search

stoplightio / vscode-spectral

VS Code extension bringing the awesome Spectral JSON/YAML linter with OpenAPI/AsyncAPI support
https://marketplace.visualstudio.com/items?itemName=stoplight.spectral
Apache License 2.0
72 stars 23 forks source link

False positive error from oas3-schema rule with http security scheme with bearerFormat property #256

Closed mikekistler closed 6 days ago

mikekistler commented 6 days ago

Type: Bug

The Spectral VSCode extension reports an error in an OAS v3.0.1 definition on the following security scheme:

      "Bearer": {
        "type": "http",
        "scheme": "Bearer",
        "bearerFormat": "JWT"
      }

but this definition is completely valid and in fact exactly matches the example in the OpenAPI Specification.

I ran the spectral CLI (version 6.13.1) on the same file and it does not report the error.

Extension version: 1.1.2 VS Code version: Code 1.95.3 (f1a4fb101478ce6ec82fe9627c43efbf9e98c813, 2024-11-13T14:50:04.152Z) OS version: Darwin arm64 24.1.0 Modes: Remote OS version: Linux arm64 6.10.4-linuxkit Connection to 'dev-container+7b22686f737450617468223a222f55736572732f6d696b656b6973746c65722f50726f6a656374732f6d696b656b6973746c65722f6173706e65742d6f70656e6170692d6578616d706c6573222c226c6f63616c446f636b6572223a66616c73652c2273657474696e6773223a7b22636f6e74657874223a226465736b746f702d6c696e7578227d2c22636f6e66696746696c65223a7b22246d6964223a312c22667350617468223a222f55736572732f6d696b656b6973746c65722f50726f6a656374732f6d696b656b6973746c65722f6173706e65742d6f70656e6170692d6578616d706c65732f2e646576636f6e7461696e65722f646576636f6e7461696e65722e6a736f6e222c2265787465726e616c223a2266696c653a2f2f2f55736572732f6d696b656b6973746c65722f50726f6a656374732f6d696b656b6973746c65722f6173706e65742d6f70656e6170692d6578616d706c65732f2e646576636f6e7461696e65722f646576636f6e7461696e65722e6a736f6e222c2270617468223a222f55736572732f6d696b656b6973746c65722f50726f6a656374732f6d696b656b6973746c65722f6173706e65742d6f70656e6170692d6578616d706c65732f2e646576636f6e7461696e65722f646576636f6e7461696e65722e6a736f6e222c22736368656d65223a2266696c65227d7d' could not be established

System Info |Item|Value| |---|---| |CPUs|Apple M1 Pro (10 x 2400)| |GPU Status|2d_canvas: enabled
canvas_oop_rasterization: enabled_on
direct_rendering_display_compositor: disabled_off_ok
gpu_compositing: enabled
multiple_raster_threads: enabled_on
opengl: enabled_on
rasterization: enabled
raw_draw: disabled_off_ok
skia_graphite: disabled_off
video_decode: enabled
video_encode: enabled
webgl: enabled
webgl2: enabled
webgpu: enabled
webnn: disabled_off| |Load (avg)|4, 7, 7| |Memory (System)|32.00GB (0.08GB free)| |Process Argv|. --crash-reporter-id 419d896f-7e85-4c21-8845-5a77abdaec9d| |Screen Reader|no| |VM|0%| |Item|Value| |---|---| |Remote|Dev Container: C# (.NET) @ desktop-linux| |OS|Linux arm64 6.10.4-linuxkit| |CPUs|unknown (10 x 0)| |Memory (System)|7.66GB (3.03GB free)| |VM|0%| Connection to 'dev-container+7b22686f737450617468223a222f55736572732f6d696b656b6973746c65722f50726f6a656374732f6d696b656b6973746c65722f6173706e65742d6f70656e6170692d6578616d706c6573222c226c6f63616c446f636b6572223a66616c73652c2273657474696e6773223a7b22636f6e74657874223a226465736b746f702d6c696e7578227d2c22636f6e66696746696c65223a7b22246d6964223a312c22667350617468223a222f55736572732f6d696b656b6973746c65722f50726f6a656374732f6d696b656b6973746c65722f6173706e65742d6f70656e6170692d6578616d706c65732f2e646576636f6e7461696e65722f646576636f6e7461696e65722e6a736f6e222c2265787465726e616c223a2266696c653a2f2f2f55736572732f6d696b656b6973746c65722f50726f6a656374732f6d696b656b6973746c65722f6173706e65742d6f70656e6170692d6578616d706c65732f2e646576636f6e7461696e65722f646576636f6e7461696e65722e6a736f6e222c2270617468223a222f55736572732f6d696b656b6973746c65722f50726f6a656374732f6d696b656b6973746c65722f6173706e65742d6f70656e6170692d6578616d706c65732f2e646576636f6e7461696e65722f646576636f6e7461696e65722e6a736f6e222c22736368656d65223a2266696c65227d7d' could not be established
A/B Experiments ``` vsliv368cf:30146710 vspor879:30202332 vspor708:30202333 vspor363:30204092 pythonvspyt551cf:31179979 vscod805cf:30301675 binariesv615:30325510 vsaa593cf:30376535 py29gd2263:31024239 c4g48928:30535728 azure-dev_surveyone:30548225 962ge761:30959799 pythonnoceb:30805159 asynctok:30898717 pythonmypyd1:30879173 h48ei257:31000450 pythontbext0:30879054 cppperfnew:31000557 dsvsc020:30976470 pythonait:31006305 dsvsc021:30996838 9c06g630:31013171 dvdeprecation:31068756 dwnewjupytercf:31046870 2f103344:31071589 nativerepl2:31139839 pythonrstrctxt:31112756 cf971741:31144450 iacca1:31171482 notype1:31157159 5fd0e150:31155592 dwcopilot:31170013 stablechunks:31184530 ```
frankkilcommins commented 6 days ago

@mikekistler thanks for reporting.

We'll be releasing a new version to the marketplace including latest spectral dependencies soon and will validate following that. If it's still an issue then, we'll dig deeper.

frankkilcommins commented 6 days ago

closing as dup of #257