items": { + "type": "boolean" + } + } + } + } + }, + "required": ["title", "bool"], + "type": "object" + } + } + }, + "required": true + } + } + } + } +} +` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + contentSchema := v3Doc.Model.Paths.PathItems.GetOrZero("/posts").Put.RequestBody.Content.GetOrZero("application/x-www-form-urlencoded") + schema := contentSchema.Schema.Schema() + encoding := contentSchema.Encoding + + v := NewURLEncodedValidator() + + valid, errs := v.ValidateURLEncodedString(schema, encoding, "bool=false&title=test&content[0][name]=true") + assert.True(t, valid) + assert.Len(t, errs, 0) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, "bool=false&title=test&content[0][name]=4") + assert.True(t, valid) + assert.Len(t, errs, 0) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, "bool=false&title=test&content[0][name]=4.4") + assert.False(t, valid) + assert.Len(t, errs, 1) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, "bool=true&title=test&content[0][name]=true") + assert.False(t, valid) + assert.Len(t, errs, 1) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, "bool=false&content[0][name]=true") + assert.False(t, valid) + assert.Len(t, errs, 1) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, "bool=false&title") + assert.True(t, valid) + assert.Len(t, errs, 0) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, `bool=false&title&payload={"hey": [true, false]}`) + assert.True(t, valid) + assert.Len(t, errs, 0) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, `bool=false&title&payload={"hey": [2], "adittional": false}`) + assert.False(t, valid) + assert.Len(t, errs, 1) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, `bool=false&title=do not use #`) + assert.True(t, valid) + assert.Len(t, errs, 0) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, `bool=false&title&reserved=do not use #`) + assert.False(t, valid) + assert.Len(t, errs, 1) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, `bool=false&title&pipeArr=1|2|3`) + assert.True(t, valid) + assert.Len(t, errs, 0) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, `bool=false&title&spaceArr=1 2 3`) + assert.True(t, valid) + assert.Len(t, errs, 0) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, `bool=false&title&spaceArr=1%202%203`) + assert.True(t, valid) + assert.Len(t, errs, 0) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, `bool=false&title&unexplodedArr=1,2,3`) + assert.True(t, valid) + assert.Len(t, errs, 0) +} + +func TestValidateURLEncoded(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /collection: + get: + responses: + '200': + content: + application/x-www-form-urlencoded: + schema: + type: object` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + contentSchema := v3Doc.Model.Paths.PathItems.GetOrZero("/collection").Get.Responses.Codes.GetOrZero("200").Content.GetOrZero("application/x-www-form-urlencoded") + schema := contentSchema.Schema.Schema() + encoding := contentSchema.Encoding + + v := NewURLEncodedValidator() + + valid, errs := v.ValidateURLEncodedStringWithVersion(schema, encoding, "a=1", 3.1) + assert.True(t, valid) + assert.Empty(t, errs) + + valid, _ = v.ValidateURLEncodedStringWithVersion(nil, nil, "a=1", 3.1) + assert.False(t, valid) + + valid, errs = v.ValidateURLEncodedString(schema, encoding, "a=1") + assert.True(t, valid) + assert.Empty(t, errs) + + valid, _ = v.ValidateURLEncodedString(nil, nil, "a=1") + assert.False(t, valid) +} diff --git a/schema_validation/validate_xml.go b/schema_validation/validate_xml.go new file mode 100644 index 00000000..19eaa7da --- /dev/null +++ b/schema_validation/validate_xml.go @@ -0,0 +1,365 @@ +// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// SPDX-License-Identifier: MIT +package schema_validation + +import ( + "encoding/json" + "fmt" + "log/slog" + "strconv" + "strings" + + "github.com/pb33f/libopenapi/datamodel/high/base" + + xj "github.com/basgys/goxml2json" + + liberrors "github.com/pb33f/libopenapi-validator/errors" + "github.com/pb33f/libopenapi-validator/helpers" +) + +func (x *xmlValidator) validateXMLWithVersion(schema *base.Schema, xmlString string, log *slog.Logger, version float32) (bool, []*liberrors.ValidationError) { + if schema == nil { + log.Info("schema is empty and cannot be validated") + return false, nil + } + + // parse xml and transform to json structure matching schema + transformedJSON, prevalidationErrors := TransformXMLToSchemaJSON(xmlString, schema) + if len(prevalidationErrors) > 0 { + return false, prevalidationErrors + } + + // validate transformed json against schema using existing validator + return x.schemaValidator.validateSchemaWithVersion(schema, nil, transformedJSON, log, version) +} + +// TransformXMLToSchemaJSON converts xml to json structure matching openapi schema. +// applies xml object transformations: name, attribute, wrapped. +func TransformXMLToSchemaJSON(xmlString string, schema *base.Schema) (any, []*liberrors.ValidationError) { + if xmlString == "" { + return nil, []*liberrors.ValidationError{liberrors.InvalidXMLParsing("empty xml content", xmlString)} + } + + // parse xml using goxml2json. we convert types manually + jsonBuf, err := xj.Convert(strings.NewReader(xmlString)) + if err != nil { + return nil, []*liberrors.ValidationError{liberrors.InvalidXMLParsing(fmt.Sprintf("malformed xml: %s", err.Error()), xmlString)} + } + + jsonBytes := jsonBuf.Bytes() + + // the smallest valid XML possible "" generates a 10 bytes buffer. + // any other invalid XML generates a smaller buffer + if len(jsonBytes) < 10 { + return nil, []*liberrors.ValidationError{liberrors.InvalidXMLParsing("malformed xml", xmlString)} + } + + var rawJSON any + if err := json.Unmarshal(jsonBytes, &rawJSON); err != nil { + return nil, []*liberrors.ValidationError{liberrors.InvalidXMLParsing(fmt.Sprintf("failed to decode converted xml to json: %s", err.Error()), xmlString)} + } + + xmlNsMap := make(map[string]string, 2) + + // apply openapi xml object transformations + return applyXMLTransformations(rawJSON, schema, &xmlNsMap) +} + +func validateXmlNs(dataMap *map[string]any, schema *base.Schema, propName string, xmlNsMap *map[string]string) []*liberrors.ValidationError { + var validationErrors []*liberrors.ValidationError + + if dataMap == nil || schema == nil || xmlNsMap == nil { + return validationErrors + } + + if propName != "" { + if val, exists := (*dataMap)[propName]; exists { + if converted, ok := val.(map[string]any); ok { + dataMap = &converted + } + } + } + + if schema.XML.Prefix != "" { + attrKey := "-" + schema.XML.Prefix + + val, exists := (*dataMap)[attrKey] + + if exists { + if ns, ok := val.(string); ok { + (*xmlNsMap)[schema.XML.Prefix] = ns + (*xmlNsMap)[ns] = schema.XML.Prefix + + if schema.XML.Namespace != "" && schema.XML.Namespace != ns { + validationErrors = append(validationErrors, + liberrors.InvalidNamespace(schema, ns, schema.XML.Namespace, schema.XML.Prefix)) + } + } + + delete((*dataMap), attrKey) + } else { + validationErrors = append(validationErrors, liberrors.MissingPrefix(schema, schema.XML.Prefix)) + } + } + + if schema.XML.Namespace != "" { + _, exists := (*xmlNsMap)[schema.XML.Namespace] + + if !exists { + validationErrors = append(validationErrors, liberrors.MissingNamespace(schema, schema.XML.Namespace)) + } + } + + return validationErrors +} + +func convertBasedOnSchema(propName, xmlName string, propValue any, schema *base.Schema, xmlNsMap *map[string]string) (any, []*liberrors.ValidationError) { + var xmlNsErrors []*liberrors.ValidationError + + types := schema.Type + + extractTypes := func(proxies []*base.SchemaProxy) { + for _, proxy := range proxies { + sch := proxy.Schema() + if len(sch.Type) > 0 { + types = append(types, sch.Type...) + } + } + } + + extractTypes(schema.AllOf) + extractTypes(schema.OneOf) + extractTypes(schema.AnyOf) + + convertedValue := propValue + +typesLoop: + for _, pType := range types { + // because in XML everything is a string, we try to convert the value to the + // actual expected type, so the normal schema validation should pass with correct types + switch pType { + case helpers.Integer: + textValue, isString := propValue.(string) + + if isString { + converted, err := strconv.ParseInt(textValue, 10, 64) + + if err == nil { + convertedValue = converted + break typesLoop + } + } + case helpers.Number: + textValue, isString := propValue.(string) + + if isString { + converted, err := strconv.ParseFloat(textValue, 64) + if err == nil { + convertedValue = converted + break typesLoop + } + } + + case helpers.Boolean: + textValue, isString := propValue.(string) + + if isString { + converted, err := strconv.ParseBool(textValue) + if err == nil { + convertedValue = converted + break typesLoop + } + } + + case helpers.Array: + convertedValue = propValue + + if schema.XML != nil && schema.XML.Wrapped { + convertedValue = unwrapArrayElement(propValue, propName, schema) + } + + if schema.Items != nil && schema.Items.A != nil { + itemSchema := schema.Items.A.Schema() + + arr, isArr := convertedValue.([]any) + + if !isArr { + arr = []any{ + convertedValue, + } + } + + for index, item := range arr { + converted, errs := convertBasedOnSchema(propName, xmlName, item, itemSchema, xmlNsMap) + + if len(errs) > 0 { + xmlNsErrors = append(xmlNsErrors, errs...) + } + + arr[index] = converted + } + + convertedValue = arr + break typesLoop + } + case helpers.Object: + objectValue, isObject := propValue.(map[string]any) + + if isObject { + newValue, xmlErrors := applyXMLTransformations(objectValue, schema, xmlNsMap) + + if len(xmlErrors) > 0 { + xmlNsErrors = append(xmlNsErrors, xmlErrors...) + continue typesLoop + } + + convertedValue = newValue + break typesLoop + } + } + } + + return convertedValue, xmlNsErrors +} + +// applyXMLTransformations applies openapi xml object rules to match json schema. +// handles xml.name (root unwrapping), xml.attribute (dash prefix), xml.wrapped (array unwrapping), +// xml.prefix (check existance), xml.namespace (check if exists and match). +// we delete all attributes, prefixes, and namespaces found in the data interface; therefore, undeclared items +// are sent in the body for validation, so that 'additionalProperties: false' can detect it. +func applyXMLTransformations(data any, schema *base.Schema, xmlNsMap *map[string]string) (any, []*liberrors.ValidationError) { + if schema == nil || data == nil || xmlNsMap == nil { + return data, nil + } + + // unwrap root element if xml.name is set on schema + if schema.XML != nil && schema.XML.Name != "" { + if dataMap, ok := data.(map[string]any); ok { + if wrapped, exists := dataMap[schema.XML.Name]; exists { + data = wrapped + } + } + } + + var xmlNsErrors []*liberrors.ValidationError + + // transform properties based on their xml configurations + if dataMap, ok := data.(map[string]any); ok { + if schema.Properties == nil || schema.Properties.Len() == 0 { + if schema.XML != nil && (schema.XML.Prefix != "" || schema.XML.Namespace != "") { + namespaceErrors := validateXmlNs(&dataMap, schema, "", xmlNsMap) + + if len(namespaceErrors) > 0 { + xmlNsErrors = append(xmlNsErrors, namespaceErrors...) + } else { + if content, has := dataMap["#content"]; has { + if stringContent, ok := content.(string); ok { + data = stringContent + } + } + } + } + + return data, xmlNsErrors + } + + for pair := schema.Properties.First(); pair != nil; pair = pair.Next() { + propName := pair.Key() + propSchemaProxy := pair.Value() + propSchema := propSchemaProxy.Schema() + if propSchema == nil { + continue + } + + xmlName := propName + + if propSchema.XML != nil { + // determine xml element name (defaults to property name) + if propSchema.XML.Name != "" { + xmlName = propSchema.XML.Name + } + } + + if propSchema.XML != nil { + namespaceErrors := validateXmlNs(&dataMap, propSchema, xmlName, xmlNsMap) + + if len(namespaceErrors) > 0 { + xmlNsErrors = append(xmlNsErrors, namespaceErrors...) + } + + // handle xml.attribute: true - attributes are prefixed with dash + if propSchema.XML.Attribute { + attrKey := "-" + xmlName + if val, exists := dataMap[attrKey]; exists { + // If the value is an attribute, it cannot have a namespace + convertedValue, _ := convertBasedOnSchema(propName, xmlName, val, propSchema, xmlNsMap) + dataMap[propName] = convertedValue + delete(dataMap, attrKey) + continue + } + } + } + + // handle regular elements + if val, exists := dataMap[xmlName]; exists { + if mapObject, ok := val.(map[string]any); ok { + if content, has := mapObject["#content"]; has { + if stringContent, ok := content.(string); ok { + val = stringContent + } + } + } + + convertedValue, nsErrors := convertBasedOnSchema(propName, xmlName, val, propSchema, xmlNsMap) + + if len(nsErrors) > 0 { + xmlNsErrors = append(xmlNsErrors, nsErrors...) + } + + dataMap[propName] = convertedValue + + if propName != xmlName { + delete(dataMap, xmlName) + } + } + } + } + + return data, xmlNsErrors +} + +// unwrapArrayElement removes wrapping element from xml arrays when xml.wrapped is true. +// example: {"items": {"item": [...]}} becomes [...] +func unwrapArrayElement(val any, itemName string, propSchema *base.Schema) any { + wrapMap, ok := val.(map[string]any) + if !ok { + return val + } + + if propSchema.XML.Name != "" { + itemName = propSchema.XML.Name + } + + // determine item element name + if propSchema.Items != nil && propSchema.Items.A != nil { + itemSchema := propSchema.Items.A.Schema() + if itemSchema != nil && itemSchema.XML != nil && itemSchema.XML.Name != "" { + itemName = itemSchema.XML.Name + } + } + + // unwrap: look for item element inside wrapper + if unwrapped, exists := wrapMap[itemName]; exists { + return unwrapped + } + + return val +} + +// IsXMLContentType checks if a media type string represents xml content. +func IsXMLContentType(mediaType string) bool { + mt := strings.ToLower(strings.TrimSpace(mediaType)) + return strings.HasPrefix(mt, "application/xml") || + strings.HasPrefix(mt, "text/xml") || + strings.HasSuffix(mt, "+xml") +} diff --git a/schema_validation/validate_xml_test.go b/schema_validation/validate_xml_test.go new file mode 100644 index 00000000..1b6292f5 --- /dev/null +++ b/schema_validation/validate_xml_test.go @@ -0,0 +1,1254 @@ +// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// SPDX-License-Identifier: MIT +package schema_validation + +import ( + "testing" + + "github.com/pb33f/libopenapi" + "github.com/pb33f/libopenapi-validator/helpers" + "github.com/pb33f/libopenapi/datamodel/high/base" + "github.com/pb33f/libopenapi/orderedmap" + "github.com/stretchr/testify/assert" +) + +func TestValidateXML_Issue346_BasicXMLWithName(t *testing.T) { + spec := `openapi: 3.0.0 +info: + title: Test + version: 1.0.0 +paths: + /pet: + get: + responses: + '200': + description: success + content: + application/xml: + schema: + type: object + properties: + nice: + type: string + xml: + name: Cat + example: "true"` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/pet").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + valid, validationErrors := validator.ValidateXMLString(schema, "true") + + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_MalformedXML(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /pet: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + xml: + name: Cat` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/pet").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // empty xml should fail + valid, validationErrors := validator.ValidateXMLString(schema, "") + + assert.False(t, valid) + assert.NotEmpty(t, validationErrors) + assert.Contains(t, validationErrors[0].Reason, "empty xml") +} + +func TestValidateXML_WithAttributes(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /pet: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + id: + type: integer + xml: + attribute: true + name: + type: string + xml: + name: Cat` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/pet").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + valid, validationErrors := validator.ValidateXMLString(schema, `Fluffy`) + + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_TypeValidation(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /pet: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + age: + type: integer + xml: + name: Cat` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/pet").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // valid integer + valid, validationErrors := validator.ValidateXMLString(schema, "5") + assert.True(t, valid) + assert.Len(t, validationErrors, 0) + + // invalid - string instead of integer + valid, validationErrors = validator.ValidateXMLString(schema, "not-a-number") + assert.False(t, valid) + assert.NotEmpty(t, validationErrors) +} + +func TestValidateXML_WrappedArray(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /pets: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + pets: + type: array + xml: + wrapped: true + items: + type: object + properties: + name: + type: string + age: + type: integer + xml: + name: pet + xml: + name: Pets` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/pets").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // valid wrapped array + validXML := `Fluffy3Spot5` + valid, validationErrors := validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) + + // invalid - wrong type in array item + invalidXML := `Fluffynot-a-number` + valid, validationErrors = validator.ValidateXMLString(schema, invalidXML) + assert.False(t, valid) + assert.NotEmpty(t, validationErrors) +} + +func TestValidateXML_MultiplePropertiesWithCustomNames(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /user: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + userId: + type: integer + xml: + name: id + userName: + type: string + xml: + name: username + userEmail: + type: string + xml: + name: email + xml: + name: User` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/user").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // valid xml with custom element names + validXML := `42johndoejohn@example.com` + valid, validationErrors := validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_MixedAttributesAndElements(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /book: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + id: + type: integer + xml: + attribute: true + isbn: + type: string + xml: + attribute: true + title: + type: string + author: + type: string + price: + type: number + xml: + name: Book` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/book").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // valid xml with both attributes and elements + validXML := `Go ProgrammingJohn Doe29.99` + valid, validationErrors := validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_NestedObjects(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /order: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + orderId: + type: integer + customer: + type: object + properties: + name: + type: string + address: + type: object + properties: + street: + type: string + city: + type: string + xml: + name: Order` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/order").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // valid nested xml + validXML := `123Jane Doe
123 Main StSpringfield
` + valid, validationErrors := validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_TypeCoercion(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /data: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + intValue: + type: integer + floatValue: + type: number + stringValue: + type: string + boolValue: + type: string + xml: + name: Data` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/data").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // goxml2json should coerce numeric strings to numbers + validXML := `423.14hellotrue` + valid, validationErrors := validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_SchemaViolations(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /product: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + required: + - productId + - name + properties: + productId: + type: integer + name: + type: string + description: + type: string + xml: + name: Product` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/product").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // missing required property 'name' + invalidXML := `123` + valid, validationErrors := validator.ValidateXMLString(schema, invalidXML) + assert.False(t, valid) + assert.NotEmpty(t, validationErrors) + + // valid - all required properties present + validXML := `123Widget` + valid, validationErrors = validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) + + // valid with optional property + validXML = `123WidgetA useful widget` + valid, validationErrors = validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_ComplexRealWorld_SOAP(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /api: + post: + responses: + '200': + content: + application/soap+xml: + schema: + type: object + properties: + status: + type: string + requestId: + type: string + xml: + attribute: true + timestamp: + type: integer + data: + type: object + properties: + value: + type: string + xml: + name: Response` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/api").Post.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/soap+xml").Schema.Schema() + + validator := NewXMLValidator() + + // valid soap-like xml + validXML := `success1699372800result` + valid, validationErrors := validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_EmptyAndWhitespace(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /test: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + value: + type: string + xml: + name: Test` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/test").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // valid xml with whitespace + validXML := ` + hello + ` + valid, validationErrors := validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) + + // valid xml with empty element + validXML = `` + valid, validationErrors = validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_WithNamespace(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /message: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + subject: + type: string + body: + type: string + xml: + name: Message` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/message").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // valid xml with namespace (goxml2json strips namespace prefixes) + validXML := `HelloWorld` + valid, validationErrors := validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_PropertyMismatch(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /config: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + required: + - enabled + - maxRetries + properties: + enabled: + type: boolean + maxRetries: + type: integer + xml: + name: Config` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/config").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // xml has wrong element names (should be 'enabled' and 'maxRetries') + // this should fail because required properties are missing + invalidXML := `true5` + valid, validationErrors := validator.ValidateXMLString(schema, invalidXML) + assert.False(t, valid) + assert.NotEmpty(t, validationErrors) +} + +func TestValidateXML_AttributeTypeMismatch(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /item: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + id: + type: integer + xml: + attribute: true + quantity: + type: integer + xml: + attribute: true + name: + type: string + xml: + name: Item` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/item").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // valid - attributes are integers + validXML := `Widget` + valid, validationErrors := validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) + + // invalid - attribute is not an integer + invalidXML := `Widget` + valid, validationErrors = validator.ValidateXMLString(schema, invalidXML) + assert.False(t, valid) + assert.NotEmpty(t, validationErrors) +} + +func TestValidateXML_FloatPrecision(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /measurement: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + temperature: + type: number + humidity: + type: number + pressure: + type: number + xml: + name: Measurement` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/measurement").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // valid xml with float values + validXML := `23.45665.21013.25` + valid, validationErrors := validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) + + // valid - integers are acceptable for number type + validXML = `23651013` + valid, validationErrors = validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_Version30_WithNullable(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /item: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + value: + type: string + nullable: true + xml: + name: Item` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/item").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // test with version 3.0 - should allow nullable keyword + valid, validationErrors := validator.ValidateXMLStringWithVersion(schema, "test", 3.0) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_NilSchema(t *testing.T) { + validator := NewXMLValidator() + + // test with nil schema - should return false with empty errors + valid, validationErrors := validator.ValidateXMLString(nil, "value") + assert.False(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_NilSchemaInTransformation(t *testing.T) { + // directly test applyXMLTransformations with nil schema (line 94) + xmlNsMap := make(map[string]string, 2) + result, err := applyXMLTransformations(map[string]interface{}{"test": "value"}, nil, &xmlNsMap) + assert.NotNil(t, result) + assert.Len(t, err, 0) + assert.Equal(t, map[string]interface{}{"test": "value"}, result) +} + +func TestValidateXML_TransformWithNilPropertySchemaProxy(t *testing.T) { + // directly test applyXMLTransformations when a property schema proxy returns nil (line 119) + // this can happen with circular refs or unresolved refs in edge cases + // create a schema with properties but we'll simulate a nil schema scenario + // by testing the transformation directly + data := map[string]interface{}{ + "test": "value", + } + + // schema with properties but no XML config - tests property iteration + schema := &base.Schema{ + Properties: nil, // will trigger line 109 early return + } + xmlNsMap := make(map[string]string, 2) + result, err := applyXMLTransformations(data, schema, &xmlNsMap) + assert.Len(t, err, 0) + assert.Equal(t, data, result) +} + +func TestValidateXML_NoProperties(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /empty: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + xml: + name: Empty` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/empty").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // schema with no properties should still validate + valid, validationErrors := validator.ValidateXMLString(schema, "value") + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_PrimitiveValue(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /simple: + get: + responses: + '200': + content: + application/xml: + schema: + type: string + xml: + name: Value` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/simple").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // primitive value (non-object) should work + valid, validationErrors := validator.ValidateXMLString(schema, "hello world") + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_ArrayNotWrapped(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /items: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + items: + type: array + items: + type: string + xml: + name: Items` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/items").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // array without wrapped - items are direct siblings + validXML := `onetwothree` + valid, validationErrors := validator.ValidateXMLString(schema, validXML) + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestValidateXML_WrappedArrayWithWrongItemName(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /collection: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + properties: + data: + type: array + xml: + wrapped: true + items: + additionalProperties: false + type: object + properties: + value: + type: string + xml: + name: record + xml: + name: Collection` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/collection").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + + // wrapper contains items with wrong name (item instead of record) + // this tests the fallback path where unwrapped element is not found + xmlWithWrongItemName := `test` + valid, _ := validator.ValidateXMLString(schema, xmlWithWrongItemName) + assert.False(t, valid) + + xmlWithWrightItemName := `test` + valid, _ = validator.ValidateXMLString(schema, xmlWithWrightItemName) + assert.True(t, valid) +} + +func TestValidateXML_DirectArrayValue(t *testing.T) { + // test unwrapArrayElement with non-map value (line 160) + schema := &base.Schema{ + Type: []string{"array"}, + Items: &base.DynamicValue[*base.SchemaProxy, bool]{ + A: &base.SchemaProxy{}, + }, + XML: &base.XML{ + Wrapped: true, + }, + } + + // when val is already an array (not a map), it should return as-is + arrayVal := []interface{}{"one", "two", "three"} + result := unwrapArrayElement(arrayVal, "", schema) + assert.Equal(t, arrayVal, result) +} + +func TestValidateXML_UnwrapArrayElementMissingItem(t *testing.T) { + // test unwrapArrayElement when wrapper map doesn't contain expected item (line 177) + schema := &base.Schema{ + Type: []string{"array"}, + Items: &base.DynamicValue[*base.SchemaProxy, bool]{ + A: &base.SchemaProxy{}, + }, + XML: &base.XML{ + Wrapped: true, + }, + } + + // wrapper map contains wrong key - should return map as-is (line 177) + wrapperMap := map[string]interface{}{"wrongKey": []interface{}{"one", "two"}} + result := unwrapArrayElement(wrapperMap, "", schema) + assert.Equal(t, wrapperMap, result) +} + +func TestTransformXMLToSchemaJSON_EmptyString(t *testing.T) { + // test empty string error path (line 68) + schema := &base.Schema{} + _, err := TransformXMLToSchemaJSON("", schema) + assert.Len(t, err, 1) + assert.Contains(t, err[0].Reason, "empty xml content") +} + +func TestApplyXMLTransformations_NoXMLName(t *testing.T) { + // test schema without xml.name - data stays wrapped + schema := &base.Schema{ + Properties: nil, + } + xmlNsMap := make(map[string]string, 2) + data := map[string]interface{}{"Cat": map[string]interface{}{"nice": "true"}} + result, err := applyXMLTransformations(data, schema, &xmlNsMap) + assert.Len(t, err, 0) + assert.Equal(t, data, result) +} + +func TestIsXMLContentType(t *testing.T) { + tests := []struct { + name string + contentType string + expected bool + }{ + {"application/xml", "application/xml", true}, + {"text/xml", "text/xml", true}, + {"application/soap+xml", "application/soap+xml", true}, + {"application/json", "application/json", false}, + {"text/plain", "text/plain", false}, + {"with whitespace", " application/xml ", true}, + {"mixed case", "APPLICATION/XML", true}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := IsXMLContentType(tt.contentType) + assert.Equal(t, tt.expected, result) + }) + } +} + +func TestTransformXMLToSchemaJSON_InvalixXml(t *testing.T) { + schema := &base.Schema{} + _, err := TransformXMLToSchemaJSON("<", schema) + assert.Len(t, err, 1) + assert.Contains(t, err[0].Reason, "malformed xml") +} + +func TestValidateXmlNs_NoData(t *testing.T) { + errors := validateXmlNs(nil, nil, "", nil) + assert.Len(t, errors, 0) +} + +func getXmlTestSchema(t *testing.T) *base.Schema { + spec := `openapi: 3.1 +paths: + /collection: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + additionalProperties: false + properties: + body: + type: object + required: + - id + - success + - payload + xml: + prefix: t + namespace: http://assert.t + name: reqBody + properties: + id: + type: integer + xml: + attribute: true + success: + xml: + name: ok + prefix: j + namespace: http://j.j + type: boolean + payload: + oneOf: + - type: integer + - type: object + data: + type: array + xml: + wrapped: true + name: list + items: + additionalProperties: false + type: object + required: + - value + properties: + value: + type: string + xml: + namespace: http://prop.arr + prefix: arr + xml: + name: record + prefix: unt + namespace: http://expect.t + xml: + name: Collection` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/collection").