search

stoplightio / spectral

A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI (v3.1, v3.0, and v2.0), Arazzo v1.0, as well as AsyncAPI v2.x.
https://stoplight.io/spectral
Apache License 2.0
2.45k stars 234 forks source link

Path param existence is not checked #2448

Closed nmoreaud closed 1 year ago

nmoreaud commented 1 year ago

Describe the bug Path param variables are not checked for existance/consistency with respective path declaration. It seems that the field name spec here is not checked: https://spec.openapis.org/oas/v3.1.0#fixed-fields-9

To Reproduce

All the documents bellow are considered "valid" but I suspect they should not.

openapi: "3.0.0"
info:
  title: Simple API overview
  version: 2.0.0
paths:
  /users/{id}: # id is not defined
    get:
      responses:
        '200':
          description: successful operation
openapi: "3.0.0"
info:
  title: Simple API overview
  version: 2.0.0
paths:
  /users/{id}:
    get:
      parameters:
      - in: path
        name: toto   # wrong name
        required: true
        schema:
          type: integer
      responses:
        '200':
          description: successful operation
openapi: "3.0.0"
info:
  title: Simple API overview
  version: 2.0.0
paths:
  /users/{id}:
    get:
      parameters:
      - in: path
        name: id
        required: true
        schema:
          type: integer
      - in: path
        name: var2   # wrong name
        required: true
        schema:
          type: integer
      responses:
        '200':
          description: successful operation

Environment (remove any that are not applicable): npx @stoplight/spectral-cli --version: 6.6.0 WSL 2 ubuntu 20.04

nmoreaud commented 1 year ago

Sorry it seems to come from a bad interaction in my rule set.