Closed jayvdb closed 1 year ago
Hey @jayvdb
Thanks for the feature suggestion!
We're thinking about adding a new passive check that will check for integrity of types, is that what you had in mind?
Yes
Great then!
We're adding this to our future development plans, thanks for the suggestion :)
Hey @jayvdb
Just wanted to let you know we're adding the new passive check to Cherrybomb, this is the link to the PR: https://github.com/blst-security/cherrybomb/pull/97
Thanks again for the suggestion :)
Hii @jayvdb Just wanted to let you know that there is a new passive check that responds to your feature suggestion: https://github.com/blst-security/cherrybomb/blob/b2eb8b421cd4a78a107fe41f3921275a516986be/cherrybomb-engine/src/scan/passive/additions_checks.rs#L39 I close this issue
Is your feature request related to a problem? Please describe.
{type: number, format: int32}
is not ideal OAS 3.0.3, as it defines a format which should be aninteger
, but usestype: number
when thetype: integer
should be used.As it is ambiguous, the validator should emit an error of some sort, as openapi tools are very likely to either ignore either
type
orformat
, or fail when trying to combined the two.An example of a tool which silently ignores the
format
is https://github.com/oxidecomputer/progenitor/issues/266Describe the solution you'd like Detect
type: number
and a integerformat
, andtype: integer
and a floatformat
.https://github.com/zalando/zally (Kotlin) does detect this as rule
MUST define a format for number and integer types
Describe alternatives you've considered
Additional context