Mirrors/api-guidelines
1
0
Fork 0
mirror of https://github.com/adidas/api-guidelines.git synced 2025-10-25 15:19:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't accept 'X-' prefixed headers

Browse Source
This commit is contained in:
Jarzyna, Andrzej
2019-11-21 15:45:17 +01:00
parent c599d1d21d
commit d106b7d2b0
1 changed files with 34 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
.spectral.yml
View File

@@ -8,6 +8,7 @@ rules:
operation-operationId: false operation-operationId: false
operation-tags: info operation-tags: info
operation-2xx-response: error operation-2xx-response: error
paths-camelCase: paths-camelCase:
description: All YAML/JSON paths MUST follow camelCase description: All YAML/JSON paths MUST follow camelCase
severity: warn severity: warn
@@ -19,6 +20,7 @@ rules:
functionOptions: functionOptions:
# match: "/^(\/{1}(([{]?[a-z])[A-Za-z0-9]*[}]?)*)+$/" # - more generic one, allows /asasd{asdas}sadas pattern but also not closed braces # match: "/^(\/{1}(([{]?[a-z])[A-Za-z0-9]*[}]?)*)+$/" # - more generic one, allows /asasd{asdas}sadas pattern but also not closed braces
match: "^\/([a-z][a-zA-Z0-9]+)?(\/[a-z][a-zA-Z0-9]+|\/{[a-z][a-zA-Z0-9]+})*$" # doesn't allow /asasd{asdas}sadas pattern or not closed braces match: "^\/([a-z][a-zA-Z0-9]+)?(\/[a-z][a-zA-Z0-9]+|\/{[a-z][a-zA-Z0-9]+})*$" # doesn't allow /asasd{asdas}sadas pattern or not closed braces
definitions-camelCase-alphanumeric: definitions-camelCase-alphanumeric:
description: All YAML/JSON definitions MUST follow fields-camelCase and be ASCII alphanumeric characters or `_` or `$`. description: All YAML/JSON definitions MUST follow fields-camelCase and be ASCII alphanumeric characters or `_` or `$`.
severity: error severity: error
@@ -29,6 +31,7 @@ rules:
function: pattern function: pattern
functionOptions: functionOptions:
match: "/^[a-z$_]{1}[A-Z09$_]*/" match: "/^[a-z$_]{1}[A-Z09$_]*/"
properties-camelCase-alphanumeric: properties-camelCase-alphanumeric:
description: All JSON Schema properties MUST follow fields-camelCase and be ASCII alphanumeric characters or `_` or `$`. description: All JSON Schema properties MUST follow fields-camelCase and be ASCII alphanumeric characters or `_` or `$`.
severity: error severity: error
@@ -39,25 +42,39 @@ rules:
function: pattern function: pattern
functionOptions: functionOptions:
match: "/^[a-z$_]{1}[A-Z09$_]*/" match: "/^[a-z$_]{1}[A-Z09$_]*/"
request-GET-no-body: request-GET-no-body:
description: A `GET` request MUST NOT accept a `body` parameter description: "A 'GET' request MUST NOT accept a 'body` parameter"
severity: error severity: error
given: $.paths..get.parameters..in given: $.paths..get.parameters..in
then: then:
function: pattern function: pattern
functionOptions: functionOptions:
notMatch: "/^body$/" notMatch: "/^body$/"
uri-template-cannot-dash: uri-template-cannot-dash:
description: The `URI` template ([RFC 6570](https://tools.ietf.org/html/rfc6570)) cannot contain a `-` character description: "The 'URI' template (RFC 6570 - https://tools.ietf.org/html/rfc6570) cannot contain a '-' character"
severity: error severity: error
recommended: true recommended: true
message: "{{property}}: {{description}}" message: "{{property}}: {{description}}"
given: $.paths[*]~ given: "$.paths[*]~"
then: then:
function: pattern function: pattern
functionOptions: functionOptions:
notMatch: "/-/" notMatch: "/-/"
headers-no-x-headers:
description: "All 'HTTP' headers SHOULD NOT include 'X-' headers (https://tools.ietf.org/html/rfc6648)."
severity: warning
given: "$..parameters[?(@.in == 'header')].name"
message: "HTTP headers SHOULD NOT include 'X-' prefix."
recommended: true
type: style
then:
function: pattern
functionOptions:
notMatch: "/^X-([A-Z][a-z0-9]-)*([A-Z][a-z0-9])+/"
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
# Only OAS2 rules # Only OAS2 rules
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
@@ -81,6 +98,7 @@ rules:
type: string type: string
enum: ["https"] enum: ["https"]
maxItems: 1 maxItems: 1
request-support-json: request-support-json:
description: Every request SHOULD support `application/json` media type description: Every request SHOULD support `application/json` media type
formats: formats:
@@ -98,6 +116,7 @@ rules:
type: string type: string
enum: enum:
- application/json - application/json
example-exists-in-parameters: example-exists-in-parameters:
description: All models MUST have a valid example. description: All models MUST have a valid example.
