feat: refine OWASP lint rules

Author: rpocklin

validator/xero-spectral.yaml

@@ -135,15 +135,15 @@ rules:
     given: $.info.license             # Scope: info.license field
     then:
       function: truthy               # Ensure the field is truthy
-  operation-operationId-unique: off   # Disable unique operation IDs rule for now
-  operation-parameters: off           # Disable parameter validation for now
+
+
+  # OWASP Rules
+  owasp:api2:2023-no-http-basic: off  # Disable HTTP Basic authentication rule
   owasp:api4:2023-string-limit: off   # Disable string length limit checks
   owasp:api4:2023-array-limit: off    # Disable array size limit checks
   owasp:api4:2023-integer-limit-legacy: off # Disable integer limit checks
   owasp:api4:2023-rate-limit: off     # Disable rate limiting headers check
   owasp:api2:2023-jwt-best-practices: off # Disable JWT best practices check
-  oas3-unused-component: off         # Disable unused components rule
-  oas3-operation-security-defined: off # Disable operation security validation
   owasp:api8:2023-define-error-responses-401: off  # Disable missing 401 response rule
   owasp:api8:2023-define-error-responses-500: off  # Disable missing 500 response rule
   owasp:api4:2023-rate-limit-responses-429: off  # Disable missing 429 rate limit response rule
@@ -156,6 +156,5 @@ rules:
   owasp:api2:2023-short-lived-access-tokens: off # Disable short-lived access tokens rule
   owasp:api8:2023-define-error-validation: off  # Disable missing error response validation rule
   operation-tag-defined: off  # Disable operation tags defined in global tags rule
-  owasp:api2:2023-no-http-basic: off  # Disable HTTP Basic authentication rule
   owasp:api4:2023-string-restricted: off  # Disable string restricted rule to address warnings
   path-params: off  # Disable path parameter validation to address mapping key issues