Vacuum misses path parameter on validation

daveshanley / vacuum

vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rulesets and generates compatible reports.

https://quobix.com/vacuum

MIT License

488 stars 39 forks source link

Vacuum misses path parameter on validation #492

Open bitomaxsp opened 1 month ago

bitomaxsp commented 1 month ago

Hi Dave, For the following endpoint with path parameter: /image-upload/{image-path} vacuum reports that

POST must define parameter image-path as expected by path /image-upload/{image-path}

Attached are lib and rule set.

I used the following command from vacuum repo root to reproduce it: ./bin/vacuum lint -d -r ruleset-recommended.yaml -p lib ./lib/typelib.yaml

lib.zip ruleset-recommended.yaml.zip

daveshanley commented 1 month ago

This is a deep bug in libopenapi it's coming from the index and the rolodex. When the parameter is looked up when the parameter is deeply nested as a reference, the utility method scanOperationParams (https://github.com/pb33f/libopenapi/blob/main/index/utility_methods.go#L391) is not setting a context when looking up references, this means it does not know where it is in the recursion and when it looks in the rolodex (which has everything it needs) it's not finding it, because it's querying the rolodex from the wrong location.

This is a tricky one to fix, but i'll put some cycles into it when I can.