validate matching {} in templates. More linter rules

Author: MikeRalphson

linter/linter.js

@@ -12,16 +12,24 @@ function loadRules(s) {
     let data = fs.readFileSync(s,'utf8');
     let obj = yaml.safeLoad(data,{json:true});
     rules = Object.assign({},rules,obj);
+    for (let r in rules) {
+        let rule = rules[r];
+        if (!Array.isArray(rule.object)) rule.object = [ rule.object ];
+        if (rule.truthy && !Array.isArray(rule.truthy)) rule.truthy = [ rule.truthy ];
+        if (!rule.enabled) delete rules[r];
+    }
 }
 
 function lint(objectName,object,options) {
     for (let r in rules) {
         let rule = rules[r];
-        if (rule.enabled && rule.object === objectName) {
+        if ((rule.object[0] === '*') || (rule.object.indexOf(objectName)>=0)) {
             options.lintRule = rule;
             if (rule.truthy) {
-                object.should.have.property(rule.truthy);
-                object[rule.truthy].should.not.be.empty();
+                for (let property of rule.truthy) {
+                    object.should.have.property(property);
+                    object[property].should.not.be.empty();
+                }
             }
             if (rule.properties) {
                 should(Object.keys(object).length).be.exactly(rule.properties);
@@ -37,12 +45,36 @@ function lint(objectName,object,options) {
                 let found = false;
                 for (let property of rule.xor) {
                     if (typeof object[property] !== 'undefined') {
-                        if (found) should.fail(rule.description);
+                        if (found) should.fail(true,false,rule.description);
                         found = true;
                     }
                 }
                 found.should.be.exactly(true,rule.description);
             }
+            if (rule.pattern) {
+                let components = [];
+                if (rule.pattern.split) {
+                    components = object[rule.pattern.property].split(rule.pattern.split);
+                }
+                else {
+                    components.push(object[rule.pattern.property]);
+                }
+                let re = new RegExp(rule.pattern.value);
+                for (let component of components) {
+                    if (rule.pattern.omit) component = component.split(rule.pattern.omit).join('');
+                    if (component) {
+                        should(re.test(component)).be.exactly(true,rule.description);
+                    }
+                }
+            }
+            if (rule.notContain) {
+                for (let property of rule.notContain.properties) {
+                    if (object[property] && (typeof object[property] === 'string') &&
+                        (object[property].indexOf(rule.notContain.value)>=0)) {
+                        should.fail(true,false,rule.description);
+                    }
+                }
+            }
         }
     }
     delete options.lintRule;

linter/rules.json

@@ -69,5 +69,61 @@
         "enabled": true,
         "description": "example should have either value or externalValue",
         "xor": ["value", "externalValue"]
+    },
+    "11": {
+        "name": "reference-components-regex",
+        "object": "reference",
+        "enabled": true,
+        "description": "reference components should all match spec. regex",
+        "pattern": { "property": "$ref", "omit": "#", "split": "/", "value": "^[a-zA-Z0-9\\.\\-_]+$" }
+    },
+    "12": {
+        "name":"no-script-tags-in-markdown",
+        "object": "*",
+        "enabled": true,
+        "description": "markdown descriptions should not contain <script> tags",
+        "notContain": { "properties": [ "description" ], "value": "<script" }
+    },
+    "13": {
+        "name":"info-contact",
+        "object": "info",
+        "enabled": true,
+        "description": "info object should contain contact object",
+        "truthy": "contact"
+    },
+    "14": {
+        "name":"contact-properties",
+        "object": "contact",
+        "enabled": true,
+        "description": "contact object should have name, url and email",
+        "truthy": [ "name", "url", "email" ]
+    },
+    "15": {
+        "name":"license-url",
+        "object": "license",
+        "enabled": true,
+        "description": "license object should include url",
+        "truthy": "url"
+    },
+    "16": {
+        "name":"server-not-example.com",
+        "object": "server",
+        "enabled": true,
+        "description": "server url should not point at example.com",
+        "notContain": { "properties": [ "url" ], "value": "example.com" }
+    },
+    "17": {
+        "name":"license-apimatic-bug",
+        "object": "license",
+        "enabled": true,
+        "description": "license url should not point at gruntjs",
+        "notContain": { "properties": [ "url" ], "value": "gruntjs" }
+    },
+    "18": {
+        "name":"no-eval-in-descriptions",
+        "object": "*",
+        "enabled": true,
+        "description": "markdown descriptions should not contain 'eval('",
+        "notContain": { "properties": [ "description","title" ], "value": "eval(" }
     }
 }

validate.js

@@ -328,8 +328,8 @@ function checkExample(ex, contextServers, openapi, options) {
 function checkContent(content, contextServers, openapi, options) {
     contextAppend(options, 'content');
     for (let ct in content) {
-        // TODO validate ct against https://tools.ietf.org/html/rfc6838#section-4.2
-        should(ct.indexOf('/')).be.greaterThan(-1,'content-type must match RFC 6838');
+        // validate ct against https://tools.ietf.org/html/rfc6838#section-4.2
+        should(/[a-zA-Z0-9!#$%^&\*_\-\+{}\|'.`~]+\/[a-zA-Z0-9!#$%^&\*_\-\+{}\|'.`~]+/.test(ct)).be.exactly(true,'media-type should match RFC6838 format'); // this is a SHOULD not MUST
         contextAppend(options, jptr.jpescape(ct));
         var contentType = content[ct];
         should(contentType).be.an.Object();
@@ -828,6 +828,7 @@ function validateSync(openapi, options, callback) {
             openapi.info.license.url.should.not.be.empty();
             (function () { validateUrl(openapi.info.license.url, contextServers, 'license.url', options) }).should.not.throw();
         }
+        if (options.lint) options.linter('license',openapi.info.license,options);
         options.context.pop();
     }
     if (typeof openapi.info.termsOfService !== 'undefined') {
@@ -846,8 +847,10 @@ function validateSync(openapi, options, callback) {
             openapi.info.contact.email.should.have.type('string');
             should(openapi.info.contact.email.indexOf('@')).be.greaterThan(-1,'Contact email must be a valid email address');
         }
+        if (options.lint) options.linter('contact',openapi.info.contact,options);
         options.context.pop();
     }
+    if (options.lint) options.linter('info',openapi.info,options);
     options.context.pop();
 
     var contextServers = [];
@@ -991,6 +994,13 @@ function validateSync(openapi, options, callback) {
                 should.fail(false,true,'Identical path templates detected');
             }
             paths[template] = {};
+            let templateCheck = p.replace(/\{(.+?)\}/g, function (match, group1) {
+                return '';
+            });
+            if ((templateCheck.indexOf('{')>=0) || (templateCheck.indexOf('}')>=0)) {
+                should.fail(false,true,'Mismatched {} in path template');
+            }
+
             checkPathItem(openapi.paths[p], p, openapi, options);
         }
         options.context.pop();