search

stoplightio / spectral

A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI v3.1, v3.0, and v2.0 as well as AsyncAPI v2.x.
https://stoplight.io/spectral
Apache License 2.0
2.43k stars 235 forks source link

OpenAPI string uri format #2484

Closed rubensa closed 1 year ago

rubensa commented 1 year ago

Describe the bug

The uri format for the string type in OpenAPI is not validated correctly. Looks like only absolute URIs (vs relative) are supported.

The URI specification says:

The following line is the regular expression for breaking-down a well-formed URI reference into its components.

^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?

To Reproduce

  1. Given this OpenAPI document
openapi: 3.0.0
info:
  contact:
    name: Test
  description: Test
  title: Test
  version: 1.0.0
servers:
  - url: http://localhost:8080
    description: Localhost
paths:
  /test:
    get:
      description: Test
      operationId: test
      responses:
        "200":
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  instance:
                    type: string
                    format: uri
                example: { "instance": "/tenant/api/v1/scenario" }
      tags:
        - test
tags:
  - name: test
    description: Test
  1. See error

"instance" property must match format "uri"

Expected behavior

No errors are shown as the provided instance URI value is correct according to the URI specification.

Screenshots

Screenshot from 2023-06-09 11-26-44

Environment (remove any that are not applicable):

Additional context

If I replace:

                  instance:
                    type: string
                    format: uri

with:

                  instance:
                    type: string
                    pattern: '^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?'

format validation success.

LasneF commented 1 year ago

my guess is that it falls inside the pitfall describe here https://json-schema.org/understanding-json-schema/reference/string.html#resource-identifiers " If the values in the schema have the ability to be relative to a particular source path (such as a link from a webpage), it is generally better practice to use "uri-reference" (or "iri-reference") rather than "uri" (or "iri"). "uri" should only be used when the path must be absolute.

Draft-specific info: Draft 4 Draft 4 only includes "uri", not "uri-reference". Therefore, there is some ambiguity around whether "uri" should accept relative paths. "

so here there is not 100% clarity , only advise would be to set uri-reference (tested and validated with your code )

rubensa commented 1 year ago

Thanks for the info @LasneF, didn't know about that.

I close the issue as it works using uri-reference instead of uri as format.