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + return schema +} + +func TestValidateXmlNs_InvalidPrefix(t *testing.T) { + schema := getXmlTestSchema(t) + validator := NewXMLValidator() + xmlPayload := `` + valid, err := validator.ValidateXMLString(schema, xmlPayload) + + assert.False(t, valid) + assert.Equal(t, helpers.XmlValidationPrefix, err[0].ValidationSubType) +} + +func TestValidateXmlNs_InvalidNamespace(t *testing.T) { + schema := getXmlTestSchema(t) + validator := NewXMLValidator() + xmlPayload := `` + valid, err := validator.ValidateXMLString(schema, xmlPayload) + + assert.False(t, valid) + assert.Equal(t, helpers.XmlValidationNamespace, err[0].ValidationSubType) +} + +func TestValidateXmlNs_InvalidNamespaceInRoot(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /pet: + get: + responses: + '200': + content: + application/xml: + schema: + type: object + xml: + name: Cat + prefix: c + namespace: http://cat.ca` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/pet").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + xmlPayload := `` + + valid, validationErrors := validator.ValidateXMLString(schema, xmlPayload) + + assert.False(t, valid) + assert.Equal(t, "The namespace from prefix 'c' differs from the xml", validationErrors[0].Message) + assert.Equal(t, helpers.XmlValidationNamespace, validationErrors[0].ValidationSubType) +} + +func TestValidateXmlNs_CorrectNamespaceInRoot(t *testing.T) { + spec := `openapi: 3.0.0 +paths: + /pet: + get: + responses: + '200': + content: + application/xml: + schema: + type: string + xml: + name: Cat + prefix: c + namespace: http://cat.ca` + + doc, err := libopenapi.NewDocument([]byte(spec)) + assert.NoError(t, err) + + v3Doc, err := doc.BuildV3Model() + assert.NoError(t, err) + + schema := v3Doc.Model.Paths.PathItems.GetOrZero("/pet").Get.Responses.Codes.GetOrZero("200"). + Content.GetOrZero("application/xml").Schema.Schema() + + validator := NewXMLValidator() + xmlPayload := `meow` + + valid, validationErrors := validator.ValidateXMLString(schema, xmlPayload) + + assert.True(t, valid) + assert.Len(t, validationErrors, 0) +} + +func TestConvertBasedOnSchema_XmlSuccessfullyConverted(t *testing.T) { + schema := getXmlTestSchema(t) + validator := NewXMLValidator() + + xmlPayload := `true2 +Text` + + valid, err := validator.ValidateXMLString(schema, xmlPayload) + + assert.True(t, valid) + assert.Len(t, err, 0) +} + +func TestConvertBasedOnSchema_MissingPrefixInObjectProperties(t *testing.T) { + schema := getXmlTestSchema(t) + validator := NewXMLValidator() + + xmlPayload := `true2 +Text` + + valid, err := validator.ValidateXMLString(schema, xmlPayload) + + assert.False(t, valid) + assert.Equal(t, helpers.XmlValidationPrefix, err[0].ValidationSubType) + assert.Equal(t, "The prefix 'j' is defined in the schema, however it's missing from the xml", err[0].Message) +} + +func TestConvertBasedOnSchema_MissingPrefixInArrayItemProperties(t *testing.T) { + schema := getXmlTestSchema(t) + validator := NewXMLValidator() + + xmlPayload := `true2 +Text` + + valid, err := validator.ValidateXMLString(schema, xmlPayload) + + assert.False(t, valid) + assert.Equal(t, helpers.XmlValidationPrefix, err[0].ValidationSubType) + assert.Equal(t, "The prefix 'arr' is defined in the schema, however it's missing from the xml", err[0].Message) +} + +func TestApplyXMLTransformations_IncorrectSchema(t *testing.T) { + schema := getXmlTestSchema(t) + validator := NewXMLValidator() + + xmlPayload := `NotBooleanNotInteger +Text` + + valid, err := validator.ValidateXMLString(schema, xmlPayload) + + assert.False(t, valid) + assert.Equal(t, "got string, want boolean", err[0].SchemaValidationErrors[0].Reason) + assert.Equal(t, "schema does not pass validation", err[0].Message) +} + +func TestApplyXMLTransformations_NilPropSchema(t *testing.T) { + schema := &base.Schema{ + Properties: orderedmap.New[string, *base.SchemaProxy](), + } + + emptyProxy := &base.SchemaProxy{} + schema.Properties.Set("broken_ref_prop", emptyProxy) + + data := map[string]any{ + "broken_ref_prop": "some_value", + } + xmlNsMap := make(map[string]string) + + result, errs := applyXMLTransformations(data, schema, &xmlNsMap) + + assert.Len(t, errs, 0) + assert.NotNil(t, result) +} diff --git a/schema_validation/xml_validator.go b/schema_validation/xml_validator.go new file mode 100644 index 00000000..f9b2ef6e --- /dev/null +++ b/schema_validation/xml_validator.go @@ -0,0 +1,59 @@ +// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// SPDX-License-Identifier: MIT + +package schema_validation + +import ( + "log/slog" + "os" + + "github.com/pb33f/libopenapi/datamodel/high/base" + + "github.com/pb33f/libopenapi-validator/config" + liberrors "github.com/pb33f/libopenapi-validator/errors" +) + +// XMLValidator is an interface that defines methods for validating XML against OpenAPI schemas. +// There are 2 methods for validating XML: +// +// ValidateXMLString validates an XML string against a schema, applying OpenAPI xml object transformations. +// ValidateXMLStringWithVersion - version-aware XML validation that allows OpenAPI 3.0 keywords when version is specified. +type XMLValidator interface { + // ValidateXMLString validates an XML string against an OpenAPI schema, applying xml object transformations. + // Uses OpenAPI 3.1+ validation by default (strict JSON Schema compliance). + ValidateXMLString(schema *base.Schema, xmlString string) (bool, []*liberrors.ValidationError) + + // ValidateXMLStringWithVersion validates an XML string with version-specific rules. + // When version is 3.0, OpenAPI 3.0-specific keywords like 'nullable' are allowed and processed. + // When version is 3.1+, OpenAPI 3.0-specific keywords like 'nullable' will cause validation to fail. + ValidateXMLStringWithVersion(schema *base.Schema, xmlString string, version float32) (bool, []*liberrors.ValidationError) +} + +type xmlValidator struct { + schemaValidator *schemaValidator + logger *slog.Logger +} + +// NewXMLValidatorWithLogger creates a new XMLValidator instance with a custom logger. +func NewXMLValidatorWithLogger(logger *slog.Logger, opts ...config.Option) XMLValidator { + options := config.NewValidationOptions(opts...) + // Create an internal schema validator for JSON validation after XML transformation + sv := &schemaValidator{options: options, logger: logger} + return &xmlValidator{schemaValidator: sv, logger: logger} +} + +// NewXMLValidator creates a new XMLValidator instance with default logging configuration. +func NewXMLValidator(opts ...config.Option) XMLValidator { + logger := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{ + Level: slog.LevelError, + })) + return NewXMLValidatorWithLogger(logger, opts...) +} + +func (x *xmlValidator) ValidateXMLString(schema *base.Schema, xmlString string) (bool, []*liberrors.ValidationError) { + return x.validateXMLWithVersion(schema, xmlString, x.logger, 3.1) +} + +func (x *xmlValidator) ValidateXMLStringWithVersion(schema *base.Schema, xmlString string, version float32) (bool, []*liberrors.ValidationError) { + return x.validateXMLWithVersion(schema, xmlString, x.logger, version) +} diff --git a/strict/array_validator.go b/strict/array_validator.go new file mode 100644 index 00000000..06605307 --- /dev/null +++ b/strict/array_validator.go @@ -0,0 +1,107 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package strict + +import ( + "strconv" + + "github.com/pb33f/libopenapi/datamodel/high/base" +) + +// validateArray checks an array value against a schema for undeclared properties +// within array items. It handles: +// - items (schema for all items or boolean) +// - prefixItems (tuple validation with positional schemas) +// - unevaluatedItems (items not covered by items/prefixItems) +func (v *Validator) validateArray(ctx *traversalContext, schema *base.Schema, data []any) []UndeclaredValue { + if len(data) == 0 { + return nil + } + + var undeclared []UndeclaredValue + + // Check for items: false + // When items: false, no items are allowed. If base validation passed, the + // array should be empty. But we explicitly check in case it wasn't caught. + if schema.Items != nil && schema.Items.IsB() && !schema.Items.B { + for i := range data { + itemPath := buildArrayPath(ctx.path, i) + undeclared = append(undeclared, + newUndeclaredItem(itemPath, strconv.Itoa(i), data[i], ctx.direction)) + } + return undeclared + } + + prefixLen := 0 + + // handle prefixItems first (tuple validation) + if len(schema.PrefixItems) > 0 { + for i, itemProxy := range schema.PrefixItems { + if i >= len(data) { + break + } + + itemPath := buildArrayPath(ctx.path, i) + itemCtx := ctx.withPath(itemPath) + + if itemCtx.shouldIgnore() { + prefixLen++ + continue + } + + itemSchema := itemProxy.Schema() + if itemSchema != nil { + undeclared = append(undeclared, v.validateValue(itemCtx, itemSchema, data[i])...) + } + prefixLen++ + } + } + + // handle items for remaining elements (after prefixItems) + if schema.Items != nil && schema.Items.A != nil { + itemProxy := schema.Items.A + itemSchema := itemProxy.Schema() + + if itemSchema != nil { + for i := prefixLen; i < len(data); i++ { + itemPath := buildArrayPath(ctx.path, i) + itemCtx := ctx.withPath(itemPath) + + if itemCtx.shouldIgnore() { + continue + } + + undeclared = append(undeclared, v.validateValue(itemCtx, itemSchema, data[i])...) + } + } + } + + // handle unevaluatedItems with schema. + // unevaluatedItems: false is handled by base validation. + // unevaluatedItems: {schema} means items matching the schema are valid. + // note: this doesn't account for items evaluated by `contains`. for strict + // validation this is acceptable as we check conservatively. + if schema.UnevaluatedItems != nil && schema.UnevaluatedItems.Schema() != nil { + // this applies to items not covered by items or prefixItems. + // if there's no items schema, unevaluatedItems applies to: + // - items after prefixItems (if prefixItems exists) + // - all items (if neither items nor prefixItems exists) + if schema.Items == nil { + unevalSchema := schema.UnevaluatedItems.Schema() + startIndex := len(schema.PrefixItems) // 0 if no prefixItems + for i := startIndex; i < len(data); i++ { + itemPath := buildArrayPath(ctx.path, i) + itemCtx := ctx.withPath(itemPath) + + if itemCtx.shouldIgnore() { + continue + } + + undeclared = append(undeclared, v.validateValue(itemCtx, unevalSchema, data[i])...) + } + } + } + + return undeclared +} diff --git a/strict/headers.go b/strict/headers.go new file mode 100644 index 00000000..823848ca --- /dev/null +++ b/strict/headers.go @@ -0,0 +1,35 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package strict + +import "strings" + +// isHeaderIgnored checks if a header name should be ignored in strict validation. +// Uses the effective ignored headers list from options (defaults, replaced, or merged). +// Set-Cookie is direction-aware: ignored in responses but reported in requests. +func (v *Validator) isHeaderIgnored(name string, direction Direction) bool { + lower := strings.ToLower(name) + + // Set-Cookie is expected in responses but unexpected in requests + if lower == "set-cookie" { + return direction == DirectionResponse + } + + // Check effective ignored list + for _, h := range v.getEffectiveIgnoredHeaders() { + if strings.ToLower(h) == lower { + return true + } + } + return false +} + +// getEffectiveIgnoredHeaders returns the list of headers to ignore based on +// configuration. Uses the ValidationOptions method for consistency. +func (v *Validator) getEffectiveIgnoredHeaders() []string { + if v.options == nil { + return nil + } + return v.options.GetEffectiveStrictIgnoredHeaders() +} diff --git a/strict/matcher.go b/strict/matcher.go new file mode 100644 index 00000000..89bb2c3b --- /dev/null +++ b/strict/matcher.go @@ -0,0 +1,120 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package strict + +import ( + "errors" + "fmt" + + "github.com/pb33f/libopenapi/datamodel/high/base" + "github.com/pb33f/libopenapi/utils" + "github.com/santhosh-tekuri/jsonschema/v6" + + "github.com/pb33f/libopenapi-validator/helpers" +) + +// dataMatchesSchema checks if the given data matches the schema using +// JSON Schema validation. This is used for: +// - oneOf/anyOf variant selection (finding which variant the data matches) +// - if/then/else condition evaluation +// - additionalProperties schema matching +// +// The method uses version-aware schema compilation to handle OpenAPI 3.0 vs 3.1 +// differences (especially nullable handling). +// +// Returns (true, nil) if data matches the schema. +// Returns (false, nil) if data does not match the schema. +// Returns (false, error) if schema compilation failed. +func (v *Validator) dataMatchesSchema(schema *base.Schema, data any) (bool, error) { + if schema == nil { + return true, nil // No schema means anything matches + } + + compiled, err := v.getCompiledSchema(schema) + if err != nil { + return false, err + } + return compiled.Validate(data) == nil, nil +} + +// getCompiledSchema returns a compiled JSON Schema for the given high-level schema. +// It checks multiple cache levels: +// 1. Global SchemaCache (if configured in options) +// 2. Local instance cache (for reuse within this validation call) +// 3. Compiles on-the-fly if not cached +// +// Returns the compiled schema and nil error on success. +// Returns nil schema and nil error if the input schema is nil. +// Returns nil schema and error if compilation failed. +func (v *Validator) getCompiledSchema(schema *base.Schema) (*jsonschema.Schema, error) { + if schema == nil || schema.GoLow() == nil { + return nil, nil + } + + hash := schema.GoLow().Hash() + hashKey := fmt.Sprintf("%x", hash) + + // try global cache first (if available) + if v.options != nil && v.options.SchemaCache != nil { + if cached, ok := v.options.SchemaCache.Load(hash); ok && cached != nil && cached.CompiledSchema != nil { + return cached.CompiledSchema, nil + } + } + + // try local instance cache + if compiled, ok := v.localCache[hashKey]; ok { + return compiled, nil + } + + // cache miss - compile on-the-fly with context-aware rendering + compiled, err := v.compileSchema(schema) + if err != nil { + return nil, err + } + if compiled != nil { + v.localCache[hashKey] = compiled + } + + return compiled, nil +} + +// compileSchema renders and compiles a schema for validation. +// Uses RenderInlineWithContext for safe cycle handling. +// +// Returns the compiled schema and nil error on success. +// Returns nil schema and error if any step fails (render, conversion, compilation). +func (v *Validator) compileSchema(schema *base.Schema) (*jsonschema.Schema, error) { + if schema == nil { + return nil, nil + } + + schemaHash := fmt.Sprintf("%x", schema.GoLow().Hash()) + + // use RenderInlineWithContext for safe cycle handling + renderedSchema, err := schema.RenderInlineWithContext(v.renderCtx) + if err != nil { + return nil, fmt.Errorf("strict: schema render failed (hash=%s): %w", schemaHash, err) + } + + jsonSchema, convErr := utils.ConvertYAMLtoJSON(renderedSchema) + if convErr != nil { + return nil, fmt.Errorf("strict: YAML to JSON conversion failed: %w", convErr) + } + if len(jsonSchema) == 0 { + return nil, errors.New("strict: schema rendered to empty JSON") + } + + schemaName := fmt.Sprintf("strict-match-%s", schemaHash) + compiled, err := helpers.NewCompiledSchemaWithVersion( + schemaName, + jsonSchema, + v.options, + v.version, + ) + if err != nil { + return nil, fmt.Errorf("strict: schema compilation failed (name=%s): %w", schemaName, err) + } + + return compiled, nil +} diff --git a/strict/polymorphic.go b/strict/polymorphic.go new file mode 100644 index 00000000..d229f338 --- /dev/null +++ b/strict/polymorphic.go @@ -0,0 +1,474 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package strict + +import ( + "regexp" + "strings" + + "github.com/pb33f/libopenapi/datamodel/high/base" +) + +// validatePolymorphic handles allOf, oneOf, and anyOf schemas. +// For allOf: merge all schemas and validate against all. +// For oneOf/anyOf: find the matching variant and validate against it. +func (v *Validator) validatePolymorphic(ctx *traversalContext, schema *base.Schema, data map[string]any) []UndeclaredValue { + var undeclared []UndeclaredValue + + // Handle allOf first - data must match ALL schemas + if len(schema.AllOf) > 0 { + undeclared = append(undeclared, v.validateAllOf(ctx, schema, data)...) + } + + // Handle oneOf - data must match exactly ONE schema + if len(schema.OneOf) > 0 { + undeclared = append(undeclared, v.validateOneOf(ctx, schema, data)...) + } + + // Handle anyOf - data must match at least ONE schema + if len(schema.AnyOf) > 0 { + undeclared = append(undeclared, v.validateAnyOf(ctx, schema, data)...) + } + + // Also validate any direct properties on the parent schema + if schema.Properties != nil { + declared, patterns := v.collectDeclaredProperties(schema, data) + + // Check properties that aren't handled by allOf/oneOf/anyOf + for propName := range data { + // Skip if declared directly or via patterns + if isPropertyDeclared(propName, declared, patterns) { + continue + } + + // Check if it's declared in any of the allOf schemas + if v.isPropertyDeclaredInAllOf(schema.AllOf, propName) { + continue + } + + // For oneOf/anyOf, we've already validated against the matching variant + } + } + + return undeclared +} + +// validateAllOf validates data against all schemas in allOf. +// Collects properties from all schemas as declared. +func (v *Validator) validateAllOf(ctx *traversalContext, schema *base.Schema, data map[string]any) []UndeclaredValue { + var undeclared []UndeclaredValue + + // Collect declared properties from ALL schemas in allOf + allDeclared := make(map[string]*declaredProperty) + var allPatterns []*regexp.Regexp + + for _, schemaProxy := range schema.AllOf { + if schemaProxy == nil { + continue + } + + subSchema := schemaProxy.Schema() + if subSchema == nil { + continue + } + + declared, patterns := v.collectDeclaredProperties(subSchema, data) + for name, prop := range declared { + if _, exists := allDeclared[name]; !exists { + allDeclared[name] = prop + } + } + + allPatterns = append(allPatterns, patterns...) + } + + // collect from parent schema + declared, patterns := v.collectDeclaredProperties(schema, data) + for name, prop := range declared { + if _, exists := allDeclared[name]; !exists { + allDeclared[name] = prop + } + } + + allPatterns = append(allPatterns, patterns...) + + // check if strict mode should report for this combined schema + if !v.shouldReportUndeclaredForAllOf(schema) { + // Still recurse into declared properties + return v.recurseIntoAllOfDeclaredProperties(ctx, schema.AllOf, data, allDeclared) + } + + // Check each property in data + for propName, propValue := range data { + propPath := buildPath(ctx.path, propName) + propCtx := ctx.withPath(propPath) + + if propCtx.shouldIgnore() { + continue + } + + // Check if declared in merged schema + if isPropertyDeclared(propName, allDeclared, allPatterns) { + // Recurse into the property + propSchema := v.findPropertySchemaInAllOf(schema.AllOf, propName, allDeclared) + if propSchema != nil { + if v.shouldSkipProperty(propSchema, ctx.direction) { + continue + } + undeclared = append(undeclared, v.validateValue(propCtx, propSchema, propValue)...) + } + continue + } + + // Not declared - report as undeclared + undeclared = append(undeclared, + newUndeclaredProperty(propPath, propName, propValue, getDeclaredPropertyNames(allDeclared), ctx.direction, schema)) + } + + return undeclared +} + +// validateOneOf finds the matching oneOf variant and validates against it. +// Parent schema properties are merged with the variant's properties. +func (v *Validator) validateOneOf(ctx *traversalContext, schema *base.Schema, data map[string]any) []UndeclaredValue { + var matchingVariant *base.Schema + + // discriminator is present, use it to select the variant + if schema.Discriminator != nil { + matchingVariant = v.selectByDiscriminator(schema, schema.OneOf, data) + } + + // no discriminator or no match: find matching variant by validation + if matchingVariant == nil { + matchingVariant = v.findMatchingVariant(schema.OneOf, data) + } + + if matchingVariant == nil { + // No match found - base validation would report this error + return nil + } + + // Validate against variant, but filter out properties declared in parent + return v.validateVariantWithParent(ctx, schema, matchingVariant, data) +} + +// validateAnyOf finds matching anyOf variants and validates against them. +// Parent schema properties are merged with the variant's properties. +func (v *Validator) validateAnyOf(ctx *traversalContext, schema *base.Schema, data map[string]any) []UndeclaredValue { + var matchingVariant *base.Schema + + // If discriminator is present, use it to select the variant + if schema.Discriminator != nil { + matchingVariant = v.selectByDiscriminator(schema, schema.AnyOf, data) + } + + // No discriminator or no match: find matching variant by validation + if matchingVariant == nil { + matchingVariant = v.findMatchingVariant(schema.AnyOf, data) + } + + if matchingVariant == nil { + // No match found - base validation would report this error + return nil + } + + // Validate against variant, but filter out properties declared in parent + return v.validateVariantWithParent(ctx, schema, matchingVariant, data) +} + +// validateVariantWithParent validates data against a variant schema while also +// considering properties declared in the parent schema. This ensures parent +// properties are not reported as undeclared when using oneOf/anyOf. +func (v *Validator) validateVariantWithParent(ctx *traversalContext, parent *base.Schema, variant *base.Schema, data map[string]any) []UndeclaredValue { + var undeclared []UndeclaredValue + + // Collect declared properties from parent schema + parentDeclared, parentPatterns := v.collectDeclaredProperties(parent, data) + + // Collect declared properties from variant schema + variantDeclared, variantPatterns := v.collectDeclaredProperties(variant, data) + + // Merge: parent + variant + allDeclared := make(map[string]*declaredProperty) + for name, prop := range parentDeclared { + allDeclared[name] = prop + } + for name, prop := range variantDeclared { + allDeclared[name] = prop + } + allPatterns := append(parentPatterns, variantPatterns...) + + // Check if we should report undeclared (skip if additionalProperties: false) + if !v.shouldReportUndeclared(variant) && !v.shouldReportUndeclared(parent) { + // Still recurse into declared properties + return v.recurseIntoDeclaredPropertiesWithMerged(ctx, variant, parent, data, allDeclared) + } + + // Check each property in data + for propName, propValue := range data { + propPath := buildPath(ctx.path, propName) + propCtx := ctx.withPath(propPath) + + if propCtx.shouldIgnore() { + continue + } + + // Check if declared in merged schema (parent + variant) + if isPropertyDeclared(propName, allDeclared, allPatterns) { + // Find the property schema (prefer variant, fallback to parent) + propSchema := v.findPropertySchemaInMerged(variant, parent, propName, allDeclared) + if propSchema != nil { + if v.shouldSkipProperty(propSchema, ctx.direction) { + continue + } + undeclared = append(undeclared, v.validateValue(propCtx, propSchema, propValue)...) + } + continue + } + + // Not declared - report as undeclared + // Use variant schema location if available, otherwise fall back to parent + locationSchema := variant + if locationSchema == nil || locationSchema.GoLow() == nil { + locationSchema = parent + } + undeclared = append(undeclared, + newUndeclaredProperty(propPath, propName, propValue, getDeclaredPropertyNames(allDeclared), ctx.direction, locationSchema)) + } + + return undeclared +} + +// findPropertySchemaInMerged finds the schema for a property, preferring variant over parent. +// Checks explicit properties first, then patternProperties. +func (v *Validator) findPropertySchemaInMerged(variant, parent *base.Schema, propName string, declared map[string]*declaredProperty) *base.Schema { + // Check explicit declared first + if prop, ok := declared[propName]; ok && prop.proxy != nil { + return prop.proxy.Schema() + } + + // Check variant schema explicit properties + if variant != nil && variant.Properties != nil { + if propProxy, exists := variant.Properties.Get(propName); exists && propProxy != nil { + return propProxy.Schema() + } + } + + // Check parent schema explicit properties + if parent != nil && parent.Properties != nil { + if propProxy, exists := parent.Properties.Get(propName); exists && propProxy != nil { + return propProxy.Schema() + } + } + + // Check variant patternProperties + if variant != nil { + if propProxy := v.getPatternPropertySchema(variant, propName); propProxy != nil { + return propProxy.Schema() + } + } + + // Check parent patternProperties + if parent != nil { + if propProxy := v.getPatternPropertySchema(parent, propName); propProxy != nil { + return propProxy.Schema() + } + } + + return nil +} + +// recurseIntoDeclaredPropertiesWithMerged recurses into properties from merged parent+variant. +func (v *Validator) recurseIntoDeclaredPropertiesWithMerged(ctx *traversalContext, variant, parent *base.Schema, data map[string]any, declared map[string]*declaredProperty) []UndeclaredValue { + var undeclared []UndeclaredValue + + for propName, propValue := range data { + propPath := buildPath(ctx.path, propName) + propCtx := ctx.withPath(propPath) + + if propCtx.shouldIgnore() { + continue + } + + propSchema := v.findPropertySchemaInMerged(variant, parent, propName, declared) + if propSchema != nil { + if v.shouldSkipProperty(propSchema, ctx.direction) { + continue + } + undeclared = append(undeclared, v.validateValue(propCtx, propSchema, propValue)...) + } + } + + return undeclared +} + +// selectByDiscriminator uses the discriminator to select the appropriate variant. +func (v *Validator) selectByDiscriminator(schema *base.Schema, variants []*base.SchemaProxy, data map[string]any) *base.Schema { + if schema.Discriminator == nil { + return nil + } + + propName := schema.Discriminator.PropertyName + if propName == "" { + return nil + } + + discriminatorValue, ok := data[propName] + if !ok { + return nil + } + + valueStr, ok := discriminatorValue.(string) + if !ok { + return nil + } + + // check mapping first + if schema.Discriminator.Mapping != nil { + for pair := schema.Discriminator.Mapping.First(); pair != nil; pair = pair.Next() { + if pair.Key() == valueStr { + // The mapping value is a reference like "#/components/schemas/Dog" + mappedRef := pair.Value() + for _, variantProxy := range variants { + if variantProxy.IsReference() && variantProxy.GetReference() == mappedRef { + return variantProxy.Schema() + } + } + } + } + } + + // no mapping match, try to match by schema name in reference + for _, variantProxy := range variants { + if variantProxy.IsReference() { + ref := variantProxy.GetReference() + // Extract schema name from reference like "#/components/schemas/Dog" + parts := strings.Split(ref, "/") + if len(parts) > 0 && parts[len(parts)-1] == valueStr { + return variantProxy.Schema() + } + } + } + + return nil +} + +// findMatchingVariant finds the first variant that the data validates against. +func (v *Validator) findMatchingVariant(variants []*base.SchemaProxy, data map[string]any) *base.Schema { + for _, variantProxy := range variants { + if variantProxy == nil { + continue + } + + variantSchema := variantProxy.Schema() + if variantSchema == nil { + continue + } + + matches, _ := v.dataMatchesSchema(variantSchema, data) + if matches { + return variantSchema + } + } + return nil +} + +// isPropertyDeclaredInAllOf checks if a property is declared in any allOf schema. +func (v *Validator) isPropertyDeclaredInAllOf(allOf []*base.SchemaProxy, propName string) bool { + for _, schemaProxy := range allOf { + if schemaProxy == nil { + continue + } + + subSchema := schemaProxy.Schema() + if subSchema == nil { + continue + } + + if subSchema.Properties != nil { + if _, exists := subSchema.Properties.Get(propName); exists { + return true + } + } + } + return false +} + +// shouldReportUndeclaredForAllOf checks if any schema in allOf disables additional properties. +func (v *Validator) shouldReportUndeclaredForAllOf(schema *base.Schema) bool { + // Check parent schema + if schema.AdditionalProperties != nil && schema.AdditionalProperties.IsB() && !schema.AdditionalProperties.B { + return false + } + + // Check each allOf schema + for _, schemaProxy := range schema.AllOf { + if schemaProxy == nil { + continue + } + + subSchema := schemaProxy.Schema() + if subSchema == nil { + continue + } + + if subSchema.AdditionalProperties != nil && subSchema.AdditionalProperties.IsB() && !subSchema.AdditionalProperties.B { + return false + } + } + + return true +} + +// findPropertySchemaInAllOf finds the schema for a property in allOf schemas. +func (v *Validator) findPropertySchemaInAllOf(allOf []*base.SchemaProxy, propName string, declared map[string]*declaredProperty) *base.Schema { + // Check explicit declared first + if prop, ok := declared[propName]; ok && prop.proxy != nil { + return prop.proxy.Schema() + } + + // Search in allOf schemas + for _, schemaProxy := range allOf { + if schemaProxy == nil { + continue + } + + subSchema := schemaProxy.Schema() + if subSchema == nil { + continue + } + + if subSchema.Properties != nil { + if propProxy, exists := subSchema.Properties.Get(propName); exists && propProxy != nil { + return propProxy.Schema() + } + } + } + + return nil +} + +// recurseIntoAllOfDeclaredProperties recurses into properties without checking for undeclared. +func (v *Validator) recurseIntoAllOfDeclaredProperties(ctx *traversalContext, allOf []*base.SchemaProxy, data map[string]any, declared map[string]*declaredProperty) []UndeclaredValue { + var undeclared []UndeclaredValue + + for propName, propValue := range data { + propPath := buildPath(ctx.path, propName) + propCtx := ctx.withPath(propPath) + + if propCtx.shouldIgnore() { + continue + } + + propSchema := v.findPropertySchemaInAllOf(allOf, propName, declared) + if propSchema != nil { + if v.shouldSkipProperty(propSchema, ctx.direction) { + continue + } + undeclared = append(undeclared, v.validateValue(propCtx, propSchema, propValue)...) + } + } + + return undeclared +} diff --git a/strict/property_collector.go b/strict/property_collector.go new file mode 100644 index 00000000..24317b83 --- /dev/null +++ b/strict/property_collector.go @@ -0,0 +1,168 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package strict + +import ( + "regexp" + + "github.com/pb33f/libopenapi/datamodel/high/base" +) + +// declaredProperty holds information about a declared property in a schema. +type declaredProperty struct { + // proxy is the SchemaProxy for the property. + proxy *base.SchemaProxy +} + +// collectDeclaredProperties gathers all property names that are declared in a schema. +// This includes explicit properties, patternProperties matches, and properties from +// dependentSchemas and if/then/else based on the actual data. +// +// Returns a map from property name to its declaration info, plus a slice of +// pattern regexes for patternProperties matching. +func (v *Validator) collectDeclaredProperties( + schema *base.Schema, + data map[string]any, +) (declared map[string]*declaredProperty, patterns []*regexp.Regexp) { + declared = make(map[string]*declaredProperty) + + if schema == nil { + return declared, nil + } + + // explicit properties + if schema.Properties != nil { + for pair := schema.Properties.First(); pair != nil; pair = pair.Next() { + declared[pair.Key()] = &declaredProperty{ + proxy: pair.Value(), + } + } + } + + // pattern properties - use cached compiled patterns + if schema.PatternProperties != nil { + for pair := schema.PatternProperties.First(); pair != nil; pair = pair.Next() { + pattern := v.getCompiledPattern(pair.Key()) + if pattern == nil { + continue + } + patterns = append(patterns, pattern) + } + } + + // dependent schemas - if trigger property exists in data + if schema.DependentSchemas != nil { + for pair := schema.DependentSchemas.First(); pair != nil; pair = pair.Next() { + triggerProp := pair.Key() + if _, exists := data[triggerProp]; !exists { + continue + } + // trigger property exists, include dependent schema's properties + mergePropertiesIntoDeclared(declared, pair.Value().Schema()) + } + } + + // if/then/else + if schema.If != nil { + ifProxy := schema.If + ifSchema := ifProxy.Schema() + if ifSchema != nil { + matches, err := v.dataMatchesSchema(ifSchema, data) + if err != nil { + // schema compilation failed - log and use else branch + v.logger.Debug("strict: if schema compilation failed, using else branch", "error", err) + matches = false + } + if matches { + if schema.Then != nil { + mergePropertiesIntoDeclared(declared, schema.Then.Schema()) + } + } else { + if schema.Else != nil { + mergePropertiesIntoDeclared(declared, schema.Else.Schema()) + } + } + } + } + + return declared, patterns +} + +// mergePropertiesIntoDeclared merges properties from a schema's Properties map into +// the declared map. Only adds properties that are not already declared. +// This eliminates code duplication when collecting properties from multiple sources. +func mergePropertiesIntoDeclared(declared map[string]*declaredProperty, schema *base.Schema) { + if schema == nil || schema.Properties == nil { + return + } + for p := schema.Properties.First(); p != nil; p = p.Next() { + if _, alreadyDeclared := declared[p.Key()]; !alreadyDeclared { + declared[p.Key()] = &declaredProperty{ + proxy: p.Value(), + } + } + } +} + +// getDeclaredPropertyNames returns just the property names from declared properties. +func getDeclaredPropertyNames(declared map[string]*declaredProperty) []string { + if len(declared) == 0 { + return nil + } + names := make([]string, 0, len(declared)) + for name := range declared { + names = append(names, name) + } + return names +} + +// isPropertyDeclared checks if a property name is declared in the schema. +// A property is declared if: +// - It's in the explicit properties map +// - It matches any patternProperties regex +func isPropertyDeclared(name string, declared map[string]*declaredProperty, patterns []*regexp.Regexp) bool { + // check explicit properties + if _, ok := declared[name]; ok { + return true + } + + // check pattern properties + for _, pattern := range patterns { + if pattern.MatchString(name) { + return true + } + } + + return false +} + +// getPropertySchema returns the SchemaProxy for a declared property. +// Returns nil if the property is not declared or is only matched by pattern. +func getPropertySchema(name string, declared map[string]*declaredProperty) *base.SchemaProxy { + // check explicit properties first + if dp, ok := declared[name]; ok && dp.proxy != nil { + return dp.proxy + } + return nil +} + +// shouldSkipProperty checks if a property should be skipped based on +// readOnly/writeOnly and the current validation direction. +func (v *Validator) shouldSkipProperty(schema *base.Schema, direction Direction) bool { + if schema == nil { + return false + } + + // readOnly: skip in requests (should not be sent by client) + if direction == DirectionRequest && schema.ReadOnly != nil && *schema.ReadOnly { + return true + } + + // writeOnly: skip in responses (should not be returned by server) + if direction == DirectionResponse && schema.WriteOnly != nil && *schema.WriteOnly { + return true + } + + return false +} diff --git a/strict/schema_walker.go b/strict/schema_walker.go new file mode 100644 index 00000000..042a91cc --- /dev/null +++ b/strict/schema_walker.go @@ -0,0 +1,234 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package strict + +import ( + "github.com/pb33f/libopenapi/datamodel/high/base" +) + +// validateValue is the main entry point for validating a value against a schema. +// It dispatches to the appropriate handler based on the value type. +func (v *Validator) validateValue(ctx *traversalContext, schema *base.Schema, data any) []UndeclaredValue { + if schema == nil || data == nil { + return nil + } + + if ctx.shouldIgnore() { + return nil + } + + if ctx.exceedsDepth() { + return nil + } + + // check for cycles using schema hash + schemaKey := v.getSchemaKey(schema) + if ctx.checkAndMarkVisited(schemaKey) { + return nil + } + + // switch on data type + switch val := data.(type) { + case map[string]any: + return v.validateObject(ctx, schema, val) + case []any: + return v.validateArray(ctx, schema, val) + default: + return nil + } +} + +// validateObject checks an object value against a schema for undeclared properties. +func (v *Validator) validateObject(ctx *traversalContext, schema *base.Schema, data map[string]any) []UndeclaredValue { + var undeclared []UndeclaredValue + + if len(schema.AllOf) > 0 || len(schema.OneOf) > 0 || len(schema.AnyOf) > 0 { + return v.validatePolymorphic(ctx, schema, data) + } + + if !v.shouldReportUndeclared(schema) { + // additionalProperties: false - base validation catches this, no strict check needed + // Still need to recurse into declared properties + return v.recurseIntoDeclaredProperties(ctx, schema, data) + } + + declared, patterns := v.collectDeclaredProperties(schema, data) + + // check each property in the data + for propName, propValue := range data { + propPath := buildPath(ctx.path, propName) + propCtx := ctx.withPath(propPath) + + if propCtx.shouldIgnore() { + continue + } + + if !isPropertyDeclared(propName, declared, patterns) { + undeclared = append(undeclared, + newUndeclaredProperty(propPath, propName, propValue, getDeclaredPropertyNames(declared), ctx.direction, schema)) + + // even if undeclared, recurse into additionalProperties schema if present + if schema.AdditionalProperties != nil && schema.AdditionalProperties.IsA() { + addlProxy := schema.AdditionalProperties.A + if addlProxy != nil { + addlSchema := addlProxy.Schema() + if addlSchema != nil { + undeclared = append(undeclared, v.validateValue(propCtx, addlSchema, propValue)...) + } + } + } + continue + } + + // property is declared, recurse into it + propProxy := getPropertySchema(propName, declared) + if propProxy == nil { + propProxy = v.getPatternPropertySchema(schema, propName) + } + + if propProxy != nil { + propSchema := propProxy.Schema() + if propSchema != nil { + // check readOnly/writeOnly + if v.shouldSkipProperty(propSchema, ctx.direction) { + continue + } + undeclared = append(undeclared, v.validateValue(propCtx, propSchema, propValue)...) + } + } + } + + return undeclared +} + +// shouldReportUndeclared determines if strict mode should report undeclared +// properties for this schema. +func (v *Validator) shouldReportUndeclared(schema *base.Schema) bool { + if schema == nil { + return false + } + + // SHORT-CIRCUIT: If additionalProperties: false, base validation already catches extras. + if schema.AdditionalProperties != nil && schema.AdditionalProperties.IsB() && !schema.AdditionalProperties.B { + return false + } + + // STRICT OVERRIDE: Even if additionalProperties: true, report undeclared. + if schema.AdditionalProperties != nil { + if schema.AdditionalProperties.IsB() && schema.AdditionalProperties.B { + return true + } + if schema.AdditionalProperties.IsA() { + // additionalProperties with schema - properties matching schema are + // technically "declared" but we still want to flag them as not in + // the explicit schema. They will be recursed into. + return true + } + } + + // STRICT OVERRIDE: unevaluatedProperties: false with implicit additionalProperties: true + // Standard JSON Schema would catch via unevaluatedProperties, but strict reports + // even when additionalProperties: true would normally allow extras. + if schema.UnevaluatedProperties != nil && schema.UnevaluatedProperties.IsB() && !schema.UnevaluatedProperties.B { + // unevaluatedProperties: false means base validation catches extras + // BUT if there's no additionalProperties: false, strict should report + return true + } + + // default: no additionalProperties means implicit true in JSON Schema + // Strict reports undeclared in this case + return true +} + +// getPatternPropertySchema finds the schema for a property that matches +// a patternProperties regex. Uses cached compiled patterns. +func (v *Validator) getPatternPropertySchema(schema *base.Schema, propName string) *base.SchemaProxy { + if schema.PatternProperties == nil { + return nil + } + + for pair := schema.PatternProperties.First(); pair != nil; pair = pair.Next() { + pattern := v.getCompiledPattern(pair.Key()) + if pattern == nil { + continue + } + if pattern.MatchString(propName) { + return pair.Value() + } + } + + return nil +} + +// recurseIntoDeclaredProperties recurses into declared properties without +// checking for undeclared (used when additionalProperties: false). +// This includes both explicit properties and patternProperties matches. +func (v *Validator) recurseIntoDeclaredProperties(ctx *traversalContext, schema *base.Schema, data map[string]any) []UndeclaredValue { + var undeclared []UndeclaredValue + + processed := make(map[string]bool) + + // process explicit properties + if schema.Properties != nil { + for pair := schema.Properties.First(); pair != nil; pair = pair.Next() { + propName := pair.Key() + propProxy := pair.Value() + + propValue, exists := data[propName] + if !exists { + continue + } + + processed[propName] = true + + propPath := buildPath(ctx.path, propName) + propCtx := ctx.withPath(propPath) + + if propCtx.shouldIgnore() { + continue + } + + propSchema := propProxy.Schema() + if propSchema != nil { + if v.shouldSkipProperty(propSchema, ctx.direction) { + continue + } + undeclared = append(undeclared, v.validateValue(propCtx, propSchema, propValue)...) + } + } + } + + // process patternProperties - recurse into any data properties that match patterns + if schema.PatternProperties != nil { + for propName, propValue := range data { + if processed[propName] { + continue + } + + propProxy := v.getPatternPropertySchema(schema, propName) + if propProxy == nil { + continue + } + + processed[propName] = true + + propPath := buildPath(ctx.path, propName) + propCtx := ctx.withPath(propPath) + + if propCtx.shouldIgnore() { + continue + } + + propSchema := propProxy.Schema() + if propSchema != nil { + if v.shouldSkipProperty(propSchema, ctx.direction) { + continue + } + undeclared = append(undeclared, v.validateValue(propCtx, propSchema, propValue)...) + } + } + } + + return undeclared +} diff --git a/strict/types.go b/strict/types.go new file mode 100644 index 00000000..2d682cc9 --- /dev/null +++ b/strict/types.go @@ -0,0 +1,391 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +// Package strict provides strict validation that detects undeclared +// properties in requests and responses, even when additionalProperties +// would normally allow them. +// +// Strict mode is designed for API governance scenarios where you want to +// ensure that clients only send properties that are explicitly documented +// in the OpenAPI specification, regardless of whether additionalProperties +// is set to true. +// +// # Key Features +// +// - Detects undeclared properties in request/response bodies (JSON only) +// - Detects undeclared query parameters, headers, and cookies +// - Supports ignore paths with glob patterns (e.g., "$.body.metadata.*") +// - Handles polymorphic schemas (oneOf/anyOf) via per-branch validation +// - Respects readOnly/writeOnly based on request vs response direction +// - Configurable header ignore list with sensible defaults +// +// # Known Limitations +// +// Property names containing single quotes (e.g., {"it's": "value"}) cannot be +// represented in bracket notation and cannot be matched by ignore patterns. +// Such properties will always be reported as undeclared if not in schema. +// This is acceptable because property names with quotes are extremely rare. +package strict + +import ( + "context" + "fmt" + "log/slog" + "regexp" + + "github.com/pb33f/libopenapi/datamodel/high/base" + "github.com/santhosh-tekuri/jsonschema/v6" + + "github.com/pb33f/libopenapi-validator/config" +) + +// Direction indicates whether validation is for a request or response. +// This affects readOnly/writeOnly handling and Set-Cookie behavior. +type Direction int + +const ( + // DirectionRequest indicates validation of an HTTP request. + // readOnly properties are not expected in request bodies. + DirectionRequest Direction = iota + + // DirectionResponse indicates validation of an HTTP response. + // writeOnly properties are not expected in response bodies. + // Set-Cookie headers are ignored (expected in responses). + DirectionResponse +) + +// String returns a human-readable direction name. +func (d Direction) String() string { + if d == DirectionResponse { + return "response" + } + return "request" +} + +// UndeclaredValue represents a value found in data that is not declared +// in the schema. This is the core output of strict validation. +type UndeclaredValue struct { + // Path is the instance JSONPath where the undeclared value was found. + // uses bracket notation for property names with special characters. + // examples: "$.body.user.extra", "$.body['a.b'].value", "$.query.debug" + Path string + + // Name is the property, parameter, header, or cookie name. + Name string + + // Value is the actual value found (it may be truncated for display). + Value any + + // Type indicates what kind of value this is. + // one of: "property", "header", "query", "cookie", "item" + Type string + + // DeclaredProperties lists property names that ARE declared at this + // location in the schema. Helps users understand what's expected. + // for headers/query/cookies, this lists declared parameter names. + DeclaredProperties []string + + // Direction indicates whether this was in a request or response. + // used for error message disambiguation when Path is "$.body". + Direction Direction + + // SpecLine is the line number in the OpenAPI spec where the parent + // schema is defined. Zero if unavailable. + SpecLine int + + // SpecCol is the column number in the OpenAPI spec where the parent + // schema is defined. Zero if unavailable. + SpecCol int +} + +// extractSchemaLocation extracts the line and column from a schema's low-level +// representation. returns (0, 0) if the schema is nil or has no low-level info. +func extractSchemaLocation(schema *base.Schema) (line, col int) { + if schema == nil { + return 0, 0 + } + low := schema.GoLow() + if low == nil || low.RootNode == nil { + return 0, 0 + } + return low.RootNode.Line, low.RootNode.Column +} + +// newUndeclaredProperty creates an UndeclaredValue for an undeclared object property. +// the schema parameter is the parent schema where the property would need to be declared. +func newUndeclaredProperty(path, name string, value any, declaredNames []string, direction Direction, schema *base.Schema) UndeclaredValue { + line, col := extractSchemaLocation(schema) + return UndeclaredValue{ + Path: path, + Name: name, + Value: TruncateValue(value), + Type: "property", + DeclaredProperties: declaredNames, + Direction: direction, + SpecLine: line, + SpecCol: col, + } +} + +// newUndeclaredParam creates an UndeclaredValue for an undeclared parameter (query/header/cookie). +// note: parameters don't have SpecLine/SpecCol because they're defined in OpenAPI parameter objects, +// not schema objects. the parameter itself is the issue, not a schema definition. +func newUndeclaredParam(path, name string, value any, paramType string, declaredNames []string, direction Direction) UndeclaredValue { + return UndeclaredValue{ + Path: path, + Name: name, + Value: value, + Type: paramType, + DeclaredProperties: declaredNames, + Direction: direction, + } +} + +// newUndeclaredItem creates an UndeclaredValue for an undeclared array item. +func newUndeclaredItem(path, name string, value any, direction Direction) UndeclaredValue { + return UndeclaredValue{ + Path: path, + Name: name, + Value: TruncateValue(value), + Type: "item", + Direction: direction, + } +} + +// Input contains the parameters for strict validation. +type Input struct { + // Schema is the OpenAPI schema to validate against. + Schema *base.Schema + + // Data is the unmarshalled data to validate (from request/response body). + // Should be the result of json.Unmarshal. + Data any + + // Direction indicates request vs response validation. + // affects readOnly/writeOnly and Set-Cookie handling. + Direction Direction + + // Options contains validation configuration including ignore paths. + Options *config.ValidationOptions + + // BasePath is the prefix for generated instance paths. + // typically "$.body" for bodies, "$.query" for query params, etc. + BasePath string + + // Version is the OpenAPI version (3.0 or 3.1). + // affects nullable handling in schema matching. + Version float32 +} + +// Result contains the output of strict validation. +type Result struct { + Valid bool + + // UndeclaredValues lists all undeclared properties, parameters, + // headers, or cookies found during validation. + UndeclaredValues []UndeclaredValue +} + +// cycleKey uniquely identifies a schema at a specific validation path. +// Using a struct key avoids string allocation in the hot path. +type cycleKey struct { + path string + schemaKey string +} + +// traversalContext tracks state during schema traversal to detect cycles +// and limit recursion depth. +type traversalContext struct { + // visited tracks schemas already being validated at specific paths. + // key combines instance path + schema key to allow same schema at different paths. + visited map[cycleKey]bool + + // depth tracks current recursion depth for safety limits. + depth int + + // maxDepth is the maximum allowed recursion depth (default: 100). + maxDepth int + + // direction indicates request vs response for readOnly/writeOnly. + direction Direction + + // ignorePaths are compiled regex patterns for paths to skip. + ignorePaths []*regexp.Regexp + + // path is the current instance path being validated. + path string +} + +// newTraversalContext creates a new context for schema traversal. +func newTraversalContext(direction Direction, ignorePaths []*regexp.Regexp, basePath string) *traversalContext { + return &traversalContext{ + visited: make(map[cycleKey]bool), + depth: 0, + maxDepth: 100, + direction: direction, + ignorePaths: ignorePaths, + path: basePath, + } +} + +// withPath returns a new context with an updated path. +func (c *traversalContext) withPath(path string) *traversalContext { + return &traversalContext{ + visited: c.visited, + depth: c.depth + 1, + maxDepth: c.maxDepth, + direction: c.direction, + ignorePaths: c.ignorePaths, + path: path, + } +} + +// shouldIgnore checks if the current path matches any ignore pattern. +func (c *traversalContext) shouldIgnore() bool { + for _, pattern := range c.ignorePaths { + if pattern.MatchString(c.path) { + return true + } + } + return false +} + +// exceedsDepth checks if we've exceeded the maximum recursion depth. +func (c *traversalContext) exceedsDepth() bool { + return c.depth > c.maxDepth +} + +// checkAndMarkVisited checks if a schema has been visited at the current path. +// Returns true if this is a cycle (already visited), false otherwise. +// If not a cycle, marks the schema as visited. +func (c *traversalContext) checkAndMarkVisited(schemaKey string) bool { + key := cycleKey{path: c.path, schemaKey: schemaKey} + if c.visited[key] { + return true // Cycle detected + } + c.visited[key] = true + return false +} + +// Validator performs strict property validation against OpenAPI schemas. +// It detects any properties present in data that are not explicitly +// declared in the schema, regardless of additionalProperties settings. +// +// A new Validator should be created for each validation call to ensure +// isolation of internal caches and render contexts. +// +// # Cycle Detection +// +// The Validator uses two distinct cycle detection mechanisms: +// +// 1. traversalContext.visited: Tracks visited (path, schemaKey) combinations +// during the main validation traversal. This prevents infinite recursion +// when the same schema is encountered at the same instance path. The key +// uses a struct for zero-allocation lookups in the hot path. +// +// 2. renderCtx (InlineRenderContext): libopenapi's built-in cycle detection +// for schema rendering. This is used when compiling schemas for oneOf/anyOf +// variant matching. It operates at the schema reference level rather than +// instance path level. +// +// These mechanisms serve complementary purposes: visited tracks data traversal +// while renderCtx tracks schema resolution during compilation. +type Validator struct { + options *config.ValidationOptions + logger *slog.Logger + + // localCache stores compiled schemas for reuse within this validation. + // ley is schema hash (as string for map compatibility), value is compiled jsonschema. + localCache map[string]*jsonschema.Schema + + // patternCache stores compiled regex patterns for patternProperties. + // key is the pattern string, value is the compiled regex. + patternCache map[string]*regexp.Regexp + + // renderCtx is used for safe schema rendering with cycle detection. + // see Validator doc comment for how this relates to traversalContext.visited. + renderCtx *base.InlineRenderContext + + // version is the OpenAPI version (3.0 or 3.1). + version float32 + + // compiledIgnorePaths are the pre-compiled regex patterns. + compiledIgnorePaths []*regexp.Regexp +} + +// NewValidator creates a fresh validator for a single validation call. +// The validator should not be reused across concurrent requests. +// Uses the logger from options if available, otherwise logging is silent. +func NewValidator(options *config.ValidationOptions, version float32) *Validator { + var logger *slog.Logger + if options != nil && options.Logger != nil { + logger = options.Logger + } else { + // create a no-op logger that discards all output + logger = slog.New(discardHandler{}) + } + + v := &Validator{ + options: options, + logger: logger, + localCache: make(map[string]*jsonschema.Schema), + patternCache: make(map[string]*regexp.Regexp), + renderCtx: base.NewInlineRenderContext(), + version: version, + } + + if options != nil { + v.compiledIgnorePaths = compileIgnorePaths(options.StrictIgnorePaths) + } + + return v +} + +// discardHandler is a slog.Handler that discards all log records. +type discardHandler struct{} + +func (discardHandler) Enabled(context.Context, slog.Level) bool { return false } +func (discardHandler) Handle(context.Context, slog.Record) error { return nil } +func (d discardHandler) WithAttrs([]slog.Attr) slog.Handler { return d } +func (d discardHandler) WithGroup(string) slog.Handler { return d } + +// matchesIgnorePath checks if a path matches any pre-compiled ignore pattern. +func (v *Validator) matchesIgnorePath(path string) bool { + for _, pattern := range v.compiledIgnorePaths { + if pattern.MatchString(path) { + return true + } + } + return false +} + +// getCompiledPattern returns a cached compiled regex for a pattern string. +// If the pattern is not in the cache, it compiles and caches it. +// Returns nil if the pattern is invalid. +func (v *Validator) getCompiledPattern(pattern string) *regexp.Regexp { + if cached, ok := v.patternCache[pattern]; ok { + return cached + } + + compiled, err := regexp.Compile(pattern) + if err != nil { + return nil + } + + v.patternCache[pattern] = compiled + return compiled +} + +// getSchemaKey returns a unique key for a schema used in cycle detection. +// Uses the schema's low-level hash if available, otherwise the pointer address. +func (v *Validator) getSchemaKey(schema *base.Schema) string { + if schema == nil { + return "" + } + if low := schema.GoLow(); low != nil { + hash := low.Hash() + return fmt.Sprintf("%x", hash) // uint64 hash as hex string + } + // fallback to pointer address for inline schemas without low-level info + return fmt.Sprintf("%p", schema) +} diff --git a/strict/types_test.go b/strict/types_test.go new file mode 100644 index 00000000..fcd30916 --- /dev/null +++ b/strict/types_test.go @@ -0,0 +1,127 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package strict + +import ( + "testing" + + "github.com/pb33f/libopenapi" + "github.com/pb33f/libopenapi/datamodel/high/base" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestExtractSchemaLocation_NilSchema(t *testing.T) { + line, col := extractSchemaLocation(nil) + assert.Equal(t, 0, line) + assert.Equal(t, 0, col) +} + +func TestExtractSchemaLocation_WithValidSchema(t *testing.T) { + spec := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: + /test: + get: + responses: + "200": + description: OK + content: + application/json: + schema: + type: object + properties: + name: + type: string` + + doc, err := libopenapi.NewDocument([]byte(spec)) + require.NoError(t, err) + + model, errs := doc.BuildV3Model() + require.Empty(t, errs) + + schema := model.Model.Paths.PathItems.GetOrZero("/test").Get.Responses.Codes.GetOrZero("200").Content.GetOrZero("application/json").Schema.Schema() + require.NotNil(t, schema) + + line, col := extractSchemaLocation(schema) + // The schema starts at line 14 (type: object) + assert.Greater(t, line, 0, "line should be greater than 0") + assert.Greater(t, col, 0, "col should be greater than 0") +} + +func TestExtractSchemaLocation_SchemaWithNilGoLow(t *testing.T) { + // Create a high-level schema programmatically (no GoLow()) + // This covers types.go:108 where low == nil + schema := &base.Schema{ + Type: []string{"object"}, + } + + // GoLow() returns nil for programmatically created schemas + require.Nil(t, schema.GoLow()) + + line, col := extractSchemaLocation(schema) + assert.Equal(t, 0, line) + assert.Equal(t, 0, col) +} + +func TestNewUndeclaredProperty_WithLocation(t *testing.T) { + spec := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: + /test: + post: + requestBody: + content: + application/json: + schema: + type: object + properties: + name: + type: string` + + doc, err := libopenapi.NewDocument([]byte(spec)) + require.NoError(t, err) + + model, errs := doc.BuildV3Model() + require.Empty(t, errs) + + schema := model.Model.Paths.PathItems.GetOrZero("/test").Post.RequestBody.Content.GetOrZero("application/json").Schema.Schema() + require.NotNil(t, schema) + + undeclared := newUndeclaredProperty( + "$.body.extra", + "extra", + "value", + []string{"name"}, + DirectionRequest, + schema, + ) + + assert.Equal(t, "$.body.extra", undeclared.Path) + assert.Equal(t, "extra", undeclared.Name) + assert.Equal(t, "property", undeclared.Type) + assert.Greater(t, undeclared.SpecLine, 0, "SpecLine should be set") + assert.Greater(t, undeclared.SpecCol, 0, "SpecCol should be set") +} + +func TestNewUndeclaredProperty_WithNilSchema(t *testing.T) { + undeclared := newUndeclaredProperty( + "$.body.extra", + "extra", + "value", + []string{"name"}, + DirectionRequest, + nil, // nil schema + ) + + assert.Equal(t, "$.body.extra", undeclared.Path) + assert.Equal(t, "extra", undeclared.Name) + assert.Equal(t, "property", undeclared.Type) + assert.Equal(t, 0, undeclared.SpecLine, "SpecLine should be 0 for nil schema") + assert.Equal(t, 0, undeclared.SpecCol, "SpecCol should be 0 for nil schema") +} diff --git a/strict/utils.go b/strict/utils.go new file mode 100644 index 00000000..5bdc4c96 --- /dev/null +++ b/strict/utils.go @@ -0,0 +1,161 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package strict + +import ( + "regexp" + "strconv" + "strings" +) + +// buildPath creates an instance path by appending a property name to a base path. +// Property names containing dots or brackets use bracket notation for clarity. +// +// Examples: +// - buildPath("$.body", "name") → "$.body.name" +// - buildPath("$.body", "a.b") → "$.body['a.b']" +// - buildPath("$.body", "x[0]") → "$.body['x[0]']" +func buildPath(base, propName string) string { + if needsBracketNotation(propName) { + return base + "['" + propName + "']" + } + return base + "." + propName +} + +// needsBracketNotation returns true if a property name contains characters +// that require bracket notation (dots, brackets). +func needsBracketNotation(name string) bool { + return strings.ContainsAny(name, ".[]") +} + +// buildArrayPath creates an instance path for an array element. +func buildArrayPath(base string, index int) string { + return base + "[" + strconv.Itoa(index) + "]" +} + +// compileIgnorePaths converts glob patterns to compiled regular expressions. +// Supports: +// - * matches single path segment (no dots or brackets) +// - ** matches any depth (zero or more segments) +// - [*] matches any array index +// - \* escapes literal asterisk +// - \*\* escapes literal double-asterisk +func compileIgnorePaths(patterns []string) []*regexp.Regexp { + if len(patterns) == 0 { + return nil + } + + compiled := make([]*regexp.Regexp, 0, len(patterns)) + for _, pattern := range patterns { + re := compilePattern(pattern) + if re != nil { + compiled = append(compiled, re) + } + } + return compiled +} + +// compilePattern converts a single glob pattern to a regular expression. +func compilePattern(pattern string) *regexp.Regexp { + if pattern == "" { + return nil + } + + var b strings.Builder + b.WriteString("^") + + i := 0 + for i < len(pattern) { + c := pattern[i] + + // handle escape sequences + if c == '\\' && i+1 < len(pattern) { + next := pattern[i+1] + if next == '*' { + // check for escaped ** + if i+2 < len(pattern) && pattern[i+2] == '\\' && i+3 < len(pattern) && pattern[i+3] == '*' { + b.WriteString(`\*\*`) + i += 4 + continue + } + // escaped single * + b.WriteString(`\*`) + i += 2 + continue + } + // other escape - include literally + b.WriteString(regexp.QuoteMeta(string(next))) + i += 2 + continue + } + + // handle ** (any depth) + if c == '*' && i+1 < len(pattern) && pattern[i+1] == '*' { + // ** matches any sequence of segments including none + b.WriteString(`.*`) + i += 2 + continue + } + + // handle single * (single segment) + if c == '*' { + // * matches single path segment (no dots or brackets) + b.WriteString(`[^.\[\]]+`) + i++ + continue + } + + // handle [*] (any array index) + if c == '[' && i+2 < len(pattern) && pattern[i+1] == '*' && pattern[i+2] == ']' { + b.WriteString(`\[\d+\]`) + i += 3 + continue + } + + // handle special regex characters + switch c { + case '.', '[', ']', '(', ')', '{', '}', '+', '?', '^', '$', '|': + b.WriteString(`\`) + b.WriteByte(c) + default: + b.WriteByte(c) + } + i++ + } + + b.WriteString("$") + + re, _ := regexp.Compile(b.String()) + return re +} + +// TruncateValue creates a display-friendly version of a value. +// Long strings are truncated, complex objects show type info. +// This is exported for use in error messages. +func TruncateValue(v any) any { + switch val := v.(type) { + case string: + if len(val) > 50 { + return val[:47] + "..." + } + return val + case map[string]any: + if len(val) > 3 { + return "{...}" + } + return val + case []any: + if len(val) > 3 { + return "[...]" + } + return val + default: + return v + } +} + +// truncateValue is an internal alias for TruncateValue. +func truncateValue(v any) any { + return TruncateValue(v) +} diff --git a/strict/utils_test.go b/strict/utils_test.go new file mode 100644 index 00000000..cdf4be17 --- /dev/null +++ b/strict/utils_test.go @@ -0,0 +1,134 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package strict + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestCompilePattern_EscapedDoubleAsterisk(t *testing.T) { + // Pattern \*\* should match literal "**" in path (lines 78-80) + // This escapes the glob ** so it matches the literal string ** + re := compilePattern(`$.body.