Validate security keys against securitySchemes
andreasanta opened this issue · 1 comments
andreasanta commented
Given the following yaml file
openapi: 3.0.0
info:
description: Sites
title: Sites
version: 1.0.0
paths:
/sites/available-sites:
get:
summary: "get available sites for current contact"
responses:
'200':
description: 'Success response'
content:
application/json:
schema:
$ref: '#/components/schemas/Sites'
'400':
description: 'Bad request'
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
security:
- subscription_key_wrong: []
tags:
- Sites
components:
schemas:
Sites:
type: object
properties:
sites:
type: array
items:
$ref: '#/components/schemas/Site'
Site:
type: object
properties:
id:
type: string
name:
type: string
locationtype:
type: string
selfRegistrationDuration:
type: integer
additionalInfo:
$ref: '#/components/schemas/SiteAdditionalInfo'
address:
$ref: '#/components/schemas/Address'
geoCoordinates:
$ref: '#/components/schemas/GeoCoordinates'
images:
type: array
items:
type: string
siteMapImage:
type: string
SiteAdditionalInfo:
type: object
properties:
markdown:
type: string
html:
type: string
Address:
type: object
properties:
line1:
type: string
line2:
type: string
line3:
type: string
city:
type: string
postalCode:
type: string
stateOrProvince:
type: string
country:
type: string
GeoCoordinates:
type: object
properties:
longitude:
type: number
latitude:
type: number
required:
- longitude
- latitude
Error:
type: object
properties:
errorMessage:
type: string
format: string
errorDetail:
type: string
format: string
securitySchemes:
subscription_key:
type: apiKey
name: Ocp-Apim-Subscription-Key
in: headerValidation passes, but it should fail because security is referencing a non existent security scheme.
samueleaton commented
this tool is just a cli wrapper around https://github.com/APIDevTools/swagger-parser so it should probably be moved there