Merge pull request #2415 from microsoft/copilot/fix-2414

Copilot · web-flow · commit 09f661f0ff05 · 2025-06-25T12:22:56.000-06:00
fix: validation to accept lowercase status code ranges (4xx, 5xx) in OpenAPI responses
diff --git a/src/Microsoft.OpenApi/Validations/Rules/OpenApiResponsesRules.cs b/src/Microsoft.OpenApi/Validations/Rules/OpenApiResponsesRules.cs
@@ -1,6 +1,7 @@
 ﻿// Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT license.
 
+using System;
 using System.Linq;
 using System.Text.RegularExpressions;
 
@@ -10,8 +11,17 @@ namespace Microsoft.OpenApi
     /// The validation rules for <see cref="OpenApiResponses"/>.
     /// </summary>
     [OpenApiRule]
-    public static class OpenApiResponsesRules
+    public static partial class OpenApiResponsesRules
     {
+        /// <summary>
+        /// The response key regex pattern for status codes and ranges.
+        /// </summary>
+#if NET8_0_OR_GREATER
+        [GeneratedRegex(@"^[1-5](?>[0-9]{2}|[xX]{2})$", RegexOptions.None, matchTimeoutMilliseconds: 100)]
+        internal static partial Regex StatusCodeRegex();
+#else
+        internal static readonly Regex StatusCodeRegex = new(@"^[1-5](?>[0-9]{2}|[xX]{2})$", RegexOptions.None, TimeSpan.FromMilliseconds(100));
+#endif
         /// <summary>
         /// An OpenAPI operation must contain at least one response
         /// </summary>
@@ -37,12 +47,18 @@ public static class OpenApiResponsesRules
                     {
                         context.Enter(key);
 
-                        if (key != "default" && !Regex.IsMatch(key, "^[1-5](?>[0-9]{2}|XX)$"))
+                        if (!"default".Equals(key, StringComparison.OrdinalIgnoreCase) && !StatusCodeRegex
+#if NET8_0_OR_GREATER
+                            ().IsMatch(key)
+#else
+                            .IsMatch(key)
+#endif
+                            )
                         {
                             context.CreateError(nameof(ResponsesMustBeIdentifiedByDefaultOrStatusCode),
                                     "Responses key must be 'default', an HTTP status code, " +
                                     "or one of the following strings representing a range of HTTP status codes: " +
-                                    "'1XX', '2XX', '3XX', '4XX', '5XX'");
+                                    "'1XX', '2XX', '3XX', '4XX', '5XX' (case insensitive)");
                         }
 
                         context.Exit();
diff --git a/test/Microsoft.OpenApi.Tests/Validations/OpenApiResponsesValidationTests.cs b/test/Microsoft.OpenApi.Tests/Validations/OpenApiResponsesValidationTests.cs
@@ -0,0 +1,93 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+
+using System.Collections.Generic;
+using System.Linq;
+using Xunit;
+
+namespace Microsoft.OpenApi.Validations.Tests
+{
+    public class OpenApiResponsesValidationTests
+    {
+        [Theory]
+        [InlineData("200")]
+        [InlineData("404")]
+        [InlineData("500")]
+        [InlineData("1XX")]
+        [InlineData("2XX")]
+        [InlineData("3XX")]
+        [InlineData("4XX")]
+        [InlineData("5XX")]
+        [InlineData("1xx")]
+        [InlineData("2xx")]
+        [InlineData("3xx")]
+        [InlineData("4xx")]
+        [InlineData("5xx")]
+        [InlineData("default")]
+        public void ValidateResponseKeyIsValid(string responseKey)
+        {
+            // Arrange
+            var responses = new OpenApiResponses
+            {
+                [responseKey] = new OpenApiResponse { Description = "Test response" }
+            };
+
+            // Act
+            var errors = responses.Validate(ValidationRuleSet.GetDefaultRuleSet());
+
+            // Assert
+            Assert.Empty(errors);
+        }
+
+        [Fact]
+        public void ValidateMixedCaseResponseKeysAreAllowed()
+        {
+            // Arrange - Test the specific issue case mentioned in the bug report
+            var responses = new OpenApiResponses
+            {
+                ["4xx"] = new OpenApiResponse { Description = "Client error" },
+                ["5XX"] = new OpenApiResponse { Description = "Server error" },
+                ["200"] = new OpenApiResponse { Description = "Success" },
+                ["default"] = new OpenApiResponse { Description = "Default response" }
+            };
+
+            // Act
+            var errors = responses.Validate(ValidationRuleSet.GetDefaultRuleSet());
+
+            // Assert
+            Assert.Empty(errors);
+        }
+
+        [Fact]
+        public void ValidateLowercase4xxIsAccepted()
+        {
+            // Arrange - Test the specific reported issue
+            var responses = new OpenApiResponses
+            {
+                ["4xx"] = new OpenApiResponse { Description = "Client error" }
+            };
+
+            // Act
+            var errors = responses.Validate(ValidationRuleSet.GetDefaultRuleSet());
+
+            // Assert
+            Assert.Empty(errors);
+        }
+
+        [Fact]
+        public void ValidateLowercase5xxIsAccepted()
+        {
+            // Arrange - Test the specific reported issue
+            var responses = new OpenApiResponses
+            {
+                ["5xx"] = new OpenApiResponse { Description = "Server error" }
+            };
+
+            // Act
+            var errors = responses.Validate(ValidationRuleSet.GetDefaultRuleSet());
+
+            // Assert
+            Assert.Empty(errors);
+        }
+    }
+}