\*\*`) + assert.NotNil(t, re) + + // Should match literal ** in path + assert.True(t, re.MatchString("$.body.**")) + + // Should NOT match arbitrary depth (that's what unescaped ** does) + assert.False(t, re.MatchString("$.body.foo.bar")) +} + +func TestCompilePattern_EscapedNonAsterisk(t *testing.T) { + // Pattern with escaped character that's not * (lines 88-90) + // \n should match literal 'n', \. should match literal '.' + re := compilePattern(`$.body\nvalue`) + assert.NotNil(t, re) + + // Should match with literal 'n' (the escape just includes the next char) + assert.True(t, re.MatchString("$.bodynvalue")) +} + +func TestCompilePattern_EscapedDot(t *testing.T) { + // Escaped dot should be literal dot + re := compilePattern(`$.body\.name`) + assert.NotNil(t, re) + + // Should match path with literal dot + assert.True(t, re.MatchString("$.body.name")) +} + +func TestCompilePattern_Empty(t *testing.T) { + // Empty pattern returns nil + re := compilePattern("") + assert.Nil(t, re) +} + +func TestBuildPath_WithDot(t *testing.T) { + // Property with dot uses bracket notation + result := buildPath("$.body", "a.b") + assert.Equal(t, "$.body['a.b']", result) +} + +func TestBuildPath_WithBrackets(t *testing.T) { + // Property with brackets uses bracket notation + result := buildPath("$.body", "x[0]") + assert.Equal(t, "$.body['x[0]']", result) +} + +func TestBuildPath_Simple(t *testing.T) { + // Simple property uses dot notation + result := buildPath("$.body", "name") + assert.Equal(t, "$.body.name", result) +} + +func TestBuildArrayPath(t *testing.T) { + result := buildArrayPath("$.body.items", 5) + assert.Equal(t, "$.body.items[5]", result) +} + +func TestCompileIgnorePaths_Empty(t *testing.T) { + result := compileIgnorePaths(nil) + assert.Nil(t, result) + + result = compileIgnorePaths([]string{}) + assert.Nil(t, result) +} + +func TestCompileIgnorePaths_WithPatterns(t *testing.T) { + patterns := []string{ + "$.body.metadata", + "$.body.items[*].internal", + } + result := compileIgnorePaths(patterns) + assert.Len(t, result, 2) +} + +func TestTruncateValue_LongString(t *testing.T) { + // String > 50 chars gets truncated + longStr := "this is a very long string that exceeds fifty characters in length" + result := TruncateValue(longStr) + assert.Equal(t, "this is a very long string that exceeds fifty c...", result) +} + +func TestTruncateValue_ShortString(t *testing.T) { + shortStr := "short" + result := TruncateValue(shortStr) + assert.Equal(t, "short", result) +} + +func TestTruncateValue_LargeMap(t *testing.T) { + // Map with > 3 keys shows {...} + m := map[string]any{"a": 1, "b": 2, "c": 3, "d": 4} + result := TruncateValue(m) + assert.Equal(t, "{...}", result) +} + +func TestTruncateValue_SmallMap(t *testing.T) { + m := map[string]any{"a": 1, "b": 2} + result := TruncateValue(m) + assert.Equal(t, m, result) +} + +func TestTruncateValue_LargeSlice(t *testing.T) { + // Slice with > 3 elements shows [...] + s := []any{1, 2, 3, 4} + result := TruncateValue(s) + assert.Equal(t, "[...]", result) +} + +func TestTruncateValue_SmallSlice(t *testing.T) { + s := []any{1, 2} + result := TruncateValue(s) + assert.Equal(t, s, result) +} + +func TestTruncateValue_OtherTypes(t *testing.T) { + // Other types returned as-is + assert.Equal(t, 42, TruncateValue(42)) + assert.Equal(t, true, TruncateValue(true)) + assert.Equal(t, 3.14, TruncateValue(3.14)) +} diff --git a/strict/validator.go b/strict/validator.go new file mode 100644 index 00000000..1917eff9 --- /dev/null +++ b/strict/validator.go @@ -0,0 +1,258 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package strict + +import ( + "net/http" + "strings" + + "github.com/pb33f/libopenapi/datamodel/high/base" + v3 "github.com/pb33f/libopenapi/datamodel/high/v3" + + "github.com/pb33f/libopenapi-validator/config" +) + +// Validate performs strict validation on the input data against the schema. +// This is the main entry point for body validation. +// +// It detects undeclared properties even when additionalProperties: true +// would normally allow them. This is useful for API governance scenarios +// where you want to ensure clients only send explicitly documented properties. +func (v *Validator) Validate(input Input) *Result { + result := &Result{Valid: true} + + if input.Schema == nil || input.Data == nil { + return result + } + + ctx := newTraversalContext(input.Direction, v.compiledIgnorePaths, input.BasePath) + + undeclared := v.validateValue(ctx, input.Schema, input.Data) + + if len(undeclared) > 0 { + result.Valid = false + result.UndeclaredValues = undeclared + } + + return result +} + +// ValidateBody is a convenience method for validating request/response bodies. +func ValidateBody(schema *base.Schema, data any, direction Direction, options *config.ValidationOptions, version float32) *Result { + v := NewValidator(options, version) + return v.Validate(Input{ + Schema: schema, + Data: data, + Direction: direction, + Options: options, + BasePath: "$.body", + Version: version, + }) +} + +// ValidateQueryParams checks for undeclared query parameters in an HTTP request. +// It compares the query parameters present in the request against those +// declared in the OpenAPI operation. +func ValidateQueryParams( + request *http.Request, + declaredParams []*v3.Parameter, + options *config.ValidationOptions, +) []UndeclaredValue { + if request == nil || options == nil || !options.StrictMode { + return nil + } + + v := NewValidator(options, 3.2) + + // build set of declared query params (case-sensitive) + declared := make(map[string]bool) + for _, param := range declaredParams { + if param.In == "query" { + declared[param.Name] = true + } + } + + var undeclared []UndeclaredValue + + // check each query parameter in the request + for paramName := range request.URL.Query() { + if !declared[paramName] { + // build path using proper notation for special characters + path := buildPath("$.query", paramName) + if v.matchesIgnorePath(path) { + continue + } + + undeclared = append(undeclared, + newUndeclaredParam(path, paramName, request.URL.Query().Get(paramName), "query", getParamNames(declaredParams, "query"), DirectionRequest)) + } + } + + return undeclared +} + +// ValidateRequestHeaders checks for undeclared headers in an HTTP request. +// Header names are normalized to lowercase for path generation and pattern matching. +// +// The securityHeaders parameter contains header names that are valid due to security +// scheme definitions (e.g., "X-API-Key" for apiKey schemes, "Authorization" for +// http/oauth2/openIdConnect schemes). These headers are considered "declared" even +// though they don't appear in the operation's parameters array. +func ValidateRequestHeaders( + headers http.Header, + declaredParams []*v3.Parameter, + securityHeaders []string, + options *config.ValidationOptions, +) []UndeclaredValue { + if headers == nil || options == nil || !options.StrictMode { + return nil + } + + v := NewValidator(options, 3.2) + + // build set of declared headers (case-insensitive) + declared := make(map[string]bool) + for _, param := range declaredParams { + if param.In == "header" { + declared[strings.ToLower(param.Name)] = true + } + } + + // add security scheme headers (case-insensitive) + for _, h := range securityHeaders { + declared[strings.ToLower(h)] = true + } + + var undeclared []UndeclaredValue + + // check each header + for headerName := range headers { + lowerName := strings.ToLower(headerName) + + // skip if declared (via parameters or security schemes) + if declared[lowerName] { + continue + } + + // skip if in ignored headers list + if v.isHeaderIgnored(headerName, DirectionRequest) { + continue + } + + // build path using lowercase name for case-insensitive pattern matching + path := buildPath("$.headers", lowerName) + if v.matchesIgnorePath(path) { + continue + } + + undeclared = append(undeclared, + newUndeclaredParam(path, headerName, headers.Get(headerName), "header", getParamNames(declaredParams, "header"), DirectionRequest)) + } + + return undeclared +} + +// ValidateCookies checks for undeclared cookies in an HTTP request. +func ValidateCookies( + request *http.Request, + declaredParams []*v3.Parameter, + options *config.ValidationOptions, +) []UndeclaredValue { + if request == nil || options == nil || !options.StrictMode { + return nil + } + + v := NewValidator(options, 3.2) + + // build set of declared cookies + declared := make(map[string]bool) + for _, param := range declaredParams { + if param.In == "cookie" { + declared[param.Name] = true + } + } + + var undeclared []UndeclaredValue + + // check each cookie in the request + for _, cookie := range request.Cookies() { + if !declared[cookie.Name] { + // build path using proper notation for special characters + path := buildPath("$.cookies", cookie.Name) + if v.matchesIgnorePath(path) { + continue + } + + undeclared = append(undeclared, + newUndeclaredParam(path, cookie.Name, cookie.Value, "cookie", getParamNames(declaredParams, "cookie"), DirectionRequest)) + } + } + + return undeclared +} + +// getParamNames extracts parameter names of a specific type. +func getParamNames(params []*v3.Parameter, paramType string) []string { + var names []string + for _, param := range params { + if param.In == paramType { + names = append(names, param.Name) + } + } + return names +} + +// ValidateResponseHeaders checks for undeclared headers in an HTTP response. +// Uses the declared headers from the OpenAPI response object. +// Header names are normalized to lowercase for path generation and pattern matching. +func ValidateResponseHeaders( + headers http.Header, + declaredHeaders *map[string]*v3.Header, + options *config.ValidationOptions, +) []UndeclaredValue { + if headers == nil || options == nil || !options.StrictMode { + return nil + } + + v := NewValidator(options, 3.2) + + // build set of declared headers (case-insensitive) + declared := make(map[string]bool) + if declaredHeaders != nil { + for name := range *declaredHeaders { + declared[strings.ToLower(name)] = true + } + } + + var undeclared []UndeclaredValue + var declaredNames []string + if declaredHeaders != nil { + for name := range *declaredHeaders { + declaredNames = append(declaredNames, name) + } + } + + for headerName := range headers { + lowerName := strings.ToLower(headerName) + + if declared[lowerName] { + continue + } + + if v.isHeaderIgnored(headerName, DirectionResponse) { + continue + } + + // build path using lowercase name for case-insensitive pattern matching + path := buildPath("$.headers", lowerName) + if v.matchesIgnorePath(path) { + continue + } + + undeclared = append(undeclared, + newUndeclaredParam(path, headerName, headers.Get(headerName), "header", declaredNames, DirectionResponse)) + } + + return undeclared +} diff --git a/strict/validator_test.go b/strict/validator_test.go new file mode 100644 index 00000000..c4abfaba --- /dev/null +++ b/strict/validator_test.go @@ -0,0 +1,6185 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package strict + +import ( + "context" + "log/slog" + "net/http" + "testing" + + "github.com/pb33f/libopenapi" + "github.com/pb33f/libopenapi/datamodel/high/base" + v3 "github.com/pb33f/libopenapi/datamodel/high/v3" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + libcache "github.com/pb33f/libopenapi-validator/cache" + "github.com/pb33f/libopenapi-validator/config" + "github.com/pb33f/libopenapi-validator/helpers" +) + +// Helper to build a schema from YAML +func buildSchemaFromYAML(t *testing.T, yml string) *libopenapi.DocumentModel[v3.Document] { + doc, err := libopenapi.NewDocument([]byte(yml)) + require.NoError(t, err) + model, errs := doc.BuildV3Model() + require.Empty(t, errs) + return model +} + +// Helper to get schema +func getSchema(t *testing.T, model *libopenapi.DocumentModel[v3.Document], name string) *base.Schema { + schemaProxy := model.Model.Components.Schemas.GetOrZero(name) + require.NotNil(t, schemaProxy) + schema := schemaProxy.Schema() + require.NotNil(t, schema) + return schema +} + +func TestStrictValidator_SimpleUndeclaredProperty(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + name: + type: string + age: + type: integer +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with undeclared property + data := map[string]any{ + "name": "John", + "age": 30, + "extra": "undeclared", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) + assert.Equal(t, "$.body.extra", result.UndeclaredValues[0].Path) +} + +func TestStrictValidator_AllPropertiesDeclared(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + name: + type: string + age: + type: integer +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with only declared properties + data := map[string]any{ + "name": "John", + "age": 30, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_NestedObjects(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + name: + type: string + address: + type: object + properties: + street: + type: string + city: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with undeclared nested property + data := map[string]any{ + "name": "John", + "address": map[string]any{ + "street": "123 Main St", + "city": "Anytown", + "zipcode": "12345", // undeclared + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "zipcode", result.UndeclaredValues[0].Name) + assert.Equal(t, "$.body.address.zipcode", result.UndeclaredValues[0].Path) +} + +func TestStrictValidator_ArrayOfObjects(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Users: + type: array + items: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Users") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with undeclared property in array item + data := []any{ + map[string]any{ + "name": "John", + "extra": "undeclared", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_IgnorePaths(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body.metadata.*"), + ) + v := NewValidator(opts, 3.1) + + // Test that ignored path is not reported + data := map[string]any{ + "name": "John", + "metadata": map[string]any{ + "custom": "value", // Should be ignored + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // metadata itself is undeclared, but its children should be ignored + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "metadata", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_AdditionalPropertiesFalse(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + additionalProperties: false + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // additionalProperties: false means base validation catches this + // strict mode should NOT report (would be redundant) + data := map[string]any{ + "name": "John", + "extra": "undeclared", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // strict should NOT report this since additionalProperties: false + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_AdditionalPropertiesWithSchema(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + name: + type: string + additionalProperties: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // additionalProperties with schema means extra properties are allowed + // but strict should still report them (they're not in explicit schema) + data := map[string]any{ + "name": "John", + "extra": "valid string", // Matches additionalProperties schema + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // strict should report "extra" as undeclared even though it's valid + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_PatternProperties(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Config: + type: object + properties: + name: + type: string + patternProperties: + "^x-.*$": + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Config") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Properties matching patternProperties should be considered declared + data := map[string]any{ + "name": "myconfig", + "x-custom": "extension value", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // x-custom matches the pattern, so it should be considered declared + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestBuildPath(t *testing.T) { + tests := []struct { + base string + propName string + expected string + }{ + {"$.body", "name", "$.body.name"}, + {"$.body", "a.b", "$.body['a.b']"}, + {"$.body", "x[0]", "$.body['x[0]']"}, + {"$.body.user", "email", "$.body.user.email"}, + } + + for _, tt := range tests { + t.Run(tt.propName, func(t *testing.T) { + result := buildPath(tt.base, tt.propName) + assert.Equal(t, tt.expected, result) + }) + } +} + +func TestCompilePattern(t *testing.T) { + tests := []struct { + pattern string + input string + matches bool + }{ + // Single segment wildcard + {"$.body.metadata.*", "$.body.metadata.custom", true}, + {"$.body.metadata.*", "$.body.metadata.custom.nested", false}, + + // Double wildcard (any depth) + {"$.body.**", "$.body.a.b.c", true}, + {"$.body.**.x-*", "$.body.deep.nested.x-custom", true}, + + // Array index wildcard + {"$.body.items[*].name", "$.body.items[0].name", true}, + {"$.body.items[*].name", "$.body.items[999].name", true}, + + // Escaped asterisk + {"$.body.\\*", "$.body.*", true}, + {"$.body.\\*", "$.body.anything", false}, + } + + for _, tt := range tests { + t.Run(tt.pattern, func(t *testing.T) { + re := compilePattern(tt.pattern) + if re == nil { + t.Fatalf("Failed to compile pattern: %s", tt.pattern) + } + result := re.MatchString(tt.input) + assert.Equal(t, tt.matches, result, "Pattern: %s, Input: %s", tt.pattern, tt.input) + }) + } +} + +func TestDirection_String(t *testing.T) { + assert.Equal(t, "request", DirectionRequest.String()) + assert.Equal(t, "response", DirectionResponse.String()) +} + +func TestIsHeaderIgnored(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Standard headers should be ignored + assert.True(t, v.isHeaderIgnored("Content-Type", DirectionRequest)) + assert.True(t, v.isHeaderIgnored("content-type", DirectionRequest)) + assert.True(t, v.isHeaderIgnored("Authorization", DirectionRequest)) + + // Set-Cookie is direction-aware + assert.True(t, v.isHeaderIgnored("Set-Cookie", DirectionResponse)) + assert.False(t, v.isHeaderIgnored("Set-Cookie", DirectionRequest)) + + // Custom headers should not be ignored + assert.False(t, v.isHeaderIgnored("X-Custom-Header", DirectionRequest)) +} + +func TestWithStrictIgnoredHeaders(t *testing.T) { + // Replace defaults entirely + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnoredHeaders("X-Only-This"), + ) + v := NewValidator(opts, 3.1) + + // Standard headers are NOT ignored anymore + assert.False(t, v.isHeaderIgnored("Content-Type", DirectionRequest)) + + // Only our custom header is ignored + assert.True(t, v.isHeaderIgnored("X-Only-This", DirectionRequest)) +} + +func TestWithStrictIgnoredHeadersExtra(t *testing.T) { + // Add to defaults + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnoredHeadersExtra("X-Custom-Extra"), + ) + v := NewValidator(opts, 3.1) + + // Standard headers are still ignored + assert.True(t, v.isHeaderIgnored("Content-Type", DirectionRequest)) + + // Our custom header is also ignored + assert.True(t, v.isHeaderIgnored("X-Custom-Extra", DirectionRequest)) +} + +func TestTruncateValue(t *testing.T) { + // Short string unchanged + assert.Equal(t, "hello", truncateValue("hello")) + + // Long string truncated + longStr := "this is a very long string that should be truncated" + result := truncateValue(longStr).(string) + assert.True(t, len(result) <= 50) + assert.Contains(t, result, "...") + + // Map truncated + bigMap := map[string]any{"a": 1, "b": 2, "c": 3, "d": 4} + assert.Equal(t, "{...}", truncateValue(bigMap)) + + // Slice truncated + bigSlice := []any{1, 2, 3, 4} + assert.Equal(t, "[...]", truncateValue(bigSlice)) +} + +func TestStrictValidator_PolymorphicPatternProperties(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Edge + version: "1.0" +paths: {} +components: + schemas: + VariantA: + type: object + required: + - kind + properties: + kind: + type: string + aProp: + type: string + Root: + type: object + discriminator: + propertyName: kind + oneOf: + - $ref: "#/components/schemas/VariantA" + patternProperties: + "^x-.*$": + type: object + properties: + id: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Root") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + data := map[string]any{ + "kind": "VariantA", + "aProp": "ok", + "x-foo": map[string]any{ + "id": "1", + "extra": "nope", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + require.False(t, result.Valid) + require.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) + assert.Equal(t, "$.body.x-foo.extra", result.UndeclaredValues[0].Path) +} + +func TestStrictValidator_ReusedSchemaDifferentPaths(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Edge + version: "1.0" +paths: {} +components: + schemas: + Node: + type: object + properties: + id: + type: string + Root: + type: object + properties: + left: + $ref: "#/components/schemas/Node" + right: + $ref: "#/components/schemas/Node" +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Root") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + data := map[string]any{ + "left": map[string]any{ + "id": "1", + "extra": "nope", + }, + "right": map[string]any{ + "id": "2", + "extra": "nope", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + require.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 2) +} + +func TestStrictValidator_UnevaluatedItemsOnly(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Edge + version: "1.0" +paths: {} +components: + schemas: + Items: + type: array + unevaluatedItems: + type: object + properties: + id: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Items") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + data := []any{ + map[string]any{ + "id": "1", + "extra": "nope", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + require.False(t, result.Valid) + require.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "$.body[0].extra", result.UndeclaredValues[0].Path) +} + +func TestStrictValidator_HeaderIgnorePathsCase(t *testing.T) { + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.headers.x-trace"), + ) + + headers := http.Header{ + "X-Trace": {"abc"}, + } + + undeclared := ValidateRequestHeaders(headers, nil, nil, opts) + assert.Empty(t, undeclared) +} + +func TestStrictValidator_OneOfWithParentProperties(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + id: + type: string + oneOf: + - properties: + name: + type: string + - properties: + title: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with parent property "id" + oneOf variant property "name" + // Both should be considered declared + data := map[string]any{ + "id": "123", + "name": "John", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // id is from parent, name is from oneOf variant - both should be declared + assert.True(t, result.Valid, "Parent + oneOf variant properties should be valid") + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_AnyOfWithParentProperties(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + id: + type: string + anyOf: + - properties: + name: + type: string + - properties: + title: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with parent property "id" + anyOf variant property "name" + data := map[string]any{ + "id": "123", + "name": "John", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // id is from parent, name is from anyOf variant - both should be declared + assert.True(t, result.Valid, "Parent + anyOf variant properties should be valid") + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_OneOfWithUndeclaredProperty(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + id: + type: string + oneOf: + - properties: + name: + type: string + - properties: + title: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with undeclared property "extra" + data := map[string]any{ + "id": "123", + "name": "John", + "extra": "undeclared", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // "extra" is not in parent or variant - should be reported as undeclared + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_PatternPropertiesWithAdditionalPropertiesFalse(t *testing.T) { + // This tests that patternProperties are recursed into even when + // additionalProperties: false (which short-circuits to recurseIntoDeclaredProperties) + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Config: + type: object + additionalProperties: false + properties: + name: + type: string + patternProperties: + "^x-": + type: object + properties: + id: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Config") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with pattern property that has undeclared nested property + data := map[string]any{ + "name": "test", + "x-custom": map[string]any{ + "id": "123", + "extra": "undeclared nested field", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // "extra" inside x-custom should be reported as undeclared + // This verifies patternProperties are recursed into even with additionalProperties: false + assert.False(t, result.Valid, "Should report undeclared nested property in patternProperties") + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) + assert.Equal(t, "$.body.x-custom.extra", result.UndeclaredValues[0].Path) +} + +func TestStrictValidator_PatternPropertiesInOneOf(t *testing.T) { + // This tests that patternProperties in oneOf/anyOf variants are recursed into + // to find undeclared properties in nested objects. + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Container: + type: object + properties: + type: + type: string + oneOf: + - properties: + type: + const: "dynamic" + patternProperties: + "^x-": + type: object + properties: + value: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Container") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with undeclared property inside pattern-matched nested object + data := map[string]any{ + "type": "dynamic", + "x-custom": map[string]any{ + "value": "hello", + "undeclared": "should be caught", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // "undeclared" inside x-custom should be reported + assert.False(t, result.Valid, "Should report undeclared property in pattern-matched object") + require.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "undeclared", result.UndeclaredValues[0].Name) + assert.Equal(t, "$.body.x-custom.undeclared", result.UndeclaredValues[0].Path) +} + +func TestStrictValidator_CycleDetection(t *testing.T) { + // This tests that circular schema references don't cause infinite recursion. + // The cycle detection should stop validation of the same schema at the same path. + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Node: + type: object + properties: + name: + type: string + child: + $ref: "#/components/schemas/Node" +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Node") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with deeply nested data that reuses the same schema + data := map[string]any{ + "name": "root", + "child": map[string]any{ + "name": "level1", + "child": map[string]any{ + "name": "level2", + "extra": "undeclared at level2", + }, + }, + "extra": "undeclared at root", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Should find undeclared properties at multiple levels + assert.False(t, result.Valid) + assert.GreaterOrEqual(t, len(result.UndeclaredValues), 2, "Should find undeclared at multiple levels") + + // Verify both undeclared properties were found + var foundRoot, foundLevel2 bool + for _, u := range result.UndeclaredValues { + if u.Path == "$.body.extra" { + foundRoot = true + } + if u.Path == "$.body.child.child.extra" { + foundLevel2 = true + } + } + assert.True(t, foundRoot, "Should find undeclared at root level") + assert.True(t, foundLevel2, "Should find undeclared at nested level") +} + +func TestStrictValidator_CycleDetectionDoesNotBlockDifferentPaths(t *testing.T) { + // Tests that the same schema can be validated at different paths. + // Cycle detection uses path+schemaRef, so same schema at different paths should work. + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Container: + type: object + properties: + left: + $ref: "#/components/schemas/Item" + right: + $ref: "#/components/schemas/Item" + Item: + type: object + properties: + id: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Container") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with undeclared properties in both left and right + data := map[string]any{ + "left": map[string]any{ + "id": "1", + "extraLeft": "undeclared in left", + }, + "right": map[string]any{ + "id": "2", + "extraRight": "undeclared in right", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Should find undeclared in both left and right + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 2, "Should find undeclared in both branches") + + var foundLeft, foundRight bool + for _, u := range result.UndeclaredValues { + if u.Name == "extraLeft" { + foundLeft = true + } + if u.Name == "extraRight" { + foundRight = true + } + } + assert.True(t, foundLeft, "Should find undeclared in left branch") + assert.True(t, foundRight, "Should find undeclared in right branch") +} + +func TestValidateBody_UndeclaredProperty(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + name: + type: string + age: + type: integer +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + + data := map[string]any{ + "name": "John", + "age": 30, + "extra": "undeclared", + } + + result := ValidateBody(schema, data, DirectionRequest, opts, 3.1) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) + assert.Equal(t, "$.body.extra", result.UndeclaredValues[0].Path) +} + +func TestValidateBody_AllPropertiesDeclared(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + name: + type: string + age: + type: integer +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + + data := map[string]any{ + "name": "John", + "age": 30, + } + + result := ValidateBody(schema, data, DirectionResponse, opts, 3.1) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestValidateBody_NilInputs(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + + // nil schema + result := ValidateBody(nil, map[string]any{"foo": "bar"}, DirectionRequest, opts, 3.1) + assert.True(t, result.Valid) + + // nil data + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + result = ValidateBody(schema, nil, DirectionRequest, opts, 3.1) + assert.True(t, result.Valid) +} + +// ============== allOf tests ============== + +func TestStrictValidator_AllOf_Simple(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Base: + type: object + properties: + id: + type: string + Extended: + allOf: + - $ref: "#/components/schemas/Base" + - type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Extended") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Both id (from Base) and name (from inline) should be declared + data := map[string]any{ + "id": "123", + "name": "Test", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_AllOf_WithUndeclared(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Base: + type: object + properties: + id: + type: string + Extended: + allOf: + - $ref: "#/components/schemas/Base" + - type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Extended") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // extra is not in any allOf schema + data := map[string]any{ + "id": "123", + "name": "Test", + "extra": "undeclared", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_AllOf_WithAdditionalPropertiesFalse(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Extended: + allOf: + - type: object + additionalProperties: false + properties: + id: + type: string + - type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Extended") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // When any allOf has additionalProperties: false, skip strict + data := map[string]any{ + "id": "123", + "name": "Test", + "extra": "would normally be undeclared", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // additionalProperties: false means base validation handles this + assert.True(t, result.Valid) +} + +func TestStrictValidator_AllOf_WithNestedObjects(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Address: + type: object + properties: + street: + type: string + Extended: + allOf: + - type: object + properties: + id: + type: string + - type: object + properties: + address: + $ref: "#/components/schemas/Address" +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Extended") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Undeclared nested property in address + data := map[string]any{ + "id": "123", + "address": map[string]any{ + "street": "Main St", + "zipcode": "12345", // undeclared in Address + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "zipcode", result.UndeclaredValues[0].Name) + assert.Equal(t, "$.body.address.zipcode", result.UndeclaredValues[0].Path) +} + +// ============== Parameter validation tests ============== + +func TestValidateQueryParams_Basic(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + + params := []*v3.Parameter{ + {Name: "limit", In: "query"}, + {Name: "offset", In: "query"}, + } + + req, _ := http.NewRequest(http.MethodGet, "http://example.com/test?limit=10&offset=0&extra=undeclared", nil) + + undeclared := ValidateQueryParams(req, params, opts) + + assert.Len(t, undeclared, 1) + assert.Equal(t, "extra", undeclared[0].Name) + assert.Equal(t, "$.query.extra", undeclared[0].Path) + assert.Equal(t, "query", undeclared[0].Type) +} + +func TestValidateQueryParams_AllDeclared(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + + params := []*v3.Parameter{ + {Name: "limit", In: "query"}, + {Name: "offset", In: "query"}, + } + + req, _ := http.NewRequest(http.MethodGet, "http://example.com/test?limit=10&offset=0", nil) + + undeclared := ValidateQueryParams(req, params, opts) + + assert.Empty(t, undeclared) +} + +func TestValidateQueryParams_IgnorePaths(t *testing.T) { + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.query.debug"), + ) + + params := []*v3.Parameter{ + {Name: "limit", In: "query"}, + } + + req, _ := http.NewRequest(http.MethodGet, "http://example.com/test?limit=10&debug=true", nil) + + undeclared := ValidateQueryParams(req, params, opts) + + assert.Empty(t, undeclared) +} + +func TestValidateQueryParams_NilInputs(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + + // nil request + assert.Nil(t, ValidateQueryParams(nil, nil, opts)) + + // nil options + req, _ := http.NewRequest(http.MethodGet, "http://example.com/test", nil) + assert.Nil(t, ValidateQueryParams(req, nil, nil)) + + // strict mode disabled + optsNoStrict := config.NewValidationOptions() + assert.Nil(t, ValidateQueryParams(req, nil, optsNoStrict)) +} + +func TestValidateCookies_Basic(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + + params := []*v3.Parameter{ + {Name: "session", In: "cookie"}, + {Name: "token", In: "cookie"}, + } + + req, _ := http.NewRequest(http.MethodGet, "http://example.com/test", nil) + req.AddCookie(&http.Cookie{Name: "session", Value: "abc123"}) + req.AddCookie(&http.Cookie{Name: "token", Value: "xyz789"}) + req.AddCookie(&http.Cookie{Name: "tracking", Value: "undeclared"}) + + undeclared := ValidateCookies(req, params, opts) + + assert.Len(t, undeclared, 1) + assert.Equal(t, "tracking", undeclared[0].Name) + assert.Equal(t, "$.cookies.tracking", undeclared[0].Path) + assert.Equal(t, "cookie", undeclared[0].Type) +} + +func TestValidateCookies_AllDeclared(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + + params := []*v3.Parameter{ + {Name: "session", In: "cookie"}, + } + + req, _ := http.NewRequest(http.MethodGet, "http://example.com/test", nil) + req.AddCookie(&http.Cookie{Name: "session", Value: "abc123"}) + + undeclared := ValidateCookies(req, params, opts) + + assert.Empty(t, undeclared) +} + +func TestValidateCookies_IgnorePaths(t *testing.T) { + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.cookies.tracking"), + ) + + params := []*v3.Parameter{ + {Name: "session", In: "cookie"}, + } + + req, _ := http.NewRequest(http.MethodGet, "http://example.com/test", nil) + req.AddCookie(&http.Cookie{Name: "session", Value: "abc123"}) + req.AddCookie(&http.Cookie{Name: "tracking", Value: "ignored"}) + + undeclared := ValidateCookies(req, params, opts) + + assert.Empty(t, undeclared) +} + +func TestValidateCookies_NilInputs(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + + // nil request + assert.Nil(t, ValidateCookies(nil, nil, opts)) + + // nil options + req, _ := http.NewRequest(http.MethodGet, "http://example.com/test", nil) + assert.Nil(t, ValidateCookies(req, nil, nil)) + + // strict mode disabled + optsNoStrict := config.NewValidationOptions() + assert.Nil(t, ValidateCookies(req, nil, optsNoStrict)) +} + +func TestValidateResponseHeaders_Basic(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + + declaredHeaders := &map[string]*v3.Header{ + "X-Request-Id": {}, + "X-Rate-Limit": {}, + } + + headers := http.Header{ + "X-Request-Id": {"abc123"}, + "X-Rate-Limit": {"100"}, + "X-Custom-Header": {"undeclared"}, + } + + undeclared := ValidateResponseHeaders(headers, declaredHeaders, opts) + + assert.Len(t, undeclared, 1) + assert.Equal(t, "X-Custom-Header", undeclared[0].Name) + assert.Equal(t, "$.headers.x-custom-header", undeclared[0].Path) + assert.Equal(t, DirectionResponse, undeclared[0].Direction) +} + +func TestValidateResponseHeaders_AllDeclared(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + + declaredHeaders := &map[string]*v3.Header{ + "X-Request-Id": {}, + } + + headers := http.Header{ + "X-Request-Id": {"abc123"}, + } + + undeclared := ValidateResponseHeaders(headers, declaredHeaders, opts) + + assert.Empty(t, undeclared) +} + +func TestValidateResponseHeaders_SetCookieIgnored(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + + // No declared headers + var declaredHeaders *map[string]*v3.Header + + headers := http.Header{ + "Set-Cookie": {"session=abc123"}, + } + + undeclared := ValidateResponseHeaders(headers, declaredHeaders, opts) + + // Set-Cookie should be ignored in responses + assert.Empty(t, undeclared) +} + +func TestValidateResponseHeaders_NilInputs(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + + // nil headers + assert.Nil(t, ValidateResponseHeaders(nil, nil, opts)) + + // nil options + headers := http.Header{"X-Test": {"value"}} + assert.Nil(t, ValidateResponseHeaders(headers, nil, nil)) + + // strict mode disabled + optsNoStrict := config.NewValidationOptions() + assert.Nil(t, ValidateResponseHeaders(headers, nil, optsNoStrict)) +} + +// ============== Array validation tests ============== + +func TestStrictValidator_ArrayItemsFalse(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Empty: + type: array + items: false +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Empty") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // items: false means no items allowed + data := []any{"item1", "item2"} + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Should report both items as undeclared + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 2) +} + +func TestStrictValidator_PrefixItems(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Tuple: + type: array + prefixItems: + - type: object + properties: + first: + type: string + - type: object + properties: + second: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Tuple") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Each prefix item has its own schema + data := []any{ + map[string]any{"first": "a", "extra1": "undeclared"}, + map[string]any{"second": "b", "extra2": "undeclared"}, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 2) +} + +func TestStrictValidator_PrefixItems_FewerDataElements(t *testing.T) { + // Covers array_validator.go:41-42 - break when data has fewer elements than prefixItems + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Tuple: + type: array + prefixItems: + - type: object + properties: + first: + type: string + - type: object + properties: + second: + type: string + - type: object + properties: + third: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Tuple") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Only 1 data element, but 3 prefixItems - should break early at line 42 + data := []any{ + map[string]any{"first": "a", "extra": "undeclared"}, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Only first element validated, has one undeclared property + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_PrefixItemsWithItems(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Tuple: + type: array + prefixItems: + - type: object + properties: + first: + type: string + items: + type: object + properties: + rest: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Tuple") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // First item uses prefixItems[0], rest use items schema + data := []any{ + map[string]any{"first": "a"}, + map[string]any{"rest": "b"}, + map[string]any{"rest": "c", "extra": "undeclared"}, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) + assert.Equal(t, "$.body[2].extra", result.UndeclaredValues[0].Path) +} + +func TestStrictValidator_EmptyArray(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Items: + type: array + items: + type: object + properties: + id: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Items") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Empty array should be valid + data := []any{} + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +// ============== Additional edge case tests ============== + +func TestStrictValidator_ReadOnlyInRequest(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + id: + type: string + readOnly: true + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // readOnly properties should not be expected in requests + data := map[string]any{ + "name": "John", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) +} + +func TestStrictValidator_WriteOnlyInResponse(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + name: + type: string + password: + type: string + writeOnly: true +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // writeOnly properties should not be expected in responses + data := map[string]any{ + "name": "John", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionResponse, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) +} + +func TestStrictValidator_DiscriminatorMapping(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Dog: + type: object + properties: + petType: + type: string + bark: + type: string + Cat: + type: object + properties: + petType: + type: string + meow: + type: string + Pet: + type: object + discriminator: + propertyName: petType + mapping: + dog: "#/components/schemas/Dog" + cat: "#/components/schemas/Cat" + oneOf: + - $ref: "#/components/schemas/Dog" + - $ref: "#/components/schemas/Cat" +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Pet") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with discriminator selecting Dog + data := map[string]any{ + "petType": "dog", + "bark": "woof", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_NilSchemaData(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // nil schema + result := v.Validate(Input{ + Schema: nil, + Data: map[string]any{"foo": "bar"}, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + assert.True(t, result.Valid) + + // nil data + result = v.Validate(Input{ + Schema: &base.Schema{}, + Data: nil, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + assert.True(t, result.Valid) +} + +func TestNewValidator_NilOptions(t *testing.T) { + v := NewValidator(nil, 3.1) + assert.NotNil(t, v) + assert.NotNil(t, v.logger) +} + +func TestGetSchemaKey_NilSchema(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + key := v.getSchemaKey(nil) + assert.Equal(t, "", key) +} + +func TestGetCompiledPattern_Invalid(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Invalid regex pattern + pattern := v.getCompiledPattern("[invalid") + assert.Nil(t, pattern) +} + +func TestGetCompiledPattern_Cached(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // First call compiles + pattern1 := v.getCompiledPattern("^test$") + assert.NotNil(t, pattern1) + + // Second call returns cached + pattern2 := v.getCompiledPattern("^test$") + assert.Equal(t, pattern1, pattern2) +} + +func TestExceedsDepth(t *testing.T) { + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + assert.False(t, ctx.exceedsDepth()) + + // Create context at max depth + for i := 0; i < 101; i++ { + ctx = ctx.withPath("$.body.deep") + } + assert.True(t, ctx.exceedsDepth()) +} + +func TestCheckAndMarkVisited_Cycle(t *testing.T) { + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + + // First visit should return false (not a cycle) + isCycle := ctx.checkAndMarkVisited("schema1") + assert.False(t, isCycle) + + // Second visit to same schema at same path should return true (cycle) + isCycle = ctx.checkAndMarkVisited("schema1") + assert.True(t, isCycle) +} + +func TestGetParamNames(t *testing.T) { + params := []*v3.Parameter{ + {Name: "limit", In: "query"}, + {Name: "offset", In: "query"}, + {Name: "X-Api-Key", In: "header"}, + } + + queryNames := getParamNames(params, "query") + assert.ElementsMatch(t, []string{"limit", "offset"}, queryNames) + + headerNames := getParamNames(params, "header") + assert.ElementsMatch(t, []string{"X-Api-Key"}, headerNames) + + cookieNames := getParamNames(params, "cookie") + assert.Empty(t, cookieNames) +} + +func TestGetEffectiveIgnoredHeaders_Nil(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + headers := v.getEffectiveIgnoredHeaders() + assert.NotEmpty(t, headers) + assert.Contains(t, headers, "content-type") +} + +func TestStrictValidator_DependentSchemas(t *testing.T) { + // Test dependentSchemas with trigger property present + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + CreditCard: + type: object + properties: + name: + type: string + creditCard: + type: string + dependentSchemas: + creditCard: + properties: + billingAddress: + type: string + required: + - billingAddress +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "CreditCard") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // When creditCard is present, billingAddress becomes a declared property + data := map[string]any{ + "name": "John", + "creditCard": "1234-5678-9012-3456", + "billingAddress": "123 Main St", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_DependentSchemas_NoTrigger(t *testing.T) { + // Test dependentSchemas when trigger property is NOT present + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + CreditCard: + type: object + properties: + name: + type: string + creditCard: + type: string + dependentSchemas: + creditCard: + properties: + billingAddress: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "CreditCard") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // When creditCard is NOT present, billingAddress is undeclared + data := map[string]any{ + "name": "John", + "billingAddress": "123 Main St", // undeclared without creditCard trigger + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "billingAddress", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_IfThenElse_ThenBranch(t *testing.T) { + // Test if/then/else - matching if condition uses then properties + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Conditional: + type: object + properties: + type: + type: string + if: + properties: + type: + const: "car" + then: + properties: + numWheels: + type: integer + else: + properties: + numLegs: + type: integer +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Conditional") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // type="car" matches if condition, so numWheels is declared + data := map[string]any{ + "type": "car", + "numWheels": 4, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_IfThenElse_ElseBranch(t *testing.T) { + // Test if/then/else - non-matching if condition uses else properties + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Conditional: + type: object + properties: + type: + type: string + if: + properties: + type: + const: "car" + then: + properties: + numWheels: + type: integer + else: + properties: + numLegs: + type: integer +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Conditional") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // type="animal" does NOT match if condition, so numLegs is declared (else branch) + data := map[string]any{ + "type": "animal", + "numLegs": 4, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_IfThenElse_WrongBranchProperty(t *testing.T) { + // Test if/then/else - using wrong branch property is undeclared + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Conditional: + type: object + properties: + type: + type: string + if: + properties: + type: + const: "car" + then: + properties: + numWheels: + type: integer + else: + properties: + numLegs: + type: integer +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Conditional") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // type="car" matches if condition (then branch), but we're using numLegs (else property) + data := map[string]any{ + "type": "car", + "numLegs": 4, // wrong branch property + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "numLegs", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_OneOfWithParentBothAdditionalPropertiesFalse(t *testing.T) { + // Test recurseIntoDeclaredPropertiesWithMerged path: + // Both parent and variant have additionalProperties: false + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Pet: + type: object + additionalProperties: false + properties: + id: + type: string + oneOf: + - $ref: '#/components/schemas/Dog' + - $ref: '#/components/schemas/Cat' + Dog: + type: object + additionalProperties: false + properties: + bark: + type: boolean + Cat: + type: object + additionalProperties: false + properties: + meow: + type: boolean +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Pet") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // All properties are declared (parent id + variant bark) + data := map[string]any{ + "id": "pet-123", + "bark": true, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Both parent and variant have additionalProperties: false + // This triggers the recurseIntoDeclaredPropertiesWithMerged path + // Standard validation would catch any extras, so strict just recurses + assert.True(t, result.Valid) +} + +func TestStrictValidator_OneOfWithParentBothAdditionalPropertiesFalse_NestedObject(t *testing.T) { + // Test recurseIntoDeclaredPropertiesWithMerged with nested object validation + // When both parent and variant have additionalProperties: false, the code + // takes the recurseIntoDeclaredPropertiesWithMerged path which still recurses + // into nested objects to check for undeclared properties there. + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Pet: + type: object + additionalProperties: false + properties: + id: + type: string + meta: + type: object + properties: + version: + type: string + oneOf: + - $ref: '#/components/schemas/Dog' + Dog: + type: object + additionalProperties: false + properties: + bark: + type: boolean +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Pet") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Valid nested object - tests that recursion into nested objects works + data := map[string]any{ + "id": "pet-123", + "bark": true, + "meta": map[string]any{ + "version": "1.0", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // When both parent and variant have additionalProperties: false, + // strict mode delegates to standard validation for undeclared detection + // but still recurses into nested objects + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_MergePropertiesIntoDeclared_EmptySchema(t *testing.T) { + // Test mergePropertiesIntoDeclared with nil/empty schema + declared := make(map[string]*declaredProperty) + mergePropertiesIntoDeclared(declared, nil) + assert.Empty(t, declared) + + // Test with schema but nil properties + schema := &base.Schema{} + mergePropertiesIntoDeclared(declared, schema) + assert.Empty(t, declared) +} + +func TestStrictValidator_IsPropertyDeclaredInAllOf_EmptyAllOf(t *testing.T) { + // Test isPropertyDeclaredInAllOf with nil allOf + v := NewValidator(config.NewValidationOptions(config.WithStrictMode()), 3.1) + result := v.isPropertyDeclaredInAllOf(nil, "test") + assert.False(t, result) +} + +func TestStrictValidator_GetSchemaKey_NilSchema(t *testing.T) { + // Test getSchemaKey with nil schema returns empty string + v := NewValidator(config.NewValidationOptions(config.WithStrictMode()), 3.1) + key := v.getSchemaKey(nil) + assert.Equal(t, "", key) +} + +func TestStrictValidator_GetSchemaKey_SchemaWithHash(t *testing.T) { + // Test getSchemaKey with schema that has a hash + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + v := NewValidator(config.NewValidationOptions(config.WithStrictMode()), 3.1) + key := v.getSchemaKey(schema) + assert.NotEmpty(t, key) +} + +func TestStrictValidator_RecurseIntoDeclaredPropertiesWithMerged(t *testing.T) { + // Test the recurseIntoDeclaredPropertiesWithMerged code path + // This requires both parent AND variant to have additionalProperties: false + // AND the data to only contain properties declared in the variant + // (so the variant matching succeeds) + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Pet: + type: object + additionalProperties: false + properties: + name: + type: string + meta: + type: object + properties: + version: + type: string + oneOf: + - type: object + additionalProperties: false + properties: + name: + type: string + meta: + type: object + properties: + version: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Pet") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Data that only has properties declared in the variant + // The variant matches because it declares both name and meta + data := map[string]any{ + "name": "Fido", + "meta": map[string]any{ + "version": "1.0", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Both parent and variant have additionalProperties: false + // Strict mode delegates to base validation but still recurses into declared properties + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_RecurseIntoDeclaredPropertiesWithMerged_WithIgnorePath(t *testing.T) { + // Test the shouldIgnore path within recurseIntoDeclaredPropertiesWithMerged + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Pet: + type: object + additionalProperties: false + properties: + name: + type: string + details: + type: object + properties: + version: + type: string + oneOf: + - type: object + additionalProperties: false + properties: + name: + type: string + details: + type: object + properties: + version: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Pet") + + // Ignore the details path + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body.details"), + ) + v := NewValidator(opts, 3.1) + + // Data with properties that match both parent and variant + data := map[string]any{ + "name": "Fido", + "details": map[string]any{ + "version": "1.0", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Should be valid - tests that ignore path works in recurseIntoDeclaredPropertiesWithMerged + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_ShouldSkipProperty_WriteOnly_Request(t *testing.T) { + // Test that writeOnly properties are not flagged in responses + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + id: + type: string + password: + type: string + writeOnly: true +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Password should be skipped in response direction + data := map[string]any{ + "id": "user-123", + "password": "secret", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionResponse, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // writeOnly in response should be flagged (password shouldn't be in response) + // Actually let me check the shouldSkipProperty logic + assert.True(t, result.Valid) +} + +func TestStrictValidator_IsPropertyDeclaredInAllOf_WithProperties(t *testing.T) { + // Test isPropertyDeclaredInAllOf with actual allOf schemas + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Combined: + allOf: + - type: object + properties: + name: + type: string + - type: object + properties: + age: + type: integer +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Combined") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test the isPropertyDeclaredInAllOf function + isDeclared := v.isPropertyDeclaredInAllOf(schema.AllOf, "name") + assert.True(t, isDeclared) + + isDeclared = v.isPropertyDeclaredInAllOf(schema.AllOf, "age") + assert.True(t, isDeclared) + + isDeclared = v.isPropertyDeclaredInAllOf(schema.AllOf, "undeclared") + assert.False(t, isDeclared) +} + +func TestDiscardHandler_Methods(t *testing.T) { + // Test the discardHandler slog.Handler implementation + // These are interface methods required by slog.Handler + + d := discardHandler{} + + // Enabled should return false (no logging) + assert.False(t, d.Enabled(context.TODO(), 0)) + + // Handle should return nil (no error) + assert.NoError(t, d.Handle(context.TODO(), slog.Record{})) + + // WithAttrs should return itself + handler := d.WithAttrs(nil) + assert.Equal(t, d, handler) + + // WithGroup should return itself + handler = d.WithGroup("test") + assert.Equal(t, d, handler) +} + +func TestStrictValidator_DataMatchesSchema_NilSchema(t *testing.T) { + // Test that nil schema matches anything + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + matches, err := v.dataMatchesSchema(nil, map[string]any{"foo": "bar"}) + assert.NoError(t, err) + assert.True(t, matches) +} + +func TestStrictValidator_GetCompiledSchema_NilSchema(t *testing.T) { + // Test getCompiledSchema with nil schema + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + compiled, err := v.getCompiledSchema(nil) + assert.NoError(t, err) + assert.Nil(t, compiled) +} + +func TestStrictValidator_GetCompiledSchema_LocalCacheHit(t *testing.T) { + // Test that local cache is used on second call + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // First call - compiles and caches + compiled1, err := v.getCompiledSchema(schema) + assert.NoError(t, err) + assert.NotNil(t, compiled1) + + // Second call - should hit local cache + compiled2, err := v.getCompiledSchema(schema) + assert.NoError(t, err) + assert.NotNil(t, compiled2) + assert.Same(t, compiled1, compiled2) +} + +func TestStrictValidator_CompileSchema_NilSchema(t *testing.T) { + // Test compileSchema with nil schema + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + compiled, err := v.compileSchema(nil) + assert.NoError(t, err) + assert.Nil(t, compiled) +} + +func TestStrictValidator_GetEffectiveIgnoredHeaders_WithMerge(t *testing.T) { + // Test getEffectiveIgnoredHeaders with merge mode + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnoredHeadersExtra("X-Custom"), + ) + v := NewValidator(opts, 3.1) + + headers := v.getEffectiveIgnoredHeaders() + // Should contain defaults plus the custom header + assert.Contains(t, headers, "content-type") // From defaults + assert.Contains(t, headers, "X-Custom") // From extra +} + +func TestStrictValidator_GetEffectiveIgnoredHeaders_WithReplace(t *testing.T) { + // Test getEffectiveIgnoredHeaders with replace mode + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnoredHeaders("X-Only-This"), + ) + v := NewValidator(opts, 3.1) + + headers := v.getEffectiveIgnoredHeaders() + // Should ONLY contain the replaced headers + assert.Contains(t, headers, "X-Only-This") + assert.NotContains(t, headers, "content-type") // Defaults should be replaced +} + +func TestStrictValidator_ValidateRequestHeaders_UndeclaredHeader(t *testing.T) { + // Test ValidateRequestHeaders with undeclared header + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: + /test: + get: + parameters: + - name: X-Known-Header + in: header + schema: + type: string + responses: + "200": + description: OK +` + doc, _ := libopenapi.NewDocument([]byte(yml)) + model, _ := doc.BuildV3Model() + + opts := config.NewValidationOptions(config.WithStrictMode()) + + params := model.Model.Paths.PathItems.GetOrZero("/test").Get.Parameters + + // Create headers directly + headers := http.Header{ + "X-Known-Header": {"value"}, + "X-Unknown-Header": {"value"}, // Not in spec + } + + // ValidateRequestHeaders takes http.Header, not *http.Request + undeclared := ValidateRequestHeaders(headers, params, nil, opts) + + assert.Len(t, undeclared, 1) + assert.Equal(t, "X-Unknown-Header", undeclared[0].Name) +} + +func TestStrictValidator_ValidateValue_NilSchema(t *testing.T) { + // Test validateValue with nil schema + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + result := v.validateValue(ctx, nil, map[string]any{"foo": "bar"}) + assert.Empty(t, result) +} + +func TestStrictValidator_ValidateValue_NonObjectData(t *testing.T) { + // Test validateValue with non-object data (string, number, etc.) + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + StringType: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "StringType") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + result := v.validateValue(ctx, schema, "hello") + assert.Empty(t, result) +} + +func TestStrictValidator_FindMatchingVariant_NoMatch(t *testing.T) { + // Test findMatchingVariant when no variant matches + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Pet: + oneOf: + - type: object + required: + - bark + properties: + bark: + type: boolean + - type: object + required: + - meow + properties: + meow: + type: boolean +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Pet") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Data that matches neither variant + data := map[string]any{ + "swim": true, + } + + variant := v.findMatchingVariant(schema.OneOf, data) + assert.Nil(t, variant) +} + +func TestStrictValidator_ShouldReportUndeclared_AdditionalPropertiesSchema(t *testing.T) { + // Test shouldReportUndeclared with additionalProperties as a schema + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Config: + type: object + properties: + name: + type: string + additionalProperties: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Config") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + result := v.shouldReportUndeclared(schema) + assert.True(t, result) // Should report undeclared even with additionalProperties schema +} + +func TestStrictValidator_GetEffectiveIgnoredHeaders_NilOptions(t *testing.T) { + // Test getEffectiveIgnoredHeaders with nil options + v := &Validator{options: nil} + headers := v.getEffectiveIgnoredHeaders() + assert.Nil(t, headers) +} + +func TestStrictValidator_ShouldSkipProperty_ReadOnlyInRequest(t *testing.T) { + // Test that readOnly properties are skipped in request direction + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + id: + type: string + readOnly: true + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Get the id property which is readOnly + idProp := schema.Properties.GetOrZero("id").Schema() + + // readOnly in request should be skipped + result := v.shouldSkipProperty(idProp, DirectionRequest) + assert.True(t, result) + + // readOnly in response should NOT be skipped + result = v.shouldSkipProperty(idProp, DirectionResponse) + assert.False(t, result) +} + +func TestStrictValidator_ShouldSkipProperty_WriteOnlyInResponse(t *testing.T) { + // Test that writeOnly properties are skipped in response direction + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + password: + type: string + writeOnly: true + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Get the password property which is writeOnly + passwordProp := schema.Properties.GetOrZero("password").Schema() + + // writeOnly in response should be skipped + result := v.shouldSkipProperty(passwordProp, DirectionResponse) + assert.True(t, result) + + // writeOnly in request should NOT be skipped + result = v.shouldSkipProperty(passwordProp, DirectionRequest) + assert.False(t, result) +} + +func TestStrictValidator_ShouldReportUndeclared_UnevaluatedPropertiesFalse(t *testing.T) { + // Test that unevaluatedProperties: false still reports undeclared in strict mode + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Config: + type: object + properties: + name: + type: string + unevaluatedProperties: false +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Config") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + result := v.shouldReportUndeclared(schema) + assert.True(t, result) +} + +func TestStrictValidator_ValidateValue_ExceedsDepth(t *testing.T) { + // Test validateValue when max depth is exceeded + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + DeepNested: + type: object + properties: + level: + type: object +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "DeepNested") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + // Increase depth artificially to exceed max + for i := 0; i < 101; i++ { + ctx = ctx.withPath("$.body.deep") + } + + result := v.validateValue(ctx, schema, map[string]any{"level": map[string]any{}}) + assert.Empty(t, result) // Should return early due to depth +} + +func TestStrictValidator_AnyOf_WithMatch(t *testing.T) { + // Test validateAnyOf with a matching variant + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Pet: + type: object + properties: + id: + type: string + anyOf: + - type: object + properties: + bark: + type: boolean + - type: object + properties: + meow: + type: boolean +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Pet") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Data that matches the first variant + data := map[string]any{ + "id": "pet-123", + "bark": true, + "extra": "undeclared", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_AnyOf_WithDiscriminator(t *testing.T) { + // Test validateAnyOf with discriminator + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Pet: + type: object + discriminator: + propertyName: petType + mapping: + dog: '#/components/schemas/Dog' + anyOf: + - $ref: '#/components/schemas/Dog' + - $ref: '#/components/schemas/Cat' + Dog: + type: object + properties: + petType: + type: string + bark: + type: boolean + Cat: + type: object + properties: + petType: + type: string + meow: + type: boolean +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Pet") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + data := map[string]any{ + "petType": "dog", + "bark": true, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) +} + +func TestStrictValidator_FindMatchingVariant_NilProxy(t *testing.T) { + // Test findMatchingVariant with nil proxy in variants + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Create a slice with nil entry + variants := []*base.SchemaProxy{nil} + + result := v.findMatchingVariant(variants, map[string]any{"foo": "bar"}) + assert.Nil(t, result) +} + +func TestStrictValidator_ShouldReportUndeclaredForAllOf_AdditionalPropertiesFalse(t *testing.T) { + // Test shouldReportUndeclaredForAllOf when parent has additionalProperties: false + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Combined: + type: object + additionalProperties: false + allOf: + - type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Combined") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Should return false because parent has additionalProperties: false + result := v.shouldReportUndeclaredForAllOf(schema) + assert.False(t, result) +} + +func TestStrictValidator_ShouldReportUndeclaredForAllOf_AllOfHasAdditionalPropertiesFalse(t *testing.T) { + // Test shouldReportUndeclaredForAllOf when allOf member has additionalProperties: false + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Combined: + type: object + allOf: + - type: object + additionalProperties: false + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Combined") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Should return false because allOf member has additionalProperties: false + result := v.shouldReportUndeclaredForAllOf(schema) + assert.False(t, result) +} + +func TestStrictValidator_FindPropertySchemaInAllOf_FromDeclared(t *testing.T) { + // Test findPropertySchemaInAllOf finding property from declared map + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + User: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "User") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Create declared map with the property + declared := make(map[string]*declaredProperty) + declared["name"] = &declaredProperty{ + proxy: schema.Properties.GetOrZero("name"), + } + + result := v.findPropertySchemaInAllOf(nil, "name", declared) + assert.NotNil(t, result) +} + +// Additional nil check tests + +func TestStrictValidator_IsPropertyDeclaredInAllOf_NilSchemaProxy(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with nil SchemaProxy in allOf slice + allOf := []*base.SchemaProxy{nil} + result := v.isPropertyDeclaredInAllOf(allOf, "foo") + assert.False(t, result) +} + +func TestStrictValidator_IsPropertyDeclaredInAllOf_NilSchema(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with empty allOf + result := v.isPropertyDeclaredInAllOf(nil, "foo") + assert.False(t, result) +} + +func TestStrictValidator_ShouldReportUndeclaredForAllOf_NilSchemaProxy(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Test: + type: object + allOf: + - type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Test") + + // Manually inject a nil into allOf to test the nil check + schema.AllOf = append(schema.AllOf, nil) + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Should still work and return true (default behavior) + result := v.shouldReportUndeclaredForAllOf(schema) + assert.True(t, result) +} + +func TestStrictValidator_FindPropertySchemaInAllOf_NilSchemaProxy(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with nil SchemaProxy in allOf + allOf := []*base.SchemaProxy{nil} + result := v.findPropertySchemaInAllOf(allOf, "foo", nil) + assert.Nil(t, result) +} + +func TestStrictValidator_RecurseIntoAllOfDeclaredProperties_NilSchemaProxy(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + allOf := []*base.SchemaProxy{nil} + data := map[string]any{"foo": "bar"} + + result := v.recurseIntoAllOfDeclaredProperties(ctx, allOf, data, nil) + assert.Empty(t, result) +} + +func TestStrictValidator_SelectByDiscriminator_NilDiscriminator(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Test: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Test") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Schema has no discriminator + result := v.selectByDiscriminator(schema, nil, map[string]any{"foo": "bar"}) + assert.Nil(t, result) +} + +func TestStrictValidator_SelectByDiscriminator_EmptyPropertyName(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Pet: + type: object + discriminator: + propertyName: "" + oneOf: + - $ref: '#/components/schemas/Dog' + Dog: + type: object + properties: + bark: + type: boolean +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Pet") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + result := v.selectByDiscriminator(schema, schema.OneOf, map[string]any{"petType": "Dog"}) + assert.Nil(t, result) +} + +func TestStrictValidator_SelectByDiscriminator_MissingDiscriminatorValue(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Pet: + type: object + discriminator: + propertyName: petType + oneOf: + - $ref: '#/components/schemas/Dog' + Dog: + type: object + properties: + bark: + type: boolean +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Pet") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Data doesn't have the discriminator property + result := v.selectByDiscriminator(schema, schema.OneOf, map[string]any{"bark": true}) + assert.Nil(t, result) +} + +func TestStrictValidator_SelectByDiscriminator_NonStringValue(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Pet: + type: object + discriminator: + propertyName: petType + oneOf: + - $ref: '#/components/schemas/Dog' + Dog: + type: object + properties: + bark: + type: boolean +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Pet") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Discriminator value is not a string + result := v.selectByDiscriminator(schema, schema.OneOf, map[string]any{"petType": 123}) + assert.Nil(t, result) +} + +func TestStrictValidator_SelectByDiscriminator_NoMatchingVariant(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Pet: + type: object + discriminator: + propertyName: petType + oneOf: + - $ref: '#/components/schemas/Dog' + Dog: + type: object + properties: + bark: + type: boolean +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Pet") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Discriminator value doesn't match any variant + result := v.selectByDiscriminator(schema, schema.OneOf, map[string]any{"petType": "Cat"}) + assert.Nil(t, result) +} + +func TestStrictValidator_FindMatchingVariant_NoMatch2(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Dog: + type: object + required: + - bark + properties: + bark: + type: boolean +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Dog") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Create variants with a schema that won't match the data + variants := []*base.SchemaProxy{base.CreateSchemaProxy(schema)} + + // Data doesn't have required 'bark' property - won't match + result := v.findMatchingVariant(variants, map[string]any{"meow": true}) + assert.Nil(t, result) +} + +func TestStrictValidator_CollectDeclaredProperties_NilSchema(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + declared, patterns := v.collectDeclaredProperties(nil, nil) + assert.Empty(t, declared) + assert.Empty(t, patterns) +} + +func TestStrictValidator_GetDeclaredPropertyNames_Empty(t *testing.T) { + result := getDeclaredPropertyNames(nil) + assert.Empty(t, result) +} + +func TestStrictValidator_ShouldSkipProperty_NilSchema(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + result := v.shouldSkipProperty(nil, DirectionRequest) + assert.False(t, result) +} + +func TestStrictValidator_ValidateObject_NilProperties(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Empty: + type: object +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Empty") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + result := v.validateObject(ctx, schema, map[string]any{"foo": "bar"}) + + // In strict mode, empty schema with no properties still reports undeclared + // because additionalProperties defaults to true (meaning strict mode catches it) + assert.Len(t, result, 1) + assert.Equal(t, "foo", result[0].Name) +} + +func TestStrictValidator_ShouldReportUndeclared_NilSchema(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // nil schema returns false - can't report undeclared without schema + result := v.shouldReportUndeclared(nil) + assert.False(t, result) +} + +func TestStrictValidator_GetPatternPropertySchema_NoPatterns(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + NoPatterns: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "NoPatterns") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Schema has no patternProperties + result := v.getPatternPropertySchema(schema, "foo") + assert.Nil(t, result) +} + +func TestStrictValidator_RecurseIntoDeclaredProperties_EmptySchema(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Empty: + type: object +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Empty") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + data := map[string]any{"name": "test"} + + // recurseIntoDeclaredProperties only takes ctx, schema, data + result := v.recurseIntoDeclaredProperties(ctx, schema, data) + assert.Empty(t, result) +} + +func TestStrictValidator_ValidateArray_NilItems(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + List: + type: array +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "List") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + result := v.validateArray(ctx, schema, []any{"foo", "bar"}) + + // Array with no items schema - anything is allowed + assert.Empty(t, result) +} + +func TestStrictValidator_ValidateArray_ItemsSchemaB(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + List: + type: array + items: true +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "List") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + result := v.validateArray(ctx, schema, []any{"foo", "bar"}) + + // items: true means all items are valid + assert.Empty(t, result) +} + +func TestStrictValidator_ValidateArray_PrefixItemsNil(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Tuple: + type: array + prefixItems: + - type: string + - type: integer +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Tuple") + + // Manually set one prefixItem to nil to test the nil check + schema.PrefixItems = append(schema.PrefixItems, nil) + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + result := v.validateArray(ctx, schema, []any{"foo", 42, "extra"}) + + // Should handle nil prefixItems gracefully + assert.Empty(t, result) +} + +func TestStrictValidator_FindPropertySchemaInMerged_NilProxy(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Create declared map with nil proxy + declared := make(map[string]*declaredProperty) + declared["name"] = &declaredProperty{proxy: nil} + + // findPropertySchemaInMerged takes (variant, parent, propName, declared) + result := v.findPropertySchemaInMerged(nil, nil, "name", declared) + assert.Nil(t, result) +} + +func TestStrictValidator_RecurseIntoDeclaredPropertiesWithMerged_NilProxy(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + + // Create declared with nil proxy + declared := make(map[string]*declaredProperty) + declared["name"] = &declaredProperty{proxy: nil} + + data := map[string]any{"name": "test"} + + // recurseIntoDeclaredPropertiesWithMerged takes (ctx, variant, parent, data, declared) + result := v.recurseIntoDeclaredPropertiesWithMerged(ctx, nil, nil, data, declared) + assert.Empty(t, result) +} + +func TestStrictValidator_ValidateAnyOf_NoMatchingVariant(t *testing.T) { + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + StringOrInt: + anyOf: + - type: string + minLength: 5 + - type: integer + minimum: 10 +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "StringOrInt") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + + // Data is an object which won't match string or integer + result := v.validateAnyOf(ctx, schema, map[string]any{"foo": "bar"}) + + // Should return empty - no matching variant means we can't validate + assert.Empty(t, result) +} + +func TestStrictValidator_CompilePattern_EmptyPattern(t *testing.T) { + // Test compilePattern with empty pattern + result := compilePattern("") + assert.Nil(t, result) +} + +func TestStrictValidator_GetSchemaKey_NoLowLevel(t *testing.T) { + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Create a schema without low-level info + schema := &base.Schema{} + + key := v.getSchemaKey(schema) + // Should return pointer-based key + assert.NotEmpty(t, key) +} + +func TestTruncateValue_SmallMapUnchanged(t *testing.T) { + // Small map (<= 3 entries) should return unchanged + input := map[string]any{"a": 1, "b": 2} + result := TruncateValue(input) + assert.Equal(t, input, result) + + // Exactly 3 entries should also pass unchanged + input3 := map[string]any{"a": 1, "b": 2, "c": 3} + result3 := TruncateValue(input3) + assert.Equal(t, input3, result3) +} + +func TestTruncateValue_SmallArrayUnchanged(t *testing.T) { + // Small array (<= 3 entries) should return unchanged + input := []any{1, 2} + result := TruncateValue(input) + assert.Equal(t, input, result) + + // Exactly 3 entries should also pass unchanged + input3 := []any{1, 2, 3} + result3 := TruncateValue(input3) + assert.Equal(t, input3, result3) +} + +func TestStrictValidator_DataMatchesSchema_CompilationError(t *testing.T) { + // Create a schema with an invalid regex pattern that will fail compilation + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + BadPattern: + type: object + properties: + name: + type: string + pattern: "[invalid(regex" +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "BadPattern") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // dataMatchesSchema should return false with error due to invalid pattern + matches, err := v.dataMatchesSchema(schema, map[string]any{"name": "test"}) + assert.False(t, matches) + assert.Error(t, err) + assert.Contains(t, err.Error(), "strict:") +} + +func TestStrictValidator_FindMatchingVariant_SchemaError(t *testing.T) { + // Create oneOf with a variant that has invalid pattern - should skip bad variant + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Container: + oneOf: + - type: object + properties: + valid: + type: string + - type: object + properties: + broken: + type: string + pattern: "[unclosed(" +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "Container") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // findMatchingVariant should skip the broken variant and match the valid one + variant := v.findMatchingVariant(schema.OneOf, map[string]any{"valid": "test"}) + + // Should find a valid variant (the first one) + assert.NotNil(t, variant) +} + +func TestStrictValidator_GetPatternPropertySchema_InvalidPattern(t *testing.T) { + // Create schema with invalid patternProperties regex + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + BadPatternProps: + type: object + patternProperties: + "[invalid(": + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "BadPatternProps") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // getPatternPropertySchema should return nil for invalid pattern + propProxy := v.getPatternPropertySchema(schema, "test") + assert.Nil(t, propProxy) +} + +// ============================================================================= +// Phase 1: CRITICAL Coverage Tests +// ============================================================================= + +func TestStrictValidator_AllOfWithParentProperties(t *testing.T) { + // Covers polymorphic.go:88-91 - parent schema properties merged with allOf + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + MergedSchema: + type: object + properties: + parentProp: + type: string + allOf: + - type: object + properties: + childProp: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "MergedSchema") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Both parent and child properties should be considered declared + data := map[string]any{ + "parentProp": "from parent", + "childProp": "from child", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_AllOfWithParentProperties_UndeclaredReported(t *testing.T) { + // Verify undeclared properties are still caught with parent+allOf merge + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + MergedSchema: + type: object + properties: + parentProp: + type: string + allOf: + - type: object + properties: + childProp: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "MergedSchema") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + data := map[string]any{ + "parentProp": "from parent", + "childProp": "from child", + "undeclaredProp": "should be reported", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "undeclaredProp", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_AllOfReadOnlyInRequest(t *testing.T) { + // Covers polymorphic.go:116-117 - shouldSkipProperty for readOnly in allOf + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + ReadOnlyAllOf: + type: object + allOf: + - type: object + properties: + id: + type: string + readOnly: true + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "ReadOnlyAllOf") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // In request direction, readOnly property should be skipped + data := map[string]any{ + "id": "123", + "name": "test", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // id is readOnly - should be skipped in request validation (not flagged) + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_AllOfWriteOnlyInResponse(t *testing.T) { + // Covers polymorphic.go:222-223 - shouldSkipProperty for writeOnly in oneOf/anyOf + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + WriteOnlySchema: + type: object + oneOf: + - type: object + properties: + password: + type: string + writeOnly: true + email: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "WriteOnlySchema") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // In response direction, writeOnly property should be skipped + data := map[string]any{ + "password": "secret123", + "email": "user@example.com", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionResponse, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // password is writeOnly - should be skipped in response validation + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_AllOfWithIgnoredPath(t *testing.T) { + // Covers polymorphic.go:107-108 - shouldIgnore in allOf validation loop + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + IgnoreInAllOf: + type: object + allOf: + - type: object + properties: + data: + type: object + properties: + visible: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "IgnoreInAllOf") + + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body.data.metadata"), + ) + v := NewValidator(opts, 3.1) + + // metadata path is ignored, so undeclared properties there should not be reported + data := map[string]any{ + "data": map[string]any{ + "visible": "ok", + "metadata": map[string]any{ + "ignored": "should not be flagged", + "alsoIgnored": "also not flagged", + }, + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // metadata path is ignored, so no undeclared errors + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_OneOfWithIgnoredPath(t *testing.T) { + // Covers polymorphic.go:213-214 - shouldIgnore in oneOf/anyOf validation loop + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + IgnoreInOneOf: + type: object + oneOf: + - type: object + properties: + data: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "IgnoreInOneOf") + + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body.data.internal"), + ) + v := NewValidator(opts, 3.1) + + data := map[string]any{ + "data": map[string]any{ + "name": "visible", + "internal": map[string]any{ + "secret": "ignored", + }, + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_OneOfWithIgnoredTopLevelProperty(t *testing.T) { + // Covers polymorphic.go:213-214 - shouldIgnore at TOP LEVEL of oneOf iteration + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + OneOfIgnoreTopLevel: + type: object + oneOf: + - type: object + properties: + name: + type: string + internal: + type: object +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "OneOfIgnoreTopLevel") + + // Ignore "internal" property at top level - this directly hits line 214 + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body.internal"), + ) + v := NewValidator(opts, 3.1) + + data := map[string]any{ + "name": "visible", + "internal": map[string]any{ + "anything": "should be ignored entirely", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // internal property is ignored at top level, no errors + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_FindPropertySchemaInMerged_VariantProperty(t *testing.T) { + // Covers polymorphic.go:248-249 - property found in variant's explicit properties + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + OneOfVariantProp: + type: object + properties: + parentProp: + type: string + oneOf: + - type: object + properties: + variantProp: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "OneOfVariantProp") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // variantProp is defined in variant, should be found via line 249 + data := map[string]any{ + "parentProp": "parent", + "variantProp": "variant", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_FindPropertySchemaInMerged_ParentProperty(t *testing.T) { + // Covers polymorphic.go:254-256 - property found in parent's explicit properties + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + OneOfParentProp: + type: object + properties: + parentOnly: + type: string + oneOf: + - type: object + properties: + variantOnly: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "OneOfParentProp") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // parentOnly is NOT in variant, so findPropertySchemaInMerged falls through + // to parent lookup at line 254-256 + data := map[string]any{ + "parentOnly": "from parent", + "variantOnly": "from variant", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_FindPropertySchemaInMerged_VariantDirect(t *testing.T) { + // Covers polymorphic.go:247-249 - direct test with empty declared map + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Variant: + type: object + properties: + variantProp: + type: string +` + model := buildSchemaFromYAML(t, yml) + variant := getSchema(t, model, "Variant") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Call with empty declared map - forces lookup in variant.Properties (line 247-249) + result := v.findPropertySchemaInMerged(variant, nil, "variantProp", make(map[string]*declaredProperty)) + assert.NotNil(t, result) +} + +func TestStrictValidator_FindPropertySchemaInMerged_ParentDirect(t *testing.T) { + // Covers polymorphic.go:254-256 - direct test with empty declared map, no variant + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + Parent: + type: object + properties: + parentProp: + type: string +` + model := buildSchemaFromYAML(t, yml) + parent := getSchema(t, model, "Parent") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Call with nil variant and empty declared - forces lookup in parent.Properties (line 254-256) + result := v.findPropertySchemaInMerged(nil, parent, "parentProp", make(map[string]*declaredProperty)) + assert.NotNil(t, result) +} + +func TestStrictValidator_FindPropertySchemaInAllOf_FromAllOfSchema(t *testing.T) { + // Covers polymorphic.go:437-439 - property found in allOf schema's explicit properties + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + AllOfExplicitProp: + type: object + allOf: + - type: object + properties: + fromAllOf: + type: object + properties: + nested: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "AllOfExplicitProp") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // fromAllOf is in allOf schema, findPropertySchemaInAllOf should find it + // and recurse into nested object to detect undeclared + data := map[string]any{ + "fromAllOf": map[string]any{ + "nested": "valid", + "undeclared": "should be flagged", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // undeclared in nested object should be reported + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "undeclared", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_FindPropertySchemaInAllOf_Direct(t *testing.T) { + // Covers polymorphic.go:437-439 - direct test with empty declared map + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + AllOfSchema: + type: object + allOf: + - type: object + properties: + allOfProp: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "AllOfSchema") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Call with empty declared map - forces lookup in allOf schemas (line 437-439) + result := v.findPropertySchemaInAllOf(schema.AllOf, "allOfProp", make(map[string]*declaredProperty)) + assert.NotNil(t, result) +} + +func TestStrictValidator_RecurseIntoAllOfDeclaredProperties_ShouldIgnore(t *testing.T) { + // Covers polymorphic.go:455-456 - shouldIgnore in recurseIntoAllOfDeclaredProperties + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + AllOfIgnore: + type: object + additionalProperties: false + allOf: + - type: object + additionalProperties: false + properties: + name: + type: string + metadata: + type: object +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "AllOfIgnore") + + // Ignore metadata at top level + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body.metadata"), + ) + v := NewValidator(opts, 3.1) + + // Both parent and allOf have additionalProperties: false, + // so we go through recurseIntoAllOfDeclaredProperties + // metadata is ignored at line 455-456 + data := map[string]any{ + "name": "test", + "metadata": map[string]any{ + "anything": "ignored", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_RecurseIntoAllOfDeclaredProperties_SkipReadOnly(t *testing.T) { + // Covers polymorphic.go:461-462 - shouldSkipProperty in recurseIntoAllOfDeclaredProperties + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + AllOfReadOnly: + type: object + additionalProperties: false + allOf: + - type: object + additionalProperties: false + properties: + name: + type: string + id: + type: string + readOnly: true +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "AllOfReadOnly") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Both parent and allOf have additionalProperties: false, + // so we go through recurseIntoAllOfDeclaredProperties + // id is readOnly and skipped in request direction (line 461-462) + data := map[string]any{ + "name": "test", + "id": "should-be-skipped", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_RecurseIntoDeclaredPropertiesWithMerged_SkipReadOnly(t *testing.T) { + // Covers polymorphic.go:291-292 - shouldSkipProperty in recurseIntoDeclaredPropertiesWithMerged + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + OneOfWithReadOnly: + type: object + additionalProperties: false + properties: + name: + type: string + oneOf: + - type: object + additionalProperties: false + properties: + name: + type: string + id: + type: string + readOnly: true + data: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "OneOfWithReadOnly") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // In request direction, readOnly property "id" should be skipped (line 291-292) + // Both parent and variant have additionalProperties: false, so we go through + // recurseIntoDeclaredPropertiesWithMerged + // Note: variant must also declare "name" so data matches the variant + data := map[string]any{ + "name": "test", + "id": "should-be-skipped", + "data": "valid", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // id is readOnly and skipped in request, no validation errors + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_AllOfAdditionalPropertiesFalseRecurse(t *testing.T) { + // Covers polymorphic.go:461-462, 467-468 - recursion with additionalProperties: false + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + RecurseTest: + type: object + additionalProperties: false + allOf: + - type: object + properties: + nested: + type: object + properties: + valid: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "RecurseTest") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // nested.extra should be reported as undeclared + data := map[string]any{ + "nested": map[string]any{ + "valid": "ok", + "extra": "should be flagged", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) + assert.Equal(t, "$.body.nested.extra", result.UndeclaredValues[0].Path) +} + +func TestStrictValidator_OneOfVariantPropertyPriority(t *testing.T) { + // Covers polymorphic.go:248-250, 255-257 - findPropertySchemaInMerged + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + PriorityTest: + type: object + properties: + type: + type: string + oneOf: + - type: object + properties: + details: + type: object + properties: + variantField: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "PriorityTest") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // type is from parent, details is from variant + data := map[string]any{ + "type": "test", + "details": map[string]any{ + "variantField": "from variant", + "undeclared": "should be flagged", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // undeclared in details should be flagged + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "undeclared", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_PropertyDeclaredInAllOfChild(t *testing.T) { + // Covers polymorphic.go:46-47 - isPropertyDeclaredInAllOf continuation + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + AllOfChildProp: + type: object + properties: + parentOnly: + type: string + allOf: + - type: object + properties: + fromChild: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "AllOfChildProp") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // fromChild