OpenAPI specifications contains various semantic errors

[maximiliankolb]

Current Behavior

I am running dependency-track on my local machine. I've downloaded the swagger.json file from http://localhost:8081/api/swagger.json and inserted it into the swagger-editor as follows: docker run --rm -d -p 8079:8080 -v $(pwd):/tmp -e SWAGGER_FILE=/tmp/swagger.json swaggerapi/swagger-editor. Navigating to http://localhost:8079/ shwos the following error:

Errors

Semantic error at paths./v1/bom.post.parameters
Parameters cannot have both a "in: body" and "in: formData", as "formData" _will_ be the body
Jump to line 534
Semantic error at paths./v1/repository/{uuid}
Equivalent paths are not allowed.
Jump to line 4852
Semantic error at paths./v1/vex.post.parameters
Parameters cannot have both a "in: body" and "in: formData", as "formData" _will_ be the body
Jump to line 6274
Semantic error at definitions.AnalysisRequest.required.0
Read only properties cannot be marked as required by a schema.
Jump to line 7060
Semantic error at definitions.AnalysisRequest.required.1
Read only properties cannot be marked as required by a schema.
Jump to line 7060
Semantic error at definitions.BomSubmitRequest.required.0
Read only properties cannot be marked as required by a schema.
Jump to line 7765
Semantic error at definitions.BomSubmitRequest.required.1
Read only properties cannot be marked as required by a schema.
Jump to line 7765
Semantic error at definitions.CloneProjectRequest.required.0
Read only properties cannot be marked as required by a schema.
Jump to line 9523
Semantic error at definitions.CloneProjectRequest.required.1
Read only properties cannot be marked as required by a schema.
Jump to line 9523
Semantic error at definitions.VexSubmitRequest.required.0
Read only properties cannot be marked as required by a schema.
Jump to line 9615
Semantic error at definitions.VexSubmitRequest.required.1
Read only properties cannot be marked as required by a schema.
Jump to line 9615
Semantic error at definitions.ViolationAnalysisRequest.required.0
Read only properties cannot be marked as required by a schema.
Jump to line 9641
Semantic error at definitions.ViolationAnalysisRequest.required.1
Read only properties cannot be marked as required by a schema.
Jump to line 9641

Steps to Reproduce

1. Download swagger.json
2. Upload swagger.json to swagger-editor container

Expected Behavior

swagger.json conforms to the OpenAPI specification.

Dependency-Track Version

4.6.x

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

No response

Browser

Google Chrome

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this defect was already reported

[maximiliankolb]

This might be related to #1276 and #840.

[nscuro]

Thanks for reporting @maximiliankolb!

And yes, as you already found out, the the OpenAPI spec file needs (re-)work.

I wasn't aware however that the semantics of the existing file are invalid. Did you try to validate the Swagger 2 doc with an OpenAPI 3 validator maybe?

[maximiliankolb]

I am unsure. If I use https://apitools.dev/swagger-parser/online/, which according to their repo on Github parses swagger 2.0 files, then I also get an error as follows:

Validation failed. /paths/v1/bom/post has body parameters and formData parameters. Only one or the other is allowed.

This points IMHO towards the same issue as mentioned above.

[nscuro]

Resolved via #3728. We now have tests that validate the generated OpenAPI spec.

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.