OmerWow
commented
1 year ago Hey @jayvdb
Thanks for the feature suggestion!
We're thinking about adding a new passive check that will check for integrity of types, is that what you had in mind?
Closed jayvdb closed 1 year ago
OmerWow
commented
1 year ago Hey @jayvdb
Thanks for the feature suggestion!
We're thinking about adding a new passive check that will check for integrity of types, is that what you had in mind?
jayvdb
commented
1 year ago Yes
OmerWow
commented
1 year ago Great then!
We're adding this to our future development plans, thanks for the suggestion :)
OmerWow
commented
1 year ago Hey @jayvdb
Just wanted to let you know we're adding the new passive check to Cherrybomb, this is the link to the PR: https://github.com/blst-security/cherrybomb/pull/97
Thanks again for the suggestion :)
DeliciousBounty
commented
1 year ago Hii @jayvdb Just wanted to let you know that there is a new passive check that responds to your feature suggestion: https://github.com/blst-security/cherrybomb/blob/b2eb8b421cd4a78a107fe41f3921275a516986be/cherrybomb-engine/src/scan/passive/additions_checks.rs#L39 I close this issue
Is your feature request related to a problem? Please describe.
{type: number, format: int32}is not ideal OAS 3.0.3, as it defines a format which should be aninteger, but usestype: numberwhen thetype: integershould be used.As it is ambiguous, the validator should emit an error of some sort, as openapi tools are very likely to either ignore either
typeorformat, or fail when trying to combined the two.An example of a tool which silently ignores the
formatis https://github.com/oxidecomputer/progenitor/issues/266Describe the solution you'd like Detect
type: numberand a integerformat, andtype: integerand a floatformat.https://github.com/zalando/zally (Kotlin) does detect this as rule
MUST define a format for number and integer typesDescribe alternatives you've considered
Additional context