search

IBM / openapi-validator

Configurable and extensible validator/linter for OpenAPI documents
Apache License 2.0
481 stars 88 forks source link

Runtime error for SCIM-compliant schema (object containing $ref attribute) #661

Closed apestov closed 2 months ago

apestov commented 4 months ago

A runtime error is thrown when validating a schema of a SCIM-compliant API (System for Cross-domain Identity Management, RFC 7643, 7644, 7642).

Steps to reproduce:

  1. Download OpenAPI File for Atlassian provisioning REST API ( https://developer.atlassian.com/cloud/admin/user-provisioning/rest/intro/ ) as an example SCIM-based API definition.

  2. Execute npx ibm-openapi-validator -r default swagger.v3.json

  3. Observed behavior: the app unexpectedly exits with a runtime error.

    
IBM OpenAPI Validator (validator: 1.16.10), @Copyright IBM Corporation 2017, 2024.

Validation Results for swagger.v3.json:

[ERROR] There was a problem with spectral. [ERROR] Error running Nimma [ERROR] Additional error details: [ERROR] Cause: $ref.startsWith is not a function [ERROR] At: checkForCircularRef (@ibm-cloud\openapi-ruleset\src\functions\circular-refs.js:65:13)


---

## SCIM Background

SCIM data model uses `$ref` as an attribute name that could be a confusion for OpenAPI-tools.

The OpenAPI file mentioned in reproduction step 1 contains declaration for the resource per standard with `$ref` attribute as follows:
```json
  "ScimGroupMember": {
    "type": "object",
    "title": "Scim group member",
    "properties": {
      "$ref": {
        "type": "string",
        "readOnly": true
      },
      ...
    },
    "description": "SCIM group member"
  }

RFC snippet for populated SCIM-resource:

{
  "groups": [
    {
      "value": "e9e30dba-f08f-4109-8486-d5c6a331660a",
      "$ref": "../Groups/e9e30dba-f08f-4109-8486-d5c6a331660a",
      "display": "Tour Guides"
    }
  ]
}
dpopp07 commented 2 months ago

Hi @apestov - I apologize for the delay in responding to this issue.

I've evaluated and this is indeed a validator bug. It will be resolved shortly.

ibm-devx-sdk commented 2 months ago

:tada: This issue has been resolved in version 1.18.2 :tada:

The release is available on npm package (@latest dist-tag)

Your semantic-release bot :package::rocket:

ibm-devx-sdk commented 2 months ago

:tada: This issue has been resolved in version 1.19.2 :tada:

The release is available on npm package (@latest dist-tag)

Your semantic-release bot :package::rocket: