Skip to content

Commit 1b57fa3

Browse files
yelizhenden-mdbyelizhenden-mdb
committed
CLOUDP-271994: IPA-106: Validate Create methods accepts no query params
1 parent 1b297b7 commit 1b57fa3

File tree

4 files changed

+178
-0
lines changed

4 files changed

+178
-0
lines changed

tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js

Lines changed: 135 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,135 @@
1+
import testRule from './__helpers__/testRule';
2+
import { DiagnosticSeverity } from '@stoplight/types';
3+
4+
const componentSchemas = {
5+
schemas: {
6+
Schema: {
7+
type: 'object',
8+
},
9+
},
10+
};
11+
12+
testRule('xgen-IPA-106-create-method-should-not-have-query-parameters', [
13+
{
14+
name: 'valid methods',
15+
document: {
16+
components: componentSchemas,
17+
paths: {
18+
'/resource': {
19+
post: {
20+
parameters: [
21+
{
22+
name: 'header-param',
23+
in: 'header',
24+
schema: { type: 'string' },
25+
},
26+
{
27+
name: 'resource-id',
28+
in: 'path',
29+
schema: {
30+
$ref: '#/components/schemas/Schema',
31+
},
32+
},
33+
],
34+
},
35+
},
36+
'/resource2': {
37+
post: {
38+
parameters: [],
39+
},
40+
},
41+
},
42+
},
43+
errors: [],
44+
},
45+
{
46+
name: 'invalid methods',
47+
document: {
48+
components: componentSchemas,
49+
paths: {
50+
'/resource': {
51+
post: {
52+
parameters: [
53+
{
54+
name: 'filter',
55+
in: 'query',
56+
schema: { type: 'string' },
57+
},
58+
],
59+
},
60+
},
61+
'/resource2': {
62+
post: {
63+
parameters: [
64+
{
65+
name: 'header-param',
66+
in: 'header',
67+
schema: { type: 'string' },
68+
},
69+
{
70+
name: 'query-param',
71+
in: 'query',
72+
schema: {
73+
$ref: '#/components/schemas/Schema',
74+
},
75+
},
76+
],
77+
},
78+
},
79+
},
80+
},
81+
errors: [
82+
{
83+
code: 'xgen-IPA-106-create-method-should-not-have-query-parameters',
84+
message: 'Create operations should not have query parameters. http://go/ipa/106',
85+
path: ['paths', '/resource', 'post'],
86+
severity: DiagnosticSeverity.Warning,
87+
},
88+
{
89+
code: 'xgen-IPA-106-create-method-should-not-have-query-parameters',
90+
message: 'Create operations should not have query parameters. http://go/ipa/106',
91+
path: ['paths', '/resource2', 'post'],
92+
severity: DiagnosticSeverity.Warning,
93+
},
94+
],
95+
},
96+
{
97+
name: 'invalid methods with exceptions',
98+
document: {
99+
components: componentSchemas,
100+
paths: {
101+
'/resource': {
102+
post: {
103+
parameters: [
104+
{
105+
name: 'filter',
106+
in: 'query',
107+
schema: { type: 'string' },
108+
},
109+
],
110+
'x-xgen-IPA-exception': {
111+
'xgen-IPA-106-create-method-should-not-have-query-parameters': 'Reason',
112+
},
113+
},
114+
},
115+
'/resource2': {
116+
post: {
117+
parameters: [
118+
{
119+
name: 'query-param',
120+
in: 'query',
121+
schema: {
122+
$ref: '#/components/schemas/Schema',
123+
},
124+
},
125+
],
126+
'x-xgen-IPA-exception': {
127+
'xgen-IPA-106-create-method-should-not-have-query-parameters': 'Reason',
128+
},
129+
},
130+
},
131+
},
132+
},
133+
errors: [],
134+
},
135+
]);

tools/spectral/ipa/rulesets/IPA-106.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33

44
functions:
55
- createMethodRequestBodyIsRequestSuffixedObject
6+
- createMethodShouldNotHaveQueryParameters
67

78
rules:
89
xgen-IPA-106-create-method-request-body-is-request-suffixed-object:
@@ -13,3 +14,10 @@ rules:
1314
then:
1415
field: '@key'
1516
function: 'createMethodRequestBodyIsRequestSuffixedObject'
17+
xgen-IPA-106-create-method-should-not-have-query-parameters:
18+
description: 'Create operations should not use query parameters. http://go/ipa/xxx'
19+
message: '{{error}} http://go/ipa/106'
20+
severity: warn
21+
given: '$.paths[*].post'
22+
then:
23+
function: 'createMethodShouldNotHaveQueryParameters'

tools/spectral/ipa/rulesets/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ For rule definitions, see [IPA-106.yaml](https://github.com/mongodb/openapi/blob
4141
| Rule Name | Description | Severity |
4242
| ------------------------------------------------------------------ | -------------------------------------------------------------------------------- | -------- |
4343
| xgen-IPA-106-create-method-request-body-is-request-suffixed-object | The Create method request should be a Request suffixed object. http://go/ipa/106 | warn |
44+
| xgen-IPA-106-create-method-should-not-have-query-parameters | Create operations should not use query parameters. http://go/ipa/xxx | warn |
4445

4546
### IPA-109
4647

tools/spectral/ipa/rulesets/functions/createMethodShouldNotHaveQueryParameters.js

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
import { hasException } from './utils/exceptions.js';
2+
import { collectAdoption, collectAndReturnViolation, collectException } from './utils/collectionUtils.js';
3+
import { isCustomMethodIdentifier } from './utils/resourceEvaluation.js';
4+
import { resolveObject } from './utils/componentUtils.js';
5+
6+
const RULE_NAME = 'xgen-IPA-106-create-method-should-not-have-query-parameters';
7+
const ERROR_MESSAGE = 'Create operations should not have query parameters.';
8+
9+
export default (input, _, { path, documentInventory }) => {
10+
const oas = documentInventory.unresolved;
11+
const resourcePath = path[1];
12+
13+
if (isCustomMethodIdentifier(resourcePath)) {
14+
return;
15+
}
16+
17+
const postMethod = resolveObject(oas, path);
18+
if (!postMethod.parameters || postMethod.parameters.length === 0) {
19+
return;
20+
}
21+
22+
if (hasException(postMethod, RULE_NAME)) {
23+
collectException(postMethod, RULE_NAME, path);
24+
return;
25+
}
26+
27+
for (const parameter of postMethod.parameters) {
28+
if (parameter.in === 'query') {
29+
return collectAndReturnViolation(path, RULE_NAME, ERROR_MESSAGE);
30+
}
31+
}
32+
33+
collectAdoption(path, RULE_NAME);
34+
};

0 commit comments

Comments
 (0)