Open tatomyr opened 2 years ago
notice that the partial support of format is a pain , because when using in conjonction with oneOf the current implementation make the validation failing in all case when adding a sample as it patches always both item of the oneOf
maturity:
description: Maturity date or tenor
type: string
oneOf:
- format: date
- pattern: ^\d+[YyMmWwDd]|\d+[YyMmWwDd]\d+[YyMmWwDd]
Same issue exists with schema examples.
Maybe we should support format validation one-by-one? Starting with the most obvious formats like date, date-time, pattern?
Maybe we should support format validation one-by-one? Starting with the most obvious formats like date, date-time, pattern?
Redocly CLI relies on AJV for validating examples, and AJV is supposed to be used together with the ajv-formats plugin to validate formats. It should be comparatively easy to start adding some formats.
However, there is a potential security issue of ReDoS attack:
It is recommended NOT to use "format" keyword implementations with untrusted data, as they may use potentially unsafe regular expressions
So the main issue here, I believe, is to assess the potential security impact.
Is your feature request related to a problem? Please describe.
Consider this definition sample:
Although the
example
is wrong, linter doesn't recognise this.Describe the solution you'd like It would be great if
no-invalid-parameter-examples
rule could takeformat
into account as well.Describe alternatives you've considered None
Additional context
See more details here.