Linter does not fully validate examples

[tatomyr]

Is your feature request related to a problem? Please describe.

Consider this definition sample:

openapi: 3.0.0

components:
  parameters:
    foo:
      in: query
      name: foo
      schema:
        type: string
        format: ipv4
      example: wrong

Although the example is wrong, linter doesn't recognise this.

Describe the solution you'd like It would be great if no-invalid-parameter-examples rule could take format into account as well.

Describe alternatives you've considered None

Additional context

See more details here.

[tatomyr]

See also: https://github.com/Redocly/redocly-cli/issues/1470

[LasneF]

notice that the partial support of format is a pain , because when using in conjonction with oneOf the current implementation make the validation failing in all case when adding a sample as it patches always both item of the oneOf

    maturity:
      description: Maturity date or tenor 
      type: string
      oneOf:
        - format: date
        - pattern: ^\d+[YyMmWwDd]|\d+[YyMmWwDd]\d+[YyMmWwDd]

[tatomyr]

A similar issue.

[adamaltman]

Same issue exists with schema examples.

Maybe we should support format validation one-by-one? Starting with the most obvious formats like date, date-time, pattern?

[tatomyr]

Maybe we should support format validation one-by-one? Starting with the most obvious formats like date, date-time, pattern?

Redocly CLI relies on AJV for validating examples, and AJV is supposed to be used together with the ajv-formats plugin to validate formats. It should be comparatively easy to start adding some formats.

However, there is a potential security issue of ReDoS attack:

It is recommended NOT to use "format" keyword implementations with untrusted data, as they may use potentially unsafe regular expressions

So the main issue here, I believe, is to assess the potential security impact.