IBM · dpopp07 · Sep 17, 2024 · Sep 17, 2024
diff --git a/docs/ibm-cloud-rules.md b/docs/ibm-cloud-rules.md
@@ -6522,7 +6522,6 @@ fields in order to clearly define the set of valid values for the property.
 [<a href="https://cloud.ibm.com/docs/api-handbook?topic=api-handbook-types#string">1</a>].
 <p>Note that these checks are bypassed for the following scenarios:
 <ul>
-<li>All checks are bypassed for string schemas that are used only within an operation response.
 <li>All checks are bypassed for string schemas that contain an <code>enum</code> field.</li>
 <li>The check for the <code>pattern</code> field is bypassed if <code>format</code> is set to 
 <code>binary</code>, <code>byte</code>, <code>date</code>, <code>date-time</code>, or <code>url</code>.</li>

diff --git a/packages/ruleset/src/functions/string-attributes.js b/packages/ruleset/src/functions/string-attributes.js
@@ -9,11 +9,7 @@ const {
  validateNestedSchemas,
 } = require('@ibm-cloud/openapi-ruleset-utilities');
 
-const {
- getCompositeSchemaAttribute,
- LoggerFactory,
- pathMatchesRegexp,
-} = require('../utils');
+const { getCompositeSchemaAttribute, LoggerFactory } = require('../utils');
 
 let ruleId;
 let logger;
@@ -55,7 +51,7 @@ function stringBoundaryErrors(schema, path) {
 
  // Only check for the presence of validation keywords on input schemas
  // (i.e. those used for parameters and request bodies).
- if (isStringSchema(schema) && isInputSchema(path)) {
+ if (isStringSchema(schema)) {
  logger.debug('schema is a string schema');
 
  // Perform these checks only if enum is not defined.
@@ -95,10 +91,7 @@ function stringBoundaryErrors(schema, path) {
  });
  }
  }
- }
-
- // Make sure string attributes aren't used for non-strings.
- if (!isStringSchema(schema)) {
+ } else {
  // Make sure that string-related fields are not present in a non-string schema.
  if (schemaContainsAttribute(schema, 'pattern')) {
  errors.push({
@@ -135,14 +128,3 @@ function schemaContainsAttribute(schema, attrName) {
  s => attrName in s && isDefined(s[attrName])
  );
 }
-
-function isInputSchema(path) {
- // Output schemas are much simpler to check for with regex.
- // Use the inverse of that to determine input schemas.
- const isOutputSchema = pathMatchesRegexp(
- path,
- /^paths,.*,responses,.+,(content|headers),.+,schema/
- );
-
- return !isOutputSchema;
-}
diff --git a/packages/ruleset/test/string-attributes.test.js b/packages/ruleset/test/string-attributes.test.js
@@ -212,27 +212,6 @@ describe(`Spectral rule: ${ruleId}`, () => {
  expect(results).toHaveLength(0);
  });
 
- it('Response body string schema has no keywords', async () => {
- const testDocument = makeCopy(rootDocument);
- testDocument.paths['/v1/movies/{movie_id}'].get.responses['200'] = {
- content: {
- 'application/json': {
- schema: {
- properties: {
- name: {
- type: 'string',
- description: 'no validation',
- },
- },
- },
- },
- },
- };
-
- const results = await testRule(ruleId, rule, testDocument);
- expect(results).toHaveLength(0);
- });
-
  it('Response header string schema has no keywords', async () => {
  const testDocument = makeCopy(rootDocument);
  testDocument.paths['/v1/movies/{movie_id}'].get.responses.headers = {
@@ -615,5 +594,41 @@ describe(`Spectral rule: ${ruleId}`, () => {
  );
  expect(validation.severity).toBe(expectedSeverity);
  });
+
+ it('Response body string schema has no keywords', async () => {
+ const testDocument = makeCopy(rootDocument);
+ testDocument.paths['/v1/movies/{movie_id}'].get.responses['200'] = {
+ content: {
+ 'application/json': {
+ schema: {
+ properties: {
+ name: {
+ type: 'string',
+ description: 'no validation',
+ },
+ },
+ },
+ },
+ },
+ };
+
+ const results = await testRule(ruleId, rule, testDocument);
+ expect(results).toHaveLength(3);
+
+ const expectedPath =
+ 'paths./v1/movies/{movie_id}.get.responses.200.content.application/json.schema.properties.name';
+ const expectedMessages = [
+ `String schemas should define property 'pattern'`,
+ `String schemas should define property 'minLength'`,
+ `String schemas should define property 'maxLength'`,
+ ];
+
+ for (let i = 0; i < results.length; i++) {
+ expect(results[i].code).toBe(ruleId);
+ expect(results[i].message).toBe(expectedMessages[i]);
+ expect(results[i].severity).toBe(expectedSeverity);
+ expect(results[i].path.join('.')).toBe(expectedPath);
+ }
+ });
  });
 });
diff --git a/packages/ruleset/test/utils/root-document.js b/packages/ruleset/test/utils/root-document.js
@@ -248,6 +248,7 @@ module.exports = {
  type: 'string',
  minLength: 0,
  maxLength: 512,
+ pattern: '^[a-zA-Z0-9 ]+$',
  },
  },
  },
@@ -1039,7 +1040,9 @@ module.exports = {
  trace: {
  description: 'The error trace information.',
  type: 'string',
- format: 'uuid',
+ format: 'identifier',
+ pattern: '^[a-zA-Z0-9 ]+$',
+ maxLength: 30,
  },
  },
  },
@@ -1055,10 +1058,16 @@ module.exports = {
  message: {
