From d106b7d2b0f32f77cb9d12830326bdf72d5c0bea Mon Sep 17 00:00:00 2001 From: "Jarzyna, Andrzej" Date: Thu, 21 Nov 2019 15:45:17 +0100 Subject: [PATCH] Don't accept 'X-' prefixed headers --- .spectral.yml | 39 ++++++++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/.spectral.yml b/.spectral.yml index d0ffaf2..a048379 100644 --- a/.spectral.yml +++ b/.spectral.yml @@ -8,6 +8,7 @@ rules: operation-operationId: false operation-tags: info operation-2xx-response: error + paths-camelCase: description: All YAML/JSON paths MUST follow camelCase severity: warn @@ -19,6 +20,7 @@ rules: functionOptions: # match: "/^(\/{1}(([{]?[a-z])[A-Za-z0-9]*[}]?)*)+$/" # - more generic one, allows /asasd{asdas}sadas pattern but also not closed braces match: "^\/([a-z][a-zA-Z0-9]+)?(\/[a-z][a-zA-Z0-9]+|\/{[a-z][a-zA-Z0-9]+})*$" # doesn't allow /asasd{asdas}sadas pattern or not closed braces + definitions-camelCase-alphanumeric: description: All YAML/JSON definitions MUST follow fields-camelCase and be ASCII alphanumeric characters or `_` or `$`. severity: error @@ -29,6 +31,7 @@ rules: function: pattern functionOptions: match: "/^[a-z$_]{1}[A-Z09$_]*/" + properties-camelCase-alphanumeric: description: All JSON Schema properties MUST follow fields-camelCase and be ASCII alphanumeric characters or `_` or `$`. severity: error @@ -39,25 +42,39 @@ rules: function: pattern functionOptions: match: "/^[a-z$_]{1}[A-Z09$_]*/" + request-GET-no-body: - description: A `GET` request MUST NOT accept a `body` parameter + description: "A 'GET' request MUST NOT accept a 'body` parameter" severity: error given: $.paths..get.parameters..in then: function: pattern functionOptions: notMatch: "/^body$/" + uri-template-cannot-dash: - description: The `URI` template ([RFC 6570](https://tools.ietf.org/html/rfc6570)) cannot contain a `-` character + description: "The 'URI' template (RFC 6570 - https://tools.ietf.org/html/rfc6570) cannot contain a '-' character" severity: error recommended: true message: "{{property}}: {{description}}" - given: $.paths[*]~ + given: "$.paths[*]~" then: function: pattern functionOptions: notMatch: "/-/" + headers-no-x-headers: + description: "All 'HTTP' headers SHOULD NOT include 'X-' headers (https://tools.ietf.org/html/rfc6648)." + severity: warning + given: "$..parameters[?(@.in == 'header')].name" + message: "HTTP headers SHOULD NOT include 'X-' prefix." + recommended: true + type: style + then: + function: pattern + functionOptions: + notMatch: "/^X-([A-Z][a-z0-9]-)*([A-Z][a-z0-9])+/" + # --------------------------------------------------------------------------- # Only OAS2 rules # --------------------------------------------------------------------------- @@ -81,6 +98,7 @@ rules: type: string enum: ["https"] maxItems: 1 + request-support-json: description: Every request SHOULD support `application/json` media type formats: @@ -98,6 +116,7 @@ rules: type: string enum: - application/json + example-exists-in-parameters: description: All models MUST have a valid example. severity: error @@ -108,6 +127,7 @@ rules: given: "$..parameters..[?(@.in == 'body' && (@.example || @.schema.$ref))]" then: function: truthy + # example-exists-in-definitions: # description: All models MUST have a valid example. # severity: error @@ -119,6 +139,7 @@ rules: # then: # function: falsy # "$..parameters..[?(@.in == 'body')]..[?(@property !== 'properties' && @.example && ( @.type || @.format || @.$ref ))]" + response-success-hal: # schemes and/or produces description: "All success responses MUST be of media type `application/hal+json`" severity: error @@ -134,6 +155,7 @@ rules: functionOptions: schema: $ref: "./supermodel/adidas/api/HAL.yaml" + response-error-problem: # schemas and/or produces description: All error responses MUST be of media type `application/problem+json` severity: error @@ -166,6 +188,7 @@ rules: function: pattern functionOptions: match: falsy + valid-example-in-parameters: description: Examples must be valid against their defined schema. message: "{{error}}" @@ -181,6 +204,7 @@ rules: functionOptions: field: example schemaPath: "$" + valid-example-in-definitions: description: Examples must be valid against their defined schema. message: "{{error}}" @@ -196,6 +220,7 @@ rules: functionOptions: field: example schemaPath: "$" + protocol-https-only-oas3: # checks how does the servers array values start description: "ALL requests MUST go through `https` protocol only" formats: @@ -208,6 +233,7 @@ rules: function: pattern functionOptions: match: "/^https:[a-zA-Z0-9./_@-~]+/" + response-success-hal-oas3: description: "All success responses MUST be of media type `application/hal+json`" severity: error @@ -222,6 +248,7 @@ rules: functionOptions: values: - application/hal+json + response-success-hal-body-oas3: # schemes and/or produces description: "All success responses MUST follow `application/hal+json` schema" severity: error @@ -243,7 +270,7 @@ rules: # Not implemented # --------------------------------------------------------------------------- - # Needs update of JSON Schema in spectral to draft-07 or newer to implement if-then statements + # Waiting for implementation of casing for hyphenated pascal case in spectral # headers-hyphenated-pascal-case: # description: All `HTTP` headers MUST use `Hyphenated-Pascal-Case` notation # severity: error @@ -253,8 +280,10 @@ rules: # severity: warning # given: $..parameters[*].in +# --------------------------------------------------------------------------- ## Other rules which are redundant or not feasible - +# --------------------------------------------------------------------------- + # fields-date-iso8601: # description: Date and time MUST follow [`ISO 8601` standard](https://www.iso.org/iso-8601-date-and-time-format.html) # severity: error