Though the JSON Schema that @apidevtools/openapi-schemas loads in requires that schemas match ^[a-zA-Z0-9\\.\\-_]+$ (code here) if a definition, as below, has spaces in its name it'll be ignored during validation:
We uncovered this because a user had submitted a definition with the following invalid security scheme (apiKey auth shouldn't have scheme and bearerFormat) and validation didn't pick it up because its name is "Basic Auth":
I've tried tracing down where this is happening and my JSON Schema knowledge escapes me a bit here and I'm unclear if it's a problem with @apidevtools/openapi-schemas or z-schema. Running it with z-schema along with a similar portion of the securitySchemas JSON Schema definition from @apidevtools/openapi-schemas it also allows object with spaces:
What I'm unclear on here is if it's a z-schema problem or something else is because adding additionalProperties: false to the schema will trigger a failure:
Though the JSON Schema that
@apidevtools/openapi-schemas
loads in requires that schemas match^[a-zA-Z0-9\\.\\-_]+$
(code here) if a definition, as below, has spaces in its name it'll be ignored during validation:We uncovered this because a user had submitted a definition with the following invalid security scheme (
apiKey
auth shouldn't havescheme
andbearerFormat
) and validation didn't pick it up because its name is "Basic Auth":I've tried tracing down where this is happening and my JSON Schema knowledge escapes me a bit here and I'm unclear if it's a problem with
@apidevtools/openapi-schemas
orz-schema
. Running it withz-schema
along with a similar portion of thesecuritySchemas
JSON Schema definition from@apidevtools/openapi-schemas
it also allows object with spaces:Changing "Has Spaces" to "NoSpaces" however fails:
What I'm unclear on here is if it's a
z-schema
problem or something else is because addingadditionalProperties: false
to the schema will trigger a failure:Something is definitely wrong I'm just not sure where exactly. Any help is much appreciated!