From 1b57fa37149abafcdc4f4e682d6617bb4e75557c Mon Sep 17 00:00:00 2001 From: Yeliz Henden Date: Thu, 6 Mar 2025 11:41:20 +0000 Subject: [PATCH 1/4] CLOUDP-271994: IPA-106: Validate Create methods accepts no query params --- ...MethodShouldNotHaveQueryParameters.test.js | 135 ++++++++++++++++++ tools/spectral/ipa/rulesets/IPA-106.yaml | 8 ++ tools/spectral/ipa/rulesets/README.md | 1 + ...reateMethodShouldNotHaveQueryParameters.js | 34 +++++ 4 files changed, 178 insertions(+) create mode 100644 tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js create mode 100644 tools/spectral/ipa/rulesets/functions/createMethodShouldNotHaveQueryParameters.js diff --git a/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js b/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js new file mode 100644 index 0000000000..89c75cc0bc --- /dev/null +++ b/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js @@ -0,0 +1,135 @@ +import testRule from './__helpers__/testRule'; +import { DiagnosticSeverity } from '@stoplight/types'; + +const componentSchemas = { + schemas: { + Schema: { + type: 'object', + }, + }, +}; + +testRule('xgen-IPA-106-create-method-should-not-have-query-parameters', [ + { + name: 'valid methods', + document: { + components: componentSchemas, + paths: { + '/resource': { + post: { + parameters: [ + { + name: 'header-param', + in: 'header', + schema: { type: 'string' }, + }, + { + name: 'resource-id', + in: 'path', + schema: { + $ref: '#/components/schemas/Schema', + }, + }, + ], + }, + }, + '/resource2': { + post: { + parameters: [], + }, + }, + }, + }, + errors: [], + }, + { + name: 'invalid methods', + document: { + components: componentSchemas, + paths: { + '/resource': { + post: { + parameters: [ + { + name: 'filter', + in: 'query', + schema: { type: 'string' }, + }, + ], + }, + }, + '/resource2': { + post: { + parameters: [ + { + name: 'header-param', + in: 'header', + schema: { type: 'string' }, + }, + { + name: 'query-param', + in: 'query', + schema: { + $ref: '#/components/schemas/Schema', + }, + }, + ], + }, + }, + }, + }, + errors: [ + { + code: 'xgen-IPA-106-create-method-should-not-have-query-parameters', + message: 'Create operations should not have query parameters. http://go/ipa/106', + path: ['paths', '/resource', 'post'], + severity: DiagnosticSeverity.Warning, + }, + { + code: 'xgen-IPA-106-create-method-should-not-have-query-parameters', + message: 'Create operations should not have query parameters. http://go/ipa/106', + path: ['paths', '/resource2', 'post'], + severity: DiagnosticSeverity.Warning, + }, + ], + }, + { + name: 'invalid methods with exceptions', + document: { + components: componentSchemas, + paths: { + '/resource': { + post: { + parameters: [ + { + name: 'filter', + in: 'query', + schema: { type: 'string' }, + }, + ], + 'x-xgen-IPA-exception': { + 'xgen-IPA-106-create-method-should-not-have-query-parameters': 'Reason', + }, + }, + }, + '/resource2': { + post: { + parameters: [ + { + name: 'query-param', + in: 'query', + schema: { + $ref: '#/components/schemas/Schema', + }, + }, + ], + 'x-xgen-IPA-exception': { + 'xgen-IPA-106-create-method-should-not-have-query-parameters': 'Reason', + }, + }, + }, + }, + }, + errors: [], + }, +]); diff --git a/tools/spectral/ipa/rulesets/IPA-106.yaml b/tools/spectral/ipa/rulesets/IPA-106.yaml index b8e695bc50..e9f17fdb5c 100644 --- a/tools/spectral/ipa/rulesets/IPA-106.yaml +++ b/tools/spectral/ipa/rulesets/IPA-106.yaml @@ -3,6 +3,7 @@ functions: - createMethodRequestBodyIsRequestSuffixedObject + - createMethodShouldNotHaveQueryParameters rules: xgen-IPA-106-create-method-request-body-is-request-suffixed-object: @@ -13,3 +14,10 @@ rules: then: field: '@key' function: 'createMethodRequestBodyIsRequestSuffixedObject' + xgen-IPA-106-create-method-should-not-have-query-parameters: + description: 'Create operations should not use query parameters. http://go/ipa/xxx' + message: '{{error}} http://go/ipa/106' + severity: warn + given: '$.paths[*].post' + then: + function: 'createMethodShouldNotHaveQueryParameters' diff --git a/tools/spectral/ipa/rulesets/README.md b/tools/spectral/ipa/rulesets/README.md index 43f9ae370a..cb502205ee 100644 --- a/tools/spectral/ipa/rulesets/README.md +++ b/tools/spectral/ipa/rulesets/README.md @@ -41,6 +41,7 @@ For rule definitions, see [IPA-106.yaml](https://github.com/mongodb/openapi/blob | Rule Name | Description | Severity | | ------------------------------------------------------------------ | -------------------------------------------------------------------------------- | -------- | | xgen-IPA-106-create-method-request-body-is-request-suffixed-object | The Create method request should be a Request suffixed object. http://go/ipa/106 | warn | +| xgen-IPA-106-create-method-should-not-have-query-parameters | Create operations should not use query parameters. http://go/ipa/xxx | warn | ### IPA-109 diff --git a/tools/spectral/ipa/rulesets/functions/createMethodShouldNotHaveQueryParameters.js b/tools/spectral/ipa/rulesets/functions/createMethodShouldNotHaveQueryParameters.js new file mode 100644 index 0000000000..baaa720063 --- /dev/null +++ b/tools/spectral/ipa/rulesets/functions/createMethodShouldNotHaveQueryParameters.js @@ -0,0 +1,34 @@ +import { hasException } from './utils/exceptions.js'; +import { collectAdoption, collectAndReturnViolation, collectException } from './utils/collectionUtils.js'; +import { isCustomMethodIdentifier } from './utils/resourceEvaluation.js'; +import { resolveObject } from './utils/componentUtils.js'; + +const RULE_NAME = 'xgen-IPA-106-create-method-should-not-have-query-parameters'; +const ERROR_MESSAGE = 'Create operations should not have query parameters.'; + +export default (input, _, { path, documentInventory }) => { + const oas = documentInventory.unresolved; + const resourcePath = path[1]; + + if (isCustomMethodIdentifier(resourcePath)) { + return; + } + + const postMethod = resolveObject(oas, path); + if (!postMethod.parameters || postMethod.parameters.length === 0) { + return; + } + + if (hasException(postMethod, RULE_NAME)) { + collectException(postMethod, RULE_NAME, path); + return; + } + + for (const parameter of postMethod.parameters) { + if (parameter.in === 'query') { + return collectAndReturnViolation(path, RULE_NAME, ERROR_MESSAGE); + } + } + + collectAdoption(path, RULE_NAME); +}; From 10faa72ba3d9b599b9b5f9c17aedc27224b4383f Mon Sep 17 00:00:00 2001 From: Yeliz Henden Date: Thu, 6 Mar 2025 11:49:43 +0000 Subject: [PATCH 2/4] Remove unresolved oas --- .../functions/createMethodShouldNotHaveQueryParameters.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tools/spectral/ipa/rulesets/functions/createMethodShouldNotHaveQueryParameters.js b/tools/spectral/ipa/rulesets/functions/createMethodShouldNotHaveQueryParameters.js index baaa720063..5b45886df4 100644 --- a/tools/spectral/ipa/rulesets/functions/createMethodShouldNotHaveQueryParameters.js +++ b/tools/spectral/ipa/rulesets/functions/createMethodShouldNotHaveQueryParameters.js @@ -1,20 +1,18 @@ import { hasException } from './utils/exceptions.js'; import { collectAdoption, collectAndReturnViolation, collectException } from './utils/collectionUtils.js'; import { isCustomMethodIdentifier } from './utils/resourceEvaluation.js'; -import { resolveObject } from './utils/componentUtils.js'; const