search

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
https://www.blstsecurity.com/cherrybomb
Apache License 2.0
1.08k stars 78 forks source link

Prevent fields being listed in `required` that are not in properties #130

Closed jayvdb closed 8 months ago

jayvdb commented 12 months ago

Is your feature request related to a problem? Please describe. The required list of fields in a schema can get out of sync with the fields actually present in the schema's properties list.

This is less likely to occur when the schemas are generated from the application, but more likely in an API-first approach when there app is built from the spec.

Describe the solution you'd like Passive check that detect a name in required that isnt in properties.

Describe alternatives you've considered While this is less about "is the API working correctly", but is the API consistent with itself.

Additional context Provided this feature is desirable in cherrybomb, I could take this one on as it is a simple check.

GuyL99 commented 12 months ago

This is an interesting suggestion, we'll review and and create one if we decide it aligns with cherrybomb's current goals. BTW, do you want to maybe build this check? you can fork the repo and one of us can hop into a call with you to help you get started.

jayvdb commented 12 months ago

ya I wrote above

I could take this one on as it is a simple check.

I feel like I could get this done on my own - small and simple