CLOUDP-306570: Rule xgen-IPA-117-description-must-not-use-html (#604)

lovisaberggren · web-flow · commit f9de223501c7 · 2025-03-25T16:45:24.000Z
diff --git a/tools/spectral/ipa/__tests__/IPA117DescriptionEndsWithPeriod.test.js b/tools/spectral/ipa/__tests__/IPA117DescriptionEndsWithPeriod.test.js
@@ -61,7 +61,7 @@ testRule('xgen-IPA-117-description-ends-with-period', [
     errors: [],
   },
   {
-    name: 'invalid components with exceptions',
+    name: 'invalid description with exceptions',
     document: {
       components: {
         schemas: {
diff --git a/tools/spectral/ipa/__tests__/IPA117DescriptionMustNotUseHtml.test.js b/tools/spectral/ipa/__tests__/IPA117DescriptionMustNotUseHtml.test.js
@@ -0,0 +1,112 @@
+import testRule from './__helpers__/testRule';
+import { DiagnosticSeverity } from '@stoplight/types';
+
+testRule('xgen-IPA-117-description-must-not-use-html', [
+  {
+    name: 'valid description',
+    document: {
+      components: {
+        schemas: {
+          Schema: {
+            properties: {
+              valid: {
+                description: 'Description.',
+              },
+              validWithAngleBracket: {
+                description: 'Must be < 250 characters.',
+              },
+              validWithAngleBrackets: {
+                description: 'For example <username>:<password>',
+              },
+            },
+          },
+        },
+      },
+    },
+    errors: [],
+  },
+  {
+    name: 'invalid descriptions',
+    document: {
+      components: {
+        schemas: {
+          Schema: {
+            properties: {
+              html: {
+                description: '<a>Description</a>',
+              },
+              link: {
+                description: 'To learn more, see <a href="https://www.mongodb.com/">MongoDB</a>',
+              },
+              inlineHtml: {
+                description: 'This is something. <a>Description</a>',
+              },
+              selfClosingHtml: {
+                description: 'This is something.<br/>With a line break.',
+              },
+            },
+          },
+        },
+      },
+    },
+    errors: [
+      {
+        code: 'xgen-IPA-117-description-must-not-use-html',
+        message: 'Descriptions must not use raw HTML.',
+        path: ['components', 'schemas', 'Schema', 'properties', 'html'],
+        severity: DiagnosticSeverity.Warning,
+      },
+      {
+        code: 'xgen-IPA-117-description-must-not-use-html',
+        message:
+          'Descriptions must not use raw HTML. If you want to link to additional documentation, please use the externalDocumentation property (https://swagger.io/specification/#external-documentation-object).',
+        path: ['components', 'schemas', 'Schema', 'properties', 'link'],
+        severity: DiagnosticSeverity.Warning,
+      },
+      {
+        code: 'xgen-IPA-117-description-must-not-use-html',
+        message: 'Descriptions must not use raw HTML.',
+        path: ['components', 'schemas', 'Schema', 'properties', 'inlineHtml'],
+        severity: DiagnosticSeverity.Warning,
+      },
+      {
+        code: 'xgen-IPA-117-description-must-not-use-html',
+        message: 'Descriptions must not use raw HTML.',
+        path: ['components', 'schemas', 'Schema', 'properties', 'selfClosingHtml'],
+        severity: DiagnosticSeverity.Warning,
+      },
+    ],
+  },
+  {
+    name: 'invalid descriptions with exceptions',
+    document: {
+      components: {
+        schemas: {
+          Schema: {
+            properties: {
+              html: {
+                description: '<a>Description</a>',
+                'x-xgen-IPA-exception': {
+                  'xgen-IPA-117-description-must-not-use-html': 'reason',
+                },
+              },
+              inlineHtml: {
+                description: 'This is something. <a>Description</a>',
+                'x-xgen-IPA-exception': {
+                  'xgen-IPA-117-description-must-not-use-html': 'reason',
+                },
+              },
+              selfClosingHtml: {
+                description: 'This is something.</br>With a line break.',
+                'x-xgen-IPA-exception': {
+                  'xgen-IPA-117-description-must-not-use-html': 'reason',
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+    errors: [],
+  },
+]);
diff --git a/tools/spectral/ipa/__tests__/IPA117DescriptionStartsWithUpperCase.test.js b/tools/spectral/ipa/__tests__/IPA117DescriptionStartsWithUpperCase.test.js
@@ -44,7 +44,7 @@ testRule('xgen-IPA-117-description-starts-with-uppercase', [
     ],
   },
   {
-    name: 'invalid components with exceptions',
+    name: 'invalid description with exceptions',
     document: {
       components: {
         schemas: {
diff --git a/tools/spectral/ipa/rulesets/IPA-117.yaml b/tools/spectral/ipa/rulesets/IPA-117.yaml
@@ -5,6 +5,7 @@ functions:
   - IPA117HasDescription
   - IPA117DescriptionStartsWithUpperCase
   - IPA117DescriptionEndsWithPeriod
+  - IPA117DescriptionMustNotUseHtml
 
 rules:
   xgen-IPA-117-description:
@@ -81,3 +82,28 @@ rules:
       - '$.components.parameters[*]'
     then:
       function: 'IPA117DescriptionEndsWithPeriod'
+  xgen-IPA-117-description-must-not-use-html:
+    description: |
+      Descriptions must not use raw HTML.
+
+      ##### Implementation details
+      Rule checks the format of the descriptions for components:
+        - Info object
+        - Tags
+        - Operation objects
+        - Inline schema properties for operation object requests and responses
+        - Parameter objects (in operations and components)
+        - Schema properties
+      The rule validates that the description content does not include opening and/or closing HTML tags.
+    message: '{{error}} https://mdb.link/mongodb-atlas-openapi-validation#xgen-IPA-117-description-must-not-use-html'
+    severity: warn
+    given:
+      - '$.info'
+      - '$.tags[*]'
+      - '$.paths[*][get,put,post,delete,options,head,patch,trace]'
+      - '$.paths[*][get,put,post,delete,options,head,patch,trace].parameters[*]'
+      - '$.paths[*][get,put,post,delete,options,head,patch,trace]..content..properties[*]'
+      - '$.components.schemas..properties[*]'
+      - '$.components.parameters[*]'
+    then:
+      function: 'IPA117DescriptionMustNotUseHtml'
diff --git a/tools/spectral/ipa/rulesets/README.md b/tools/spectral/ipa/rulesets/README.md
@@ -602,6 +602,21 @@ Rule checks the format of the description property in the following components:
   - Schema properties
 The rule ignores descriptions that end with `|`, i.e. inline markdown tables
 
+#### xgen-IPA-117-description-must-not-use-html
+
+ ![warn](https://img.shields.io/badge/warning-yellow) 
+Descriptions must not use raw HTML.
+
+##### Implementation details
+Rule checks the format of the descriptions for components:
+  - Info object
+  - Tags
+  - Operation objects
+  - Inline schema properties for operation object requests and responses
+  - Parameter objects (in operations and components)
+  - Schema properties
+The rule validates that the description content does not include opening and/or closing HTML tags.
+
 
 
 ### IPA-123
diff --git a/tools/spectral/ipa/rulesets/functions/IPA117DescriptionMustNotUseHtml.js b/tools/spectral/ipa/rulesets/functions/IPA117DescriptionMustNotUseHtml.js
@@ -0,0 +1,51 @@
+import { hasException } from './utils/exceptions.js';
+import {
+  collectAdoption,
+  collectAndReturnViolation,
+  collectException,
+  handleInternalError,
+} from './utils/collectionUtils.js';
+
+const RULE_NAME = 'xgen-IPA-117-description-must-not-use-html';
+const ERROR_MESSAGE = 'Descriptions must not use raw HTML.';
+
+export default (input, opts, { path }) => {
+  // Ignore missing descriptions
+  if (!input['description']) {
+    return;
+  }
+
+  if (hasException(input, RULE_NAME)) {
+    collectException(input, RULE_NAME, path);
+    return;
+  }
+
+  const errors = checkViolationsAndReturnErrors(input['description'], path);
+  if (errors.length !== 0) {
+    return collectAndReturnViolation(path, RULE_NAME, errors);
+  }
+  collectAdoption(path, RULE_NAME);
+};
+
+function checkViolationsAndReturnErrors(description, path) {
+  const htmlTagPattern = new RegExp(`<.*>.*</.*>`);
+  const htmlTagSelfClosingPattern = new RegExp(`<.*/>`);
+  const linkHtmlPattern = new RegExp(`<a.*>.*</a>`);
+
+  try {
+    if (htmlTagPattern.test(description) || htmlTagSelfClosingPattern.test(description)) {
+      if (linkHtmlPattern.test(description)) {
+        return [
+          {
+            path,
+            message: `${ERROR_MESSAGE} If you want to link to additional documentation, please use the externalDocumentation property (https://swagger.io/specification/#external-documentation-object).`,
+          },
+        ];
+      }
+      return [{ path, message: ERROR_MESSAGE }];
+    }
+    return [];
+  } catch (e) {
+    handleInternalError(RULE_NAME, path, e);
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ testRule('xgen-IPA-117-description-ends-with-period', [`
`61`	`61`	`errors: [],`
`62`	`62`	`},`
`63`	`63`	`{`
`64`		`- name: 'invalid components with exceptions',`
	`64`	`+ name: 'invalid description with exceptions',`
`65`	`65`	`document: {`
`66`	`66`	`components: {`
`67`	`67`	`schemas: {`
Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ testRule('xgen-IPA-117-description-starts-with-uppercase', [`
`44`	`44`	`],`
`45`	`45`	`},`
`46`	`46`	`{`
`47`		`- name: 'invalid components with exceptions',`
	`47`	`+ name: 'invalid description with exceptions',`
`48`	`48`	`document: {`
`49`	`49`	`components: {`
`50`	`50`	`schemas: {`