RULE_NAME = 'xgen-IPA-106-create-method-should-not-have-query-parameters'; const ERROR_MESSAGE = 'Create operations should not have query parameters.'; -export default (input, _, { path, documentInventory }) => { - const oas = documentInventory.unresolved; +export default (input, _, { path }) => { const resourcePath = path[1]; if (isCustomMethodIdentifier(resourcePath)) { return; } - const postMethod = resolveObject(oas, path); + const postMethod = input; if (!postMethod.parameters || postMethod.parameters.length === 0) { return; } From 0b037c27d9adfca1cea100b96d13aeeda7a15e8c Mon Sep 17 00:00:00 2001 From: Yeliz Henden Date: Thu, 6 Mar 2025 12:12:35 +0000 Subject: [PATCH 3/4] Add more test cases --- ...MethodShouldNotHaveQueryParameters.test.js | 35 ++++++++++++------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js b/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js index 89c75cc0bc..4bbf607f14 100644 --- a/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js +++ b/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js @@ -7,6 +7,22 @@ const componentSchemas = { type: 'object', }, }, + parameters: { + QueryParam: { + name: 'query-param', + in: 'query', + schema: { + type: 'string' + }, + }, + PathParam: { + name: 'resource-id', + in: 'path', + schema: { + type: 'string' + }, + } + } }; testRule('xgen-IPA-106-create-method-should-not-have-query-parameters', [ @@ -30,6 +46,9 @@ testRule('xgen-IPA-106-create-method-should-not-have-query-parameters', [ $ref: '#/components/schemas/Schema', }, }, + { + $ref: '#/components/parameters/PathParam', + } ], }, }, @@ -67,12 +86,8 @@ testRule('xgen-IPA-106-create-method-should-not-have-query-parameters', [ schema: { type: 'string' }, }, { - name: 'query-param', - in: 'query', - schema: { - $ref: '#/components/schemas/Schema', - }, - }, + $ref: '#/components/parameters/QueryParam', + } ], }, }, @@ -116,12 +131,8 @@ testRule('xgen-IPA-106-create-method-should-not-have-query-parameters', [ post: { parameters: [ { - name: 'query-param', - in: 'query', - schema: { - $ref: '#/components/schemas/Schema', - }, - }, + $ref: '#/components/parameters/QueryParam', + } ], 'x-xgen-IPA-exception': { 'xgen-IPA-106-create-method-should-not-have-query-parameters': 'Reason', From e771dd9a47014cc01d3dc87d4075f1388eee03b6 Mon Sep 17 00:00:00 2001 From: Yeliz Henden Date: Thu, 6 Mar 2025 12:14:24 +0000 Subject: [PATCH 4/4] prettier fix --- ...reateMethodShouldNotHaveQueryParameters.test.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js b/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js index 4bbf607f14..2976a6534d 100644 --- a/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js +++ b/tools/spectral/ipa/__tests__/createMethodShouldNotHaveQueryParameters.test.js @@ -12,17 +12,17 @@ const componentSchemas = { name: 'query-param', in: 'query', schema: { - type: 'string' + type: 'string', }, }, PathParam: { name: 'resource-id', in: 'path', schema: { - type: 'string' + type: 'string', }, - } - } + }, + }, }; testRule('xgen-IPA-106-create-method-should-not-have-query-parameters', [ @@ -48,7 +48,7 @@ testRule('xgen-IPA-106-create-method-should-not-have-query-parameters', [ }, { $ref: '#/components/parameters/PathParam', - } + }, ], }, }, @@ -87,7 +87,7 @@ testRule('xgen-IPA-106-create-method-should-not-have-query-parameters', [ }, { $ref: '#/components/parameters/QueryParam', - } + }, ], }, }, @@ -132,7 +132,7 @@ testRule('xgen-IPA-106-create-method-should-not-have-query-parameters', [ parameters: [ { $ref: '#/components/parameters/QueryParam', - } + }, ], 'x-xgen-IPA-exception': { 'xgen-IPA-106-create-method-should-not-have-query-parameters': 'Reason',