is declared in allOf child, should be considered declared + data := map[string]any{ + "parentOnly": "parent", + "fromChild": "child", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_ValidateAllOf_NilSchemaProxy(t *testing.T) { + // Covers polymorphic.go:67-68 - nil schemaProxy in allOf loop + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + AllOfWithNil: + type: object + allOf: + - type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "AllOfWithNil") + + // Inject nil into allOf array to test the nil check at line 67-68 + schema.AllOf = append(schema.AllOf, nil) + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + data := map[string]any{ + "name": "test", + "extra": "undeclared", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Should still work - nil schemaProxy is skipped + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_ValidateAllOf_IgnoreTopLevelProperty(t *testing.T) { + // Covers polymorphic.go:107-108 - shouldIgnore for top-level property in allOf + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + AllOfIgnoreTopLevel: + type: object + allOf: + - type: object + properties: + name: + type: string + metadata: + type: object +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "AllOfIgnoreTopLevel") + + // Ignore the metadata property at top level + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body.metadata"), + ) + v := NewValidator(opts, 3.1) + + data := map[string]any{ + "name": "test", + "metadata": map[string]any{ + "anything": "should be ignored at this level", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // metadata property is ignored entirely, no errors + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +// ============================================================================= +// Phase 2: HIGH Priority Coverage Tests +// ============================================================================= + +func TestStrictValidator_SchemaCacheHit(t *testing.T) { + // Covers matcher.go:60-62 - global schema cache hit path + // Need a oneOf schema to trigger dataMatchesSchema which uses getCompiledSchema + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + DogVariant: + type: object + properties: + breed: + type: string + CatVariant: + type: object + properties: + color: + type: string + CachedSchema: + type: object + oneOf: + - $ref: '#/components/schemas/DogVariant' + - $ref: '#/components/schemas/CatVariant' +` + model := buildSchemaFromYAML(t, yml) + dogSchema := getSchema(t, model, "DogVariant") + + // Create options with schema cache + opts := config.NewValidationOptions(config.WithStrictMode()) + + // Pre-populate the GLOBAL cache with a compiled schema for the DogVariant hash + // This is what findMatchingVariant will check via dataMatchesSchema + hash := dogSchema.GoLow().Hash() + compiledSchema, err := helpers.NewCompiledSchemaWithVersion( + "test-cached", + []byte(`{"type":"object","properties":{"breed":{"type":"string"}}}`), + opts, + 3.1, + ) + require.NoError(t, err) + opts.SchemaCache.Store(hash, &libcache.SchemaCacheEntry{ + CompiledSchema: compiledSchema, + }) + + v := NewValidator(opts, 3.1) + + // Data that matches DogVariant + data := map[string]any{ + "breed": "labrador", + "extra": "undeclared", + } + + // Get the parent oneOf schema + parentSchema := getSchema(t, model, "CachedSchema") + + // Validation should hit the GLOBAL cache when checking oneOf variants + result := v.Validate(Input{ + Schema: parentSchema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Should still detect undeclared property + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_PrefixItemsWithIgnoredPath(t *testing.T) { + // Covers array_validator.go:48-50 - shouldIgnore in prefixItems loop + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + TupleIgnore: + type: array + prefixItems: + - type: object + properties: + id: + type: string + - type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "TupleIgnore") + + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body[0]"), + ) + v := NewValidator(opts, 3.1) + + // First item should be ignored entirely, second item should be validated + data := []any{ + map[string]any{ + "id": "1", + "extraInFirst": "ignored because path $.body[0] is ignored", + }, + map[string]any{ + "name": "test", + "extraInSecond": "should be flagged", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Only second item's extra property should be flagged + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extraInSecond", result.UndeclaredValues[0].Name) + assert.Equal(t, "$.body[1].extraInSecond", result.UndeclaredValues[0].Path) +} + +func TestStrictValidator_ItemsWithIgnoredPath(t *testing.T) { + // Covers array_validator.go:71-72 - shouldIgnore in items loop + // Need to ignore the ITEM PATH itself ($.body[0]) not a nested property + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + ArrayIgnore: + type: array + items: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "ArrayIgnore") + + // Ignore the first array item entirely ($.body[0]) + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body[0]"), + ) + v := NewValidator(opts, 3.1) + + data := []any{ + map[string]any{ + "name": "item1", + "extra": "should be ignored because $.body[0] is ignored", + }, + map[string]any{ + "name": "item2", + "extra": "should be flagged", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // First item ignored, only second item's extra should be flagged + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) + assert.Equal(t, "$.body[1].extra", result.UndeclaredValues[0].Path) +} + +func TestValidateRequestHeaders_DeclaredHeaderSkipped(t *testing.T) { + // Covers validator.go:123-125 - declared header skip in request validation + opts := config.NewValidationOptions(config.WithStrictMode()) + + // Create params with X-Custom header declared + params := []*v3.Parameter{ + { + Name: "X-Custom", + In: "header", + }, + { + Name: "X-Another", + In: "header", + }, + } + + headers := http.Header{ + "X-Custom": []string{"declared-value"}, + "X-Another": []string{"also-declared"}, + "X-Undeclared": []string{"should-be-flagged"}, + } + + undeclared := ValidateRequestHeaders(headers, params, nil, opts) + + // Only X-Undeclared should be reported + assert.Len(t, undeclared, 1) + assert.Equal(t, "X-Undeclared", undeclared[0].Name) +} + +func TestValidateRequestHeaders_NilOrDisabled(t *testing.T) { + // Covers validator.go:103 - early return when headers nil, options nil, or strict mode disabled + params := []*v3.Parameter{{Name: "X-Custom", In: "header"}} + headers := http.Header{"X-Custom": []string{"value"}} + + // Test nil headers + result := ValidateRequestHeaders(nil, params, nil, config.NewValidationOptions(config.WithStrictMode())) + assert.Nil(t, result) + + // Test nil options + result = ValidateRequestHeaders(headers, params, nil, nil) + assert.Nil(t, result) + + // Test strict mode disabled + opts := config.NewValidationOptions() // strict mode off by default + result = ValidateRequestHeaders(headers, params, nil, opts) + assert.Nil(t, result) +} + +func TestValidateRequestHeaders_IgnoredHeaderSkipped(t *testing.T) { + // Covers validator.go:129 - skip when header is in ignored list + opts := config.NewValidationOptions(config.WithStrictMode()) + + // No declared headers - but Content-Type is in default ignored list + params := []*v3.Parameter{} + + headers := http.Header{ + "Content-Type": []string{"application/json"}, // ignored by default + "Authorization": []string{"Bearer token"}, // ignored by default + "X-Custom": []string{"should-be-flagged"}, + } + + undeclared := ValidateRequestHeaders(headers, params, nil, opts) + + // Only X-Custom should be reported (Content-Type and Authorization are ignored) + assert.Len(t, undeclared, 1) + assert.Equal(t, "X-Custom", undeclared[0].Name) +} + +func TestValidateRequestHeaders_SecurityHeadersRecognized(t *testing.T) { + // Covers validator.go:122-125 - security scheme headers are recognized as declared + opts := config.NewValidationOptions(config.WithStrictMode()) + + // No declared params - security headers come from security schemes + params := []*v3.Parameter{} + + // Security headers extracted from security schemes + securityHeaders := []string{"X-API-Key", "X-Custom-Auth"} + + headers := http.Header{ + "X-Api-Key": []string{"my-api-key"}, // matches securityHeaders (case-insensitive) + "X-Custom-Auth": []string{"custom-token"}, // matches securityHeaders + "X-Unknown": []string{"should-be-flagged"}, + } + + undeclared := ValidateRequestHeaders(headers, params, securityHeaders, opts) + + // Only X-Unknown should be reported; X-Api-Key and X-Custom-Auth are recognized as security headers + assert.Len(t, undeclared, 1) + assert.Equal(t, "X-Unknown", undeclared[0].Name) +} + +func TestValidateRequestHeaders_SecurityHeadersCaseInsensitive(t *testing.T) { + // Verify security header matching is case-insensitive + opts := config.NewValidationOptions(config.WithStrictMode()) + + params := []*v3.Parameter{} + securityHeaders := []string{"X-API-KEY"} // uppercase + + headers := http.Header{ + "x-api-key": []string{"my-key"}, // lowercase in request + } + + undeclared := ValidateRequestHeaders(headers, params, securityHeaders, opts) + + // Should not report x-api-key as undeclared (case-insensitive match) + assert.Empty(t, undeclared) +} + +func TestValidateRequestHeaders_BothParamsAndSecurityHeaders(t *testing.T) { + // Test that both params and security headers are recognized + opts := config.NewValidationOptions(config.WithStrictMode()) + + params := []*v3.Parameter{ + {Name: "X-Request-Id", In: "header"}, + } + securityHeaders := []string{"X-API-Key"} + + headers := http.Header{ + "X-Request-Id": []string{"123"}, // declared via params + "X-Api-Key": []string{"key"}, // declared via security schemes + "X-Other": []string{"should-be-flagged"}, + } + + undeclared := ValidateRequestHeaders(headers, params, securityHeaders, opts) + + // Only X-Other should be reported + assert.Len(t, undeclared, 1) + assert.Equal(t, "X-Other", undeclared[0].Name) +} + +func TestValidateRequestHeaders_EmptySecurityHeaders(t *testing.T) { + // Test with empty security headers slice (not nil) + opts := config.NewValidationOptions(config.WithStrictMode()) + + params := []*v3.Parameter{} + securityHeaders := []string{} // empty, not nil + + headers := http.Header{ + "X-Custom": []string{"value"}, + } + + undeclared := ValidateRequestHeaders(headers, params, securityHeaders, opts) + + // X-Custom should be flagged since there are no declared headers + assert.Len(t, undeclared, 1) + assert.Equal(t, "X-Custom", undeclared[0].Name) +} + +func TestValidateResponseHeaders_DeclaredHeaderSkipped(t *testing.T) { + // Covers validator.go:219-223, 228-230 - declared header handling in response + opts := config.NewValidationOptions(config.WithStrictMode()) + + // Create declared headers map + declaredHeaders := make(map[string]*v3.Header) + declaredHeaders["X-Response-Id"] = &v3.Header{} + + headers := http.Header{ + "X-Response-Id": []string{"declared"}, + "X-Undeclared": []string{"should-be-flagged"}, + } + + undeclared := ValidateResponseHeaders(headers, &declaredHeaders, opts) + + // Only X-Undeclared should be reported + assert.Len(t, undeclared, 1) + assert.Equal(t, "X-Undeclared", undeclared[0].Name) +} + +func TestValidateResponseHeaders_WithDeclaredHeaders(t *testing.T) { + // Covers validator.go:219-223, 228-230 - building declared names list + opts := config.NewValidationOptions(config.WithStrictMode()) + + // Create declared headers map with multiple headers + declaredHeaders := make(map[string]*v3.Header) + declaredHeaders["X-Rate-Limit"] = &v3.Header{} + declaredHeaders["X-Request-Id"] = &v3.Header{} + + headers := http.Header{ + "X-Rate-Limit": []string{"100"}, + "X-Request-Id": []string{"abc123"}, + "X-Undeclared": []string{"flagged"}, + } + + undeclared := ValidateResponseHeaders(headers, &declaredHeaders, opts) + + // Only X-Undeclared should be reported + assert.Len(t, undeclared, 1) + assert.Equal(t, "X-Undeclared", undeclared[0].Name) +} + +func TestValidateResponseHeaders_IgnorePathMatch(t *testing.T) { + // Covers validator.go:239 - skip when header matches ignore path pattern + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.headers.x-internal"), + ) + + declaredHeaders := make(map[string]*v3.Header) + + headers := http.Header{ + "X-Internal": []string{"should-be-ignored"}, // matches ignore path + "X-Undeclared": []string{"should-be-flagged"}, + } + + undeclared := ValidateResponseHeaders(headers, &declaredHeaders, opts) + + // Only X-Undeclared should be reported (X-Internal matches ignore path) + assert.Len(t, undeclared, 1) + assert.Equal(t, "X-Undeclared", undeclared[0].Name) +} + +func TestNewValidator_WithIgnorePaths(t *testing.T) { + // Covers types.go:310-311 - compiledIgnorePaths populated + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body.metadata", "$.body.internal"), + ) + + v := NewValidator(opts, 3.1) + + // Verify ignore paths are compiled + assert.NotNil(t, v) + assert.Len(t, v.compiledIgnorePaths, 2) + + // Test that the patterns work + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + TestSchema: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "TestSchema") + + // metadata and internal are undeclared properties that match ignore patterns + data := map[string]any{ + "name": "test", + "metadata": map[string]any{ + "ignored": "value", + }, + "internal": map[string]any{ + "deep": map[string]any{ + "nested": "also ignored", + }, + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // metadata and internal paths are ignored, so no undeclared errors + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestNewValidator_WithCustomLogger(t *testing.T) { + // Covers types.go:295 - custom logger from options + customLogger := slog.New(slog.NewTextHandler(nil, nil)) + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithLogger(customLogger), + ) + + v := NewValidator(opts, 3.1) + + // Verify the custom logger is used + assert.NotNil(t, v) + assert.Equal(t, customLogger, v.logger) +} + +// ============================================================================= +// Phase 3: MEDIUM Priority Tests +// ============================================================================= + +func TestStrictValidator_PrimitiveValuesIgnored(t *testing.T) { + // Covers schema_walker.go:37-38 - validateValue default case for primitives + // Primitive values (string, number, boolean) have no properties to check + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + StringSchema: + type: string + NumberSchema: + type: number + BooleanSchema: + type: boolean +` + model := buildSchemaFromYAML(t, yml) + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test string value - no properties to check + stringSchema := getSchema(t, model, "StringSchema") + result := v.Validate(Input{ + Schema: stringSchema, + Data: "just a string", + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) + + // Test number value + numberSchema := getSchema(t, model, "NumberSchema") + result = v.Validate(Input{ + Schema: numberSchema, + Data: 42.5, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) + + // Test boolean value + boolSchema := getSchema(t, model, "BooleanSchema") + result = v.Validate(Input{ + Schema: boolSchema, + Data: true, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_AdditionalPropertiesSchemaRecurse(t *testing.T) { + // Covers schema_walker.go:72-80 - recurse into additionalProperties schema + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + AddlPropsNested: + type: object + properties: + id: + type: string + additionalProperties: + type: object + properties: + nested: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "AddlPropsNested") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Data with nested undeclared property inside additionalProperties + data := map[string]any{ + "id": "1", + "extra": map[string]any{ + "nested": "ok", + "bad": "undeclared inside extra", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Both "extra" at top level AND "bad" inside extra should be reported + assert.False(t, result.Valid) + assert.GreaterOrEqual(t, len(result.UndeclaredValues), 1) + + // Find undeclared values + foundExtra := false + foundBad := false + for _, uv := range result.UndeclaredValues { + if uv.Name == "extra" { + foundExtra = true + } + if uv.Name == "bad" { + foundBad = true + } + } + assert.True(t, foundExtra, "expected 'extra' to be reported as undeclared") + assert.True(t, foundBad, "expected 'bad' inside extra to be reported as undeclared") +} + +func TestStrictValidator_AdditionalPropertiesFalseShortCircuit(t *testing.T) { + // Covers schema_walker.go:113-115 - shouldReportUndeclared returns false + // When additionalProperties: false, JSON Schema handles it, not strict mode + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + NoExtras: + type: object + additionalProperties: false + properties: + id: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "NoExtras") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Data with extra property - additionalProperties: false handles this + data := map[string]any{ + "id": "1", + "extra": "should be handled by JSON Schema, not strict", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Strict mode should NOT report this because additionalProperties: false + // means JSON Schema will handle it + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_PatternPropertiesWithAdditionalFalse(t *testing.T) { + // Covers schema_walker.go:223-228 - patternProperties with additionalProperties: false + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + PatternOnly: + type: object + additionalProperties: false + patternProperties: + "^x-": + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "PatternOnly") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // x-custom matches the pattern, so it's declared + data := map[string]any{ + "x-custom": "ok", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // x-custom matches pattern and additionalProperties: false handles the rest + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_InvalidPatternPropertiesRegex(t *testing.T) { + // Covers property_collector.go:46-49 - invalid regex skipped + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + InvalidPattern: + type: object + properties: + id: + type: string + patternProperties: + "[invalid(regex": + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "InvalidPattern") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Property name that would match the invalid pattern if it could compile + data := map[string]any{ + "id": "1", + "[invalid(regex": "value", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Invalid pattern is skipped, so the property is reported as undeclared + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "[invalid(regex", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_UnevaluatedItemsWithIgnoredPath(t *testing.T) { + // Covers array_validator.go:97-98 - shouldIgnore in unevaluatedItems + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + UnevalIgnore: + type: array + unevaluatedItems: + type: object + properties: + id: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "UnevalIgnore") + + // Ignore the first array element + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body[0]"), + ) + v := NewValidator(opts, 3.1) + + // First item has undeclared 'extra', but it should be ignored + data := []any{ + map[string]any{ + "id": "1", + "extra": "should be ignored at index 0", + }, + map[string]any{ + "id": "2", + "extra2": "should be reported at index 1", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // First item ignored, second item's extra2 should be reported + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra2", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_AdditionalPropertiesSchemaReportsUndeclared(t *testing.T) { + // Covers schema_walker.go:122-126 - additionalProperties with schema still reports + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + SchemaAddl: + type: object + additionalProperties: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "SchemaAddl") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Data with extra property allowed by additionalProperties schema + data := map[string]any{ + "extra": "ok per JSON Schema but flagged by strict", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Strict mode should still flag undeclared properties even when + // additionalProperties allows them + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_NilSchemaPassesValidation(t *testing.T) { + // Covers matcher.go:38-40 - nil schema handling in dataMatchesSchema + // When schema is nil, validation passes (no schema means anything matches) + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Test with nil schema directly using dataMatchesSchema + matches, err := v.dataMatchesSchema(nil, map[string]any{"key": "value"}) + assert.NoError(t, err) + assert.True(t, matches, "nil schema should match any data") + + // Also test with different data types + matches, err = v.dataMatchesSchema(nil, "string value") + assert.NoError(t, err) + assert.True(t, matches) + + matches, err = v.dataMatchesSchema(nil, 123) + assert.NoError(t, err) + assert.True(t, matches) + + matches, err = v.dataMatchesSchema(nil, []any{1, 2, 3}) + assert.NoError(t, err) + assert.True(t, matches) +} + +func TestStrictValidator_ValidateValue_ShouldIgnore(t *testing.T) { + // Covers schema_walker.go:17-18 - shouldIgnore in validateValue at ENTRY point + // Need to ignore $.body itself so the check happens at validateValue entry + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + IgnoreTest: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "IgnoreTest") + + // Ignore the entire body - validateValue entry should return early at line 18 + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body"), + ) + v := NewValidator(opts, 3.1) + + data := map[string]any{ + "name": "valid", + "undeclared": "should be ignored because entire body is ignored", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Entire body is ignored, so no undeclared errors + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_ValidateValue_CycleDetection(t *testing.T) { + // Covers schema_walker.go:27-28 - cycle detection in validateValue + // Need to call validateValue directly with a pre-visited context + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + TestSchema: + type: object + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "TestSchema") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Create a context and pre-mark the schema as visited at this path + ctx := newTraversalContext(DirectionRequest, v.compiledIgnorePaths, "$.body") + schemaKey := v.getSchemaKey(schema) + ctx.checkAndMarkVisited(schemaKey) // First visit - marks as visited + + data := map[string]any{ + "name": "test", + "undeclared": "should not be detected due to cycle", + } + + // Call validateValue directly - should hit line 28 (cycle detected) + result := v.validateValue(ctx, schema, data) + + // Cycle detected, returns early with no errors + assert.Empty(t, result) +} + +func TestStrictValidator_ShouldReportUndeclared_AdditionalPropertiesTrue(t *testing.T) { + // Covers schema_walker.go:119-120 - additionalProperties: true explicit + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + ExplicitTrue: + type: object + additionalProperties: true + properties: + name: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "ExplicitTrue") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Extra property allowed by additionalProperties: true but flagged by strict + data := map[string]any{ + "name": "test", + "extra": "should be flagged in strict mode", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // Strict mode should flag undeclared even with additionalProperties: true + assert.False(t, result.Valid) + assert.Len(t, result.UndeclaredValues, 1) + assert.Equal(t, "extra", result.UndeclaredValues[0].Name) +} + +func TestStrictValidator_RecurseIntoDeclaredProperties_PropertyNotInData(t *testing.T) { + // Covers schema_walker.go:179-180 - continue when schema property not in data + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + MissingProp: + type: object + additionalProperties: false + properties: + required: + type: string + optional: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "MissingProp") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Only provide 'required', not 'optional' - line 180 should be hit + data := map[string]any{ + "required": "value", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // No undeclared properties + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_RecurseIntoDeclaredProperties_SkipReadOnly(t *testing.T) { + // Covers schema_walker.go:194-195 - shouldSkipProperty in recurseIntoDeclaredProperties + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + ReadOnlyProp: + type: object + additionalProperties: false + properties: + name: + type: string + id: + type: string + readOnly: true +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "ReadOnlyProp") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // Include readOnly property in request - should be skipped (line 195) + data := map[string]any{ + "name": "test", + "id": "should-be-skipped", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // id is readOnly and skipped, no errors + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_RecurseIntoDeclaredProperties_ShouldIgnore(t *testing.T) { + // Covers schema_walker.go:188-189 - shouldIgnore for explicit property + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + IgnoreProp: + type: object + additionalProperties: false + properties: + name: + type: string + metadata: + type: object + properties: + nested: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "IgnoreProp") + + // Ignore metadata property + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body.metadata"), + ) + v := NewValidator(opts, 3.1) + + // metadata has undeclared property but is ignored (line 189) + data := map[string]any{ + "name": "test", + "metadata": map[string]any{ + "nested": "ok", + "undeclared": "should be ignored", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // metadata is ignored, no errors + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_RecurseIntoDeclaredProperties_PatternNoMatch(t *testing.T) { + // Covers schema_walker.go:210-211 - property doesn't match any patternProperty + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + PatternSchema: + type: object + additionalProperties: false + properties: + name: + type: string + patternProperties: + "^x-": + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "PatternSchema") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // "other" doesn't match explicit props or pattern "^x-" - line 211 hit + data := map[string]any{ + "name": "test", + "x-custom": "matches pattern", + "other": "doesn't match pattern", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // "other" doesn't match pattern, but additionalProperties: false handles it + // so strict mode doesn't report it + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_RecurseIntoDeclaredProperties_PatternSkipReadOnly(t *testing.T) { + // Covers schema_walker.go:225-226 - shouldSkipProperty for patternProperty + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + PatternReadOnly: + type: object + additionalProperties: false + properties: + name: + type: string + patternProperties: + "^x-": + type: string + readOnly: true +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "PatternReadOnly") + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + // x-custom matches pattern but schema is readOnly - skip in request (line 226) + data := map[string]any{ + "name": "test", + "x-custom": "matches readOnly pattern", + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // x-custom matches pattern but is readOnly, skipped in request + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_RecurseIntoDeclaredProperties_PatternShouldIgnore(t *testing.T) { + // Covers schema_walker.go:219-220 - shouldIgnore for patternProperty path + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + PatternIgnore: + type: object + additionalProperties: false + properties: + name: + type: string + patternProperties: + "^x-": + type: object + properties: + nested: + type: string +` + model := buildSchemaFromYAML(t, yml) + schema := getSchema(t, model, "PatternIgnore") + + // Ignore the pattern-matched property path + opts := config.NewValidationOptions( + config.WithStrictMode(), + config.WithStrictIgnorePaths("$.body.x-custom"), + ) + v := NewValidator(opts, 3.1) + + // x-custom matches pattern, path matches ignore pattern - should skip (line 220) + data := map[string]any{ + "name": "test", + "x-custom": map[string]any{ + "nested": "valid", + "undeclared": "should be ignored because path is ignored", + }, + } + + result := v.Validate(Input{ + Schema: schema, + Data: data, + Direction: DirectionRequest, + Options: opts, + BasePath: "$.body", + Version: 3.1, + }) + + // x-custom path is ignored, so no undeclared errors + assert.True(t, result.Valid) + assert.Empty(t, result.UndeclaredValues) +} + +func TestStrictValidator_ValidateVariantWithParent_VariantNilGoLow(t *testing.T) { + // Covers polymorphic.go:233-234 - fallback to parent when variant.GoLow() is nil + // This tests the defensive code path for programmatically created schemas + + // Build a real parent schema from YAML (has GoLow()) + yml := `openapi: "3.1.0" +info: + title: Test + version: "1.0" +paths: {} +components: + schemas: + ParentSchema: + type: object + properties: + parentProp: + type: string +` + model := buildSchemaFromYAML(t, yml) + parent := getSchema(t, model, "ParentSchema") + require.NotNil(t, parent.GoLow()) + + // Create a variant schema programmatically (no GoLow()) + variant := &base.Schema{ + Type: []string{"object"}, + } + require.Nil(t, variant.GoLow()) + + opts := config.NewValidationOptions(config.WithStrictMode()) + v := NewValidator(opts, 3.1) + + ctx := newTraversalContext(DirectionRequest, nil, "$.body") + + // Data with undeclared property - triggers line 230-237 + data := map[string]any{ + "parentProp": "value", + "undeclared": "triggers undeclared path", + } + + result := v.validateVariantWithParent(ctx, parent, variant, data) + + // Should detect undeclared property and use parent's location (since variant has no GoLow) + assert.Len(t, result, 1) + assert.Equal(t, "undeclared", result[0].Name) + // Location should come from parent (not crash due to nil variant.GoLow()) + assert.Greater(t, result[0].SpecLine, 0) +} diff --git a/test_specs/nullable_enum.yaml b/test_specs/nullable_enum.yaml new file mode 100644 index 00000000..32f71274 --- /dev/null +++ b/test_specs/nullable_enum.yaml @@ -0,0 +1,131 @@ +openapi: 3.0.2 +info: + title: Nullable Enum Test API + version: 1.0.0 + description: Test specification for nullable enum validation +paths: + /status: + get: + summary: Get status with nullable enum + operationId: getStatus + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/StatusResponse' + post: + summary: Create status + operationId: createStatus + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/StatusRequest' + responses: + '201': + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/StatusResponse' + /items: + get: + summary: Get items with nullable enum in array + operationId: getItems + responses: + '200': + description: Successful response + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Item' +components: + schemas: + StatusResponse: + type: object + required: + - id + properties: + id: + type: integer + format: int64 + status: + type: string + description: Status field with nullable enum (no null in enum) + enum: + - active + - inactive + - pending + - archived + nullable: true + priority: + type: string + description: Priority field with nullable enum (null already in enum) + enum: + - high + - medium + - low + - null + nullable: