Enhancement ; Rules for detecting non recommended HTTP DELETE + Payload

[LasneF]

implement a warning rules when a DELETE has a requestBody as even it it can be supported is not a recommended pattern

could be set to INFO or Warning

[lobocv]

I have written a custom plugin rule that checks that delete operations return 204 and contain no response body. I can contribute it as a PR on Monday

[daveshanley]

bump @lobocv

[LasneF]

@lobocv as the rules will looks similar solution than for DELETE

can you also push a rules for GET + payload as warning

that would be great

btw here is a conversation for the rules https://stackoverflow.com/questions/978061/http-get-with-request-body

[lobocv]

Thanks for the bump! Sorry, this fell off my radar. I will try and get a PR up today or tomorrow. I have a few other things on my plate right now I need to prepare for. I can definitely do that too @LasneF!

[lobocv]

Forgive me, It turns out that I did not write a custom Go plugin for this. I was able to do it in the DSL with two rules. There doesn't seem to be any examples of loading a function from the DSL in functions.go. If I need to write these as Go functions, it's going to take me a bit more time.

Here are the rules:

  delete-returns-http-204:
    id: delete-returns-http-204
    description: DELETE methods should return HTTP 204 and not HTTP 200
    type: style
    severity: error
    given: "$.paths[*].delete.responses"
    then:
      - field: '200'
        function: undefined
      - field: '204'
        function: defined

  http-204-has-no-content:
    id: http-204-has-no-content
    description: HTTP 204 (No Content) responses should not define content
    type: style
    severity: error
    given: "$.paths[*].*.responses['204']"
    then:
      - field: 'content'
        function: undefined

[LasneF]

🤔 interesting , by no content i was not looking for HTTP response code that is here subject to debate toward simplicity and 'preference'

i was more thinking about the presence of the requestBody