severity: error severity: error
@@ -108,6 +127,7 @@ rules:
given: "$..parameters..[?(@.in == 'body' && (@.example || @.schema.$ref))]" given: "$..parameters..[?(@.in == 'body' && (@.example || @.schema.$ref))]"
then: then:
function: truthy function: truthy
# example-exists-in-definitions: # example-exists-in-definitions:
# description: All models MUST have a valid example. # description: All models MUST have a valid example.
# severity: error # severity: error
@@ -119,6 +139,7 @@ rules:
# then: # then:
# function: falsy # function: falsy
# "$..parameters..[?(@.in == 'body')]..[?(@property !== 'properties' && @.example && ( @.type || @.format || @.$ref ))]" # "$..parameters..[?(@.in == 'body')]..[?(@property !== 'properties' && @.example && ( @.type || @.format || @.$ref ))]"
response-success-hal: # schemes and/or produces response-success-hal: # schemes and/or produces
description: "All success responses MUST be of media type `application/hal+json`" description: "All success responses MUST be of media type `application/hal+json`"
severity: error severity: error
@@ -134,6 +155,7 @@ rules:
functionOptions: functionOptions:
schema: schema:
$ref: "./supermodel/adidas/api/HAL.yaml" $ref: "./supermodel/adidas/api/HAL.yaml"
response-error-problem: # schemas and/or produces response-error-problem: # schemas and/or produces
description: All error responses MUST be of media type `application/problem+json` description: All error responses MUST be of media type `application/problem+json`
severity: error severity: error
@@ -166,6 +188,7 @@ rules:
function: pattern function: pattern
functionOptions: functionOptions:
match: falsy match: falsy
valid-example-in-parameters: valid-example-in-parameters:
description: Examples must be valid against their defined schema. description: Examples must be valid against their defined schema.
message: "{{error}}" message: "{{error}}"
@@ -181,6 +204,7 @@ rules:
functionOptions: functionOptions:
field: example field: example
schemaPath: "$" schemaPath: "$"
valid-example-in-definitions: valid-example-in-definitions:
description: Examples must be valid against their defined schema. description: Examples must be valid against their defined schema.
message: "{{error}}" message: "{{error}}"
@@ -196,6 +220,7 @@ rules:
functionOptions: functionOptions:
field: example field: example
schemaPath: "$" schemaPath: "$"
protocol-https-only-oas3: # checks how does the servers array values start protocol-https-only-oas3: # checks how does the servers array values start
description: "ALL requests MUST go through `https` protocol only" description: "ALL requests MUST go through `https` protocol only"
formats: formats:
@@ -208,6 +233,7 @@ rules:
function: pattern function: pattern
functionOptions: functionOptions:
match: "/^https:[a-zA-Z0-9./_@-~]+/" match: "/^https:[a-zA-Z0-9./_@-~]+/"
response-success-hal-oas3: response-success-hal-oas3:
description: "All success responses MUST be of media type `application/hal+json`" description: "All success responses MUST be of media type `application/hal+json`"
severity: error severity: error
@@ -222,6 +248,7 @@ rules:
functionOptions: functionOptions:
values: values:
- application/hal+json - application/hal+json
response-success-hal-body-oas3: # schemes and/or produces response-success-hal-body-oas3: # schemes and/or produces
description: "All success responses MUST follow `application/hal+json` schema" description: "All success responses MUST follow `application/hal+json` schema"
severity: error severity: error
@@ -243,7 +270,7 @@ rules:
# Not implemented # Not implemented
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
# Needs update of JSON Schema in spectral to draft-07 or newer to implement if-then statements # Waiting for implementation of casing for hyphenated pascal case in spectral
# headers-hyphenated-pascal-case: # headers-hyphenated-pascal-case:
# description: All `HTTP` headers MUST use `Hyphenated-Pascal-Case` notation # description: All `HTTP` headers MUST use `Hyphenated-Pascal-Case` notation
# severity: error # severity: error
@@ -253,7 +280,9 @@ rules:
# severity: warning # severity: warning
# given: $..parameters[*].in # given: $..parameters[*].in
# ---------------------------------------------------------------------------
## Other rules which are redundant or not feasible ## Other rules which are redundant or not feasible
# ---------------------------------------------------------------------------
# fields-date-iso8601: # fields-date-iso8601:
# description: Date and time MUST follow [`ISO 8601` standard](https://www.iso.org/iso-8601-date-and-time-format.html) # description: Date and time MUST follow [`ISO 8601` standard](https://www.iso.org/iso-8601-date-and-time-format.html)