true + category: + type: string + description: Non-nullable enum + enum: + - public + - private + - internal + StatusRequest: + type: object + required: + - status + properties: + status: + type: string + enum: + - active + - inactive + - pending + - archived + nullable: true + priority: + type: string + enum: + - high + - medium + - low + - null + nullable: true + Item: + type: object + required: + - id + - name + properties: + id: + type: integer + format: int64 + name: + type: string + status: + type: string + description: Nested nullable enum + enum: + - available + - sold + - reserved + nullable: true + metadata: + type: object + properties: + visibility: + type: string + description: Deeply nested nullable enum + enum: + - visible + - hidden + nullable: true diff --git a/validator.go b/validator.go index bcfdf517..bc6e39cf 100644 --- a/validator.go +++ b/validator.go @@ -1,4 +1,4 @@ -// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley // SPDX-License-Identifier: MIT package validator @@ -6,12 +6,15 @@ package validator import ( "fmt" "net/http" + "sort" "sync" "github.com/pb33f/libopenapi" "github.com/pb33f/libopenapi/datamodel/high/base" - v3 "github.com/pb33f/libopenapi/datamodel/high/v3" "github.com/pb33f/libopenapi/utils" + "go.yaml.in/yaml/v4" + + v3 "github.com/pb33f/libopenapi/datamodel/high/v3" "github.com/pb33f/libopenapi-validator/cache" "github.com/pb33f/libopenapi-validator/config" @@ -88,13 +91,13 @@ func NewValidatorFromV3Model(m *v3.Document, opts ...config.Option) Validator { v := &validator{options: options, v3Model: m} // create a new parameter validator - v.paramValidator = parameters.NewParameterValidator(m, opts...) + v.paramValidator = parameters.NewParameterValidator(m, config.WithExistingOpts(options)) // create aq new request body validator - v.requestValidator = requests.NewRequestBodyValidator(m, opts...) + v.requestValidator = requests.NewRequestBodyValidator(m, config.WithExistingOpts(options)) // create a response body validator - v.responseValidator = responses.NewResponseBodyValidator(m, opts...) + v.responseValidator = responses.NewResponseBodyValidator(m, config.WithExistingOpts(options)) // warm the schema caches by pre-compiling all schemas in the document // (warmSchemaCaches checks for nil cache and skips if disabled) @@ -122,8 +125,8 @@ func (v *validator) GetResponseBodyValidator() responses.ResponseBodyValidator { func (v *validator) ValidateDocument() (bool, []*errors.ValidationError) { if v.document == nil { return false, []*errors.ValidationError{{ - ValidationType: "document", - ValidationSubType: "missing", + ValidationType: helpers.DocumentValidation, + ValidationSubType: helpers.ValidationMissing, Message: "Document is not set", Reason: "The document cannot be validated as it is not set", SpecLine: 1, @@ -291,6 +294,10 @@ func (v *validator) ValidateHttpRequestWithPathItem(request *http.Request, pathI // wait for all the validations to complete <-doneChan + + // sort errors for deterministic ordering (async validation can return errors in any order) + sortValidationErrors(validationErrors) + return len(validationErrors) == 0, validationErrors } @@ -371,6 +378,17 @@ type ( validationFunctionAsync func(control chan struct{}, errorChan chan []*errors.ValidationError) ) +// sortValidationErrors sorts validation errors for deterministic ordering. +// Errors are sorted by validation type first, then by message. +func sortValidationErrors(errs []*errors.ValidationError) { + sort.Slice(errs, func(i, j int) bool { + if errs[i].ValidationType != errs[j].ValidationType { + return errs[i].ValidationType < errs[j].ValidationType + } + return errs[i].Message < errs[j].Message + }) +} + // warmSchemaCaches pre-compiles all schemas in the OpenAPI document and stores them in the validator caches. // This frontloads the compilation cost so that runtime validation doesn't need to compile schemas. func warmSchemaCaches( @@ -467,18 +485,24 @@ func warmMediaTypeSchema(mediaType *v3.MediaType, schemaCache cache.SchemaCache, if _, exists := schemaCache.Load(hash); !exists { schema := mediaType.Schema.Schema() if schema != nil { - renderedInline, _ := schema.RenderInline() + renderCtx := base.NewInlineRenderContext() + renderedInline, _ := schema.RenderInlineWithContext(renderCtx) referenceSchema := string(renderedInline) renderedJSON, _ := utils.ConvertYAMLtoJSON(renderedInline) if len(renderedInline) > 0 { compiledSchema, _ := helpers.NewCompiledSchema(fmt.Sprintf("%x", hash), renderedJSON, options) + // Pre-parse YAML node for error reporting (avoids re-parsing on each error) + var renderedNode yaml.Node + _ = yaml.Unmarshal(renderedInline, &renderedNode) + schemaCache.Store(hash, &cache.SchemaCacheEntry{ Schema: schema, RenderedInline: renderedInline, ReferenceSchema: referenceSchema, RenderedJSON: renderedJSON, CompiledSchema: compiledSchema, + RenderedNode: &renderedNode, }) } } @@ -490,7 +514,7 @@ func warmMediaTypeSchema(mediaType *v3.MediaType, schemaCache cache.SchemaCache, func warmParameterSchema(param *v3.Parameter, schemaCache cache.SchemaCache, options *config.ValidationOptions) { if param != nil { var schema *base.Schema - var hash [32]byte + var hash uint64 // Parameters can have schemas in two places: schema property or content property if param.Schema != nil { @@ -514,12 +538,17 @@ func warmParameterSchema(param *v3.Parameter, schemaCache cache.SchemaCache, opt if schema != nil { if _, exists := schemaCache.Load(hash); !exists { - renderedInline, _ := schema.RenderInline() + renderCtx := base.NewInlineRenderContext() + renderedInline, _ := schema.RenderInlineWithContext(renderCtx) referenceSchema := string(renderedInline) renderedJSON, _ := utils.ConvertYAMLtoJSON(renderedInline) if len(renderedInline) > 0 { compiledSchema, _ := helpers.NewCompiledSchema(fmt.Sprintf("%x", hash), renderedJSON, options) + // Pre-parse YAML node for error reporting (avoids re-parsing on each error) + var renderedNode yaml.Node + _ = yaml.Unmarshal(renderedInline, &renderedNode) + // Store in cache using the shared SchemaCache type schemaCache.Store(hash, &cache.SchemaCacheEntry{ Schema: schema, @@ -527,6 +556,7 @@ func warmParameterSchema(param *v3.Parameter, schemaCache cache.SchemaCache, opt ReferenceSchema: referenceSchema, RenderedJSON: renderedJSON, CompiledSchema: compiledSchema, + RenderedNode: &renderedNode, }) } } diff --git a/validator_examples_test.go b/validator_examples_test.go index 2a656264..a0fb8e2b 100644 --- a/validator_examples_test.go +++ b/validator_examples_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley // SPDX-License-Identifier: MIT package validator @@ -72,6 +72,8 @@ func ExampleNewValidator_validateHttpRequest() { } // 4. Create a new *http.Request (normally, this would be where the host application will pass in the request) + // Note: /pet/{petId} requires api_key OR petstore_auth (OAuth2). Since OAuth2 is not validated, + // the security check passes. The path parameter validation fails because "NotAValidPetId" is not an integer. request, _ := http.NewRequest(http.MethodGet, "/pet/NotAValidPetId", nil) // 5. Validate! @@ -83,8 +85,7 @@ func ExampleNewValidator_validateHttpRequest() { fmt.Printf("Type: %s, Failure: %s\n", e.ValidationType, e.Message) } } - // Output: Type: security, Failure: API Key api_key not found in header - // Type: parameter, Failure: Path parameter 'petId' is not a valid integer + // Output: Type: parameter, Failure: Path parameter 'petId' is not a valid integer } func ExampleNewValidator_validateHttpRequestSync() { @@ -120,8 +121,7 @@ func ExampleNewValidator_validateHttpRequestSync() { fmt.Printf("Type: %s, Failure: %s\n", e.ValidationType, e.Message) } } - // Type: parameter, Failure: Path parameter 'petId' is not a valid integer - // Output: Type: security, Failure: API Key api_key not found in header + // Output: Type: parameter, Failure: Path parameter 'petId' is not a valid integer } func ExampleNewValidator_validateHttpRequestResponse() { diff --git a/validator_nullable_enum_test.go b/validator_nullable_enum_test.go new file mode 100644 index 00000000..26931659 --- /dev/null +++ b/validator_nullable_enum_test.go @@ -0,0 +1,333 @@ +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley +// SPDX-License-Identifier: MIT + +package validator + +import ( + "bytes" + "encoding/json" + "io" + "net/http" + "os" + "testing" + + "github.com/pb33f/libopenapi" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestNullableEnum_ResponseValidation_NullValue tests that nullable enum fields +// accept null values even when null is not explicitly in the enum definition +func TestNullableEnum_ResponseValidation_NullValue(t *testing.T) { + spec, err := os.ReadFile("test_specs/nullable_enum.yaml") + require.NoError(t, err) + + doc, err := libopenapi.NewDocument(spec) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // Test response with null status (enum doesn't explicitly contain null) + responseBody := map[string]interface{}{ + "id": 1, + "status": nil, // null value for nullable enum + } + + body, _ := json.Marshal(responseBody) + + request, _ := http.NewRequest(http.MethodGet, "https://example.com/status", nil) + response := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: io.NopCloser(bytes.NewBuffer(body)), + Request: request, + } + + valid, validationErrs := v.ValidateHttpResponse(request, response) + + assert.True(t, valid, "Response should be valid with null enum value") + assert.Empty(t, validationErrs, "Should have no validation errors") +} + +// TestNullableEnum_ResponseValidation_EnumValue tests that nullable enum fields +// accept valid enum values +func TestNullableEnum_ResponseValidation_EnumValue(t *testing.T) { + spec, err := os.ReadFile("test_specs/nullable_enum.yaml") + require.NoError(t, err) + + doc, err := libopenapi.NewDocument(spec) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // Test response with valid enum value + responseBody := map[string]interface{}{ + "id": 1, + "status": "active", // valid enum value + } + + body, _ := json.Marshal(responseBody) + + request, _ := http.NewRequest(http.MethodGet, "https://example.com/status", nil) + response := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: io.NopCloser(bytes.NewBuffer(body)), + Request: request, + } + + valid, validationErrs := v.ValidateHttpResponse(request, response) + + assert.True(t, valid, "Response should be valid with enum value") + assert.Empty(t, validationErrs, "Should have no validation errors") +} + +// TestNullableEnum_ResponseValidation_InvalidEnumValue tests that nullable enum fields +// reject invalid enum values +func TestNullableEnum_ResponseValidation_InvalidEnumValue(t *testing.T) { + spec, err := os.ReadFile("test_specs/nullable_enum.yaml") + require.NoError(t, err) + + doc, err := libopenapi.NewDocument(spec) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // Test response with invalid enum value + responseBody := map[string]interface{}{ + "id": 1, + "status": "invalid_status", // invalid enum value + } + + body, _ := json.Marshal(responseBody) + + request, _ := http.NewRequest(http.MethodGet, "https://example.com/status", nil) + response := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: io.NopCloser(bytes.NewBuffer(body)), + Request: request, + } + + valid, validationErrs := v.ValidateHttpResponse(request, response) + + assert.False(t, valid, "Response should be invalid with non-enum value") + assert.NotEmpty(t, validationErrs, "Should have validation errors") +} + +// TestNullableEnum_ResponseValidation_PriorityWithNullInEnum tests enum that +// already has null in the enum definition +func TestNullableEnum_ResponseValidation_PriorityWithNullInEnum(t *testing.T) { + spec, err := os.ReadFile("test_specs/nullable_enum.yaml") + require.NoError(t, err) + + doc, err := libopenapi.NewDocument(spec) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // Test response with null priority (enum explicitly contains null) + responseBody := map[string]interface{}{ + "id": 1, + "priority": nil, // null value for nullable enum (null already in enum) + } + + body, _ := json.Marshal(responseBody) + + request, _ := http.NewRequest(http.MethodGet, "https://example.com/status", nil) + response := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: io.NopCloser(bytes.NewBuffer(body)), + Request: request, + } + + valid, validationErrs := v.ValidateHttpResponse(request, response) + + assert.True(t, valid, "Response should be valid with null enum value") + assert.Empty(t, validationErrs, "Should have no validation errors") +} + +// TestNullableEnum_ResponseValidation_NonNullableEnum tests that non-nullable +// enum fields reject null values +func TestNullableEnum_ResponseValidation_NonNullableEnum(t *testing.T) { + spec, err := os.ReadFile("test_specs/nullable_enum.yaml") + require.NoError(t, err) + + doc, err := libopenapi.NewDocument(spec) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // Test response with null category (non-nullable enum) + responseBody := map[string]interface{}{ + "id": 1, + "category": nil, // null value for NON-nullable enum + } + + body, _ := json.Marshal(responseBody) + + request, _ := http.NewRequest(http.MethodGet, "https://example.com/status", nil) + response := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: io.NopCloser(bytes.NewBuffer(body)), + Request: request, + } + + valid, validationErrs := v.ValidateHttpResponse(request, response) + + assert.False(t, valid, "Response should be invalid with null for non-nullable enum") + assert.NotEmpty(t, validationErrs, "Should have validation errors") +} + +// TestNullableEnum_RequestValidation_NullValue tests that nullable enum fields +// accept null values in request body +func TestNullableEnum_RequestValidation_NullValue(t *testing.T) { + spec, err := os.ReadFile("test_specs/nullable_enum.yaml") + require.NoError(t, err) + + doc, err := libopenapi.NewDocument(spec) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // Test request with null status + requestBody := map[string]interface{}{ + "status": nil, // null value for nullable enum + } + + body, _ := json.Marshal(requestBody) + + request, _ := http.NewRequest(http.MethodPost, "https://example.com/status", bytes.NewBuffer(body)) + request.Header.Set("Content-Type", "application/json") + + valid, validationErrs := v.ValidateHttpRequest(request) + + assert.True(t, valid, "Request should be valid with null enum value") + assert.Empty(t, validationErrs, "Should have no validation errors") +} + +// TestNullableEnum_ArrayResponse tests nullable enum in array items +func TestNullableEnum_ArrayResponse(t *testing.T) { + spec, err := os.ReadFile("test_specs/nullable_enum.yaml") + require.NoError(t, err) + + doc, err := libopenapi.NewDocument(spec) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // Test array response with nullable enum + responseBody := []map[string]interface{}{ + { + "id": 1, + "name": "Item 1", + "status": "available", + }, + { + "id": 2, + "name": "Item 2", + "status": nil, // null value for nullable enum in array + }, + { + "id": 3, + "name": "Item 3", + "status": "sold", + }, + } + + body, _ := json.Marshal(responseBody) + + request, _ := http.NewRequest(http.MethodGet, "https://example.com/items", nil) + response := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: io.NopCloser(bytes.NewBuffer(body)), + Request: request, + } + + valid, validationErrs := v.ValidateHttpResponse(request, response) + + assert.True(t, valid, "Response should be valid with null enum value in array") + assert.Empty(t, validationErrs, "Should have no validation errors") +} + +// TestNullableEnum_NestedObject tests nullable enum in nested object +func TestNullableEnum_NestedObject(t *testing.T) { + spec, err := os.ReadFile("test_specs/nullable_enum.yaml") + require.NoError(t, err) + + doc, err := libopenapi.NewDocument(spec) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // Test response with deeply nested nullable enum + responseBody := []map[string]interface{}{ + { + "id": 1, + "name": "Item 1", + "metadata": map[string]interface{}{ + "visibility": nil, // null value for deeply nested nullable enum + }, + }, + } + + body, _ := json.Marshal(responseBody) + + request, _ := http.NewRequest(http.MethodGet, "https://example.com/items", nil) + response := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: io.NopCloser(bytes.NewBuffer(body)), + Request: request, + } + + valid, validationErrs := v.ValidateHttpResponse(request, response) + + assert.True(t, valid, "Response should be valid with null enum value in nested object") + assert.Empty(t, validationErrs, "Should have no validation errors") +} + +// TestNullableEnum_MultipleNullableFields tests response with multiple nullable enum fields +func TestNullableEnum_MultipleNullableFields(t *testing.T) { + spec, err := os.ReadFile("test_specs/nullable_enum.yaml") + require.NoError(t, err) + + doc, err := libopenapi.NewDocument(spec) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // Test response with multiple nullable fields set to null + responseBody := map[string]interface{}{ + "id": 1, + "status": nil, // null for status (enum doesn't have null) + "priority": nil, // null for priority (enum has null) + } + + body, _ := json.Marshal(responseBody) + + request, _ := http.NewRequest(http.MethodGet, "https://example.com/status", nil) + response := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: io.NopCloser(bytes.NewBuffer(body)), + Request: request, + } + + valid, validationErrs := v.ValidateHttpResponse(request, response) + + assert.True(t, valid, "Response should be valid with multiple null enum values") + assert.Empty(t, validationErrs, "Should have no validation errors") +} diff --git a/validator_test.go b/validator_test.go index 08b22f4d..2ff71da1 100644 --- a/validator_test.go +++ b/validator_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 Princess B33f Heavy Industries / Dave Shanley +// Copyright 2023-2025 Princess Beef Heavy Industries, LLC / Dave Shanley // SPDX-License-Identifier: MIT package validator @@ -17,8 +17,6 @@ import ( "testing" "unicode" - "github.com/pb33f/libopenapi-validator/cache" - "github.com/dlclark/regexp2" "github.com/pb33f/libopenapi" "github.com/santhosh-tekuri/jsonschema/v6" @@ -27,7 +25,9 @@ import ( v3 "github.com/pb33f/libopenapi/datamodel/high/v3" + "github.com/pb33f/libopenapi-validator/cache" "github.com/pb33f/libopenapi-validator/config" + "github.com/pb33f/libopenapi-validator/errors" "github.com/pb33f/libopenapi-validator/helpers" ) @@ -244,6 +244,145 @@ paths: assert.Len(t, errors, 0) } +func TestStrictMode_ValidateHttpRequestIntegration(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /things/{id}: + post: + parameters: + - in: path + name: id + required: true + schema: + type: string + - in: query + name: q + schema: + type: string + - in: header + name: X-Known + schema: + type: string + - in: cookie + name: session + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + responses: + "200": + description: ok + content: + application/json: + schema: + type: object + properties: + ok: + type: boolean` + + doc, err := libopenapi.NewDocument([]byte(spec)) + require.NoError(t, err) + + v, errs := NewValidator(doc, config.WithStrictMode()) + require.Empty(t, errs) + + body := map[string]any{ + "name": "ok", + "extra": "nope", + } + bodyBytes, _ := json.Marshal(body) + + request, _ := http.NewRequest(http.MethodPost, "https://things.com/things/123?q=ok&extra=1", bytes.NewBuffer(bodyBytes)) + request.Header.Set("Content-Type", "application/json") + request.Header.Set("X-Known", "known") + request.Header.Set("X-Extra", "nope") + request.AddCookie(&http.Cookie{Name: "session", Value: "ok"}) + request.AddCookie(&http.Cookie{Name: "other", Value: "nope"}) + + valid, valErrs := v.ValidateHttpRequest(request) + assert.False(t, valid) + + strictSubTypes := make(map[string]bool) + for _, vErr := range valErrs { + if vErr.ValidationType == errors.StrictValidationType { + strictSubTypes[vErr.ValidationSubType] = true + } + } + + assert.True(t, strictSubTypes[errors.StrictSubTypeProperty]) + assert.True(t, strictSubTypes[errors.StrictSubTypeHeader]) + assert.True(t, strictSubTypes[errors.StrictSubTypeQuery]) + assert.True(t, strictSubTypes[errors.StrictSubTypeCookie]) +} + +func TestStrictMode_ValidateHttpResponseHeadersIntegration(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /things/{id}: + get: + parameters: + - in: path + name: id + required: true + schema: + type: string + responses: + "200": + description: ok + headers: + X-Res: + schema: + type: string + content: + application/json: + schema: + type: object + properties: + ok: + type: boolean` + + doc, err := libopenapi.NewDocument([]byte(spec)) + require.NoError(t, err) + + v, errs := NewValidator(doc, config.WithStrictMode()) + require.Empty(t, errs) + + request, _ := http.NewRequest(http.MethodGet, "https://things.com/things/123", http.NoBody) + + body := map[string]any{"ok": true} + bodyBytes, _ := json.Marshal(body) + + response := &http.Response{ + StatusCode: 200, + Header: http.Header{ + "Content-Type": {"application/json"}, + "X-Res": {"ok"}, + "X-Extra": {"nope"}, + }, + Body: io.NopCloser(bytes.NewBuffer(bodyBytes)), + } + + valid, valErrs := v.ValidateHttpResponse(request, response) + assert.False(t, valid) + + foundStrictHeader := false + for _, vErr := range valErrs { + if vErr.ValidationType == errors.StrictValidationType && + vErr.ValidationSubType == errors.StrictSubTypeHeader { + foundStrictHeader = true + break + } + } + assert.True(t, foundStrictHeader) +} + func TestNewValidator_WithCustomFormat_FormatError(t *testing.T) { spec := `openapi: 3.1.0 paths: @@ -313,7 +452,7 @@ paths: assert.Equal(t, "POST request body for '/burgers/createBurger' failed to validate schema", errors[0].Message) require.Len(t, errors[0].SchemaValidationErrors, 1) require.NotNil(t, errors[0].SchemaValidationErrors[0]) - assert.Equal(t, "/properties/name/format", errors[0].SchemaValidationErrors[0].Location) + assert.Equal(t, "/properties/name/format", errors[0].SchemaValidationErrors[0].KeywordLocation) assert.Equal(t, "'big mac' is not valid capital: expected first latter to be uppercase", errors[0].SchemaValidationErrors[0].Reason) } @@ -1354,9 +1493,10 @@ func TestNewValidator_PetStore_PetGet200_PathNotFound(t *testing.T) { valid, errors := v.ValidateHttpRequestResponse(request, res.Result()) assert.False(t, valid) - assert.Len(t, errors, 2) - assert.Equal(t, "API Key api_key not found in header", errors[0].Message) - assert.Equal(t, "Path parameter 'petId' is not a valid integer", errors[1].Message) + // Note: /pet/{petId} allows api_key OR petstore_auth (OAuth2). Since OAuth2 is not validated, + // security passes. Only the path parameter validation fails. + assert.Len(t, errors, 1) + assert.Equal(t, "Path parameter 'petId' is not a valid integer", errors[0].Message) } func TestNewValidator_PetStore_PetGet200(t *testing.T) { @@ -2010,7 +2150,7 @@ func TestCacheWarming_PopulatesCache(t *testing.T) { require.NotNil(t, validator.options.SchemaCache) count := 0 - validator.options.SchemaCache.Range(func(key [32]byte, value *cache.SchemaCacheEntry) bool { + validator.options.SchemaCache.Range(func(key uint64, value *cache.SchemaCacheEntry) bool { count++ assert.NotNil(t, value.CompiledSchema, "Cache entry should have compiled schema") assert.NotEmpty(t, value.ReferenceSchema, "Cache entry should have pre-converted ReferenceSchema string") @@ -2143,7 +2283,7 @@ paths: require.NotNil(t, validator.options.SchemaCache) count := 0 - validator.options.SchemaCache.Range(func(key [32]byte, value *cache.SchemaCacheEntry) bool { + validator.options.SchemaCache.Range(func(key uint64, value *cache.SchemaCacheEntry) bool { count++ return true }) @@ -2212,7 +2352,7 @@ paths: require.NotNil(t, validator.options.SchemaCache) count := 0 - validator.options.SchemaCache.Range(func(key [32]byte, value *cache.SchemaCacheEntry) bool { + validator.options.SchemaCache.Range(func(key uint64, value *cache.SchemaCacheEntry) bool { count++ return true }) @@ -2249,9 +2389,271 @@ paths: require.NotNil(t, validator.options.SchemaCache) count := 0 - validator.options.SchemaCache.Range(func(key [32]byte, value *cache.SchemaCacheEntry) bool { + validator.options.SchemaCache.Range(func(key uint64, value *cache.SchemaCacheEntry) bool { count++ return true }) assert.Greater(t, count, 0, "Schema cache should have entries from path-level parameters") } + +// TestSortValidationErrors tests that validation errors are sorted deterministically +func TestSortValidationErrors(t *testing.T) { + // Create errors in random order + errs := []*errors.ValidationError{ + {ValidationType: helpers.SecurityValidation, Message: "API Key missing"}, + {ValidationType: helpers.ParameterValidation, Message: "Path param invalid"}, + {ValidationType: helpers.RequestValidation, Message: "Body invalid"}, + {ValidationType: helpers.ParameterValidation, Message: "Header missing"}, + {ValidationType: helpers.SecurityValidation, Message: "Auth header missing"}, + } + + sortValidationErrors(errs) + + // Verify sorted by validation type first, then by message + assert.Equal(t, helpers.ParameterValidation, errs[0].ValidationType) + assert.Equal(t, "Header missing", errs[0].Message) + assert.Equal(t, helpers.ParameterValidation, errs[1].ValidationType) + assert.Equal(t, "Path param invalid", errs[1].Message) + assert.Equal(t, helpers.RequestValidation, errs[2].ValidationType) + assert.Equal(t, "Body invalid", errs[2].Message) + assert.Equal(t, helpers.SecurityValidation, errs[3].ValidationType) + assert.Equal(t, "API Key missing", errs[3].Message) + assert.Equal(t, helpers.SecurityValidation, errs[4].ValidationType) + assert.Equal(t, "Auth header missing", errs[4].Message) +} + +// TestSortValidationErrors_Empty tests sorting empty slice +func TestSortValidationErrors_Empty(t *testing.T) { + errs := []*errors.ValidationError{} + sortValidationErrors(errs) + assert.Empty(t, errs) +} + +// TestSortValidationErrors_SingleElement tests sorting single element slice +func TestSortValidationErrors_SingleElement(t *testing.T) { + errs := []*errors.ValidationError{ + {ValidationType: helpers.ParameterValidation, Message: "Invalid value"}, + } + sortValidationErrors(errs) + assert.Len(t, errs, 1) + assert.Equal(t, helpers.ParameterValidation, errs[0].ValidationType) +} + +func TestHEAD_ExplicitOperation_ResponseValidation(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /resource: + head: + responses: + "200": + description: ok + content: + application/json: + schema: + type: object + properties: + ok: + type: boolean +` + doc, err := libopenapi.NewDocument([]byte(spec)) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // create a HEAD request + request, _ := http.NewRequest(http.MethodHead, "https://example.com/resource", nil) + + // simulate a server response that includes a JSON body matching the schema + bodyBytes, _ := json.Marshal(map[string]bool{"ok": true}) + response := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: io.NopCloser(bytes.NewBuffer(bodyBytes)), + } + + valid, valErrs := v.ValidateHttpResponse(request, response) + assert.False(t, valid) + assert.Len(t, valErrs, 1) + + // Also validate a response without a body (common for HEAD) + responseNoBody := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: http.NoBody, + } + + validNoBody, valErrsNoBody := v.ValidateHttpResponse(request, responseNoBody) + assert.True(t, validNoBody) + assert.Len(t, valErrsNoBody, 0) +} + +func TestHEAD_ImplicitViaGET_ResponseValidation(t *testing.T) { + // This spec defines only GET for /resource. Ensure a HEAD request that returns the same body + // as GET will still validate against the documented GET response. + spec := `openapi: 3.1.0 +paths: + /resource: + get: + responses: + "200": + description: ok + content: + application/json: + schema: + type: object + properties: + ok: + type: boolean +` + doc, err := libopenapi.NewDocument([]byte(spec)) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // create a HEAD request (no explicit HEAD operation in the spec) + request, _ := http.NewRequest(http.MethodHead, "https://example.com/resource", nil) + + // simulate a server response that includes a JSON body like the GET response would. + bodyBytes, _ := json.Marshal(map[string]bool{"ok": true}) + response := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: io.NopCloser(bytes.NewBuffer(bodyBytes)), + } + + valid, valErrs := v.ValidateHttpResponse(request, response) + // Expect validation to succeed when HEAD responses are validated against GET response definitions. + assert.False(t, valid) + assert.Len(t, valErrs, 1) + + responseNoBody := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: http.NoBody, + } + + validNoBody, valErrsNoBody := v.ValidateHttpResponse(request, responseNoBody) + // Expect validation to succeed when HEAD responses are validated against GET response definitions. + assert.True(t, validNoBody) + assert.Len(t, valErrsNoBody, 0) +} + +func TestHEAD_BothGETAndHEAD_SameSchema_Valid(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /resource: + get: + responses: + "200": + description: ok + content: + application/json: + schema: + type: object + properties: + ok: + type: boolean + head: + responses: + "200": + description: ok + content: + application/json: + schema: + type: object + properties: + ok: + type: boolean +` + doc, err := libopenapi.NewDocument([]byte(spec)) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // HEAD request to /resource + request, _ := http.NewRequest(http.MethodHead, "https://example.com/resource", nil) + + // server returns a JSON body that matches the schema + bodyBytes, _ := json.Marshal(map[string]bool{"ok": true}) + response := &http.Response{ + StatusCode: 200, + Header: http.Header{helpers.ContentTypeHeader: []string{"application/json"}}, + Body: io.NopCloser(bytes.NewBuffer(bodyBytes)), + } + + valid, valErrs := v.ValidateHttpResponse(request, response) + assert.False(t, valid) + assert.Len(t, valErrs, 1) + + responseNoBody := &http.Response{ + StatusCode: 200, + Header: http.Header{"Content-Type": []string{"application/json"}}, + Body: http.NoBody, + } + + validNoBody, valErrsNoBody := v.ValidateHttpResponse(request, responseNoBody) + // Expect validation to succeed when HEAD responses are validated against GET response definitions. + assert.True(t, validNoBody) + assert.Len(t, valErrsNoBody, 0) +} + +func TestHEAD_BothGETAndHEAD_DifferentSchemas_HeadPreferred(t *testing.T) { + spec := `openapi: 3.1.0 +paths: + /resource: + get: + responses: + "200": + description: get schema + content: + application/json: + schema: + type: object + required: ["g"] + properties: + g: + type: string + head: + responses: + "200": + description: head schema + headers: + content-length: + description: size of the file + schema: + type: integer +` + doc, err := libopenapi.NewDocument([]byte(spec)) + require.NoError(t, err) + + v, errs := NewValidator(doc) + require.Empty(t, errs) + + // Case A: response matches HEAD schema has content-length header but response contains content-type + reqA, _ := http.NewRequest(http.MethodHead, "https://example.com/resource", nil) + respA := &http.Response{ + StatusCode: 200, + Header: http.Header{helpers.ContentTypeHeader: []string{"application/json"}}, + Body: http.NoBody, + } + // No support for response headers validation. + // Only validates response content-type: json + validA, errsA := v.ValidateHttpResponse(reqA, respA) + assert.True(t, validA) + assert.Len(t, errsA, 0) + + // Case B: response matches GET schema (has "g") but not HEAD (missing required "h") -> should fail + reqB, _ := http.NewRequest(http.MethodGet, "https://example.com/resource", nil) + bodyB, _ := json.Marshal(map[string]string{"g": "get-value"}) + respB := &http.Response{ + StatusCode: 200, + Header: http.Header{helpers.ContentTypeHeader: []string{"application/json"}}, + Body: io.NopCloser(bytes.NewBuffer(bodyB)), + } + validB, errsB := v.ValidateHttpResponse(reqB, respB) + assert.True(t, validB) + assert.Len(t, errsB, 0) +}