search

codekie / openapi-examples-validator

Validates embedded examples in OpenAPI-files
MIT License
57 stars 11 forks source link

no string length validation? #96

Closed geoffreywiseman closed 4 years ago

geoffreywiseman commented 4 years ago

It's me again. Are you tired of getting my issue requests yet? ;)

So I just discovered that I can make an example string larger than the bounds allowed by the schema and not get an error.

e.g.

---
openapi: 3.0.2
info:
  title: Long String API
  description: >
    A test case for an example with a string that is too long.
  version: 1.0.0
paths:
  "/test/":
    post:
      summary: Test Long String
      description: >
        When you have a string in your example that is beyond the limits allowed
        by the JSON schema, shouldn't OEV flag it?
      operationId: testLongString
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                testString:
                  type: string
                  minimumLength: 1
                  maximumLength: 10
                  description: >
                    A string that can be from 1-10 characters.
              required:
                - testString
            examples:
              withinBounds:
                value:
                  testString: "12345"
              outOfBounds:
                value:
                  testString: "1234578901234567890"
        required: true

And then:

openapi-examples-validator --no-additional-properties long-string.yml
Validating examples
Schemas with examples found: 1
Examples without schema found: 0
Total examples found: 2

No errors found.
codekie commented 4 years ago

Hehe, no 😉 . I appreciate issue requests 👍

It works, if you use minLength and maxLength.

See: https://swagger.io/specification/#schema-object or more specifically, see "Validation keywords" of https://www.npmjs.com/package/ajv , as this is the schema validator that's used internally.

geoffreywiseman commented 4 years ago

[sigh] Yes, you're totally right. I have a bad piece in one of my API specs (it actually said minimum and maximum), and made a bad example from it that was subtly different and didn't realize. I confirm that OEV works fine for length when I use the right fields. 😳 Thanks!