stoplightio / spectral

A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI (v3.1, v3.0, and v2.0), Arazzo v1.0, as well as AsyncAPI v2.x.
https://stoplight.io/spectral
Apache License 2.0
2.5k stars 238 forks source link

Any ruleset to check 4xx - 5xx errors #2466

Closed satishbkodali closed 1 year ago

satishbkodali commented 1 year ago

We need to write a ruleset that each operation should have one success and one error defined. for success we are using the inbuilt operation-success-response rule.

Is there any thing for error response too?

I tried to use the following ruleset

error-responses-defined:
    description: Ensure that all operations have at least one error response
    formats:
      - oas3
    severity: error
    given: $.paths..responses
    then:
      field: '@key'
      function: pattern
      functionOptions: 
        match: "/^[4-5]/"

But it fails for following scenarios

  1. If i don't have any 4xx or 5xx defined in my responses, it won't throw error or warning.
  2. If i have 2xx defined, it will throw the error for that saying
    17:15    error  error-responses-defined  Ensure that all operations have at least one error response                paths./users.get.responses[200]

So how to make this ruleset to check for 4xx or 5xx

mnaumanali94 commented 1 year ago

Here's an example of a rule like that: https://apistylebook.stoplight.io/docs/owasp-top-10/#owasp:api3:2019-define-error-responses-500

Let me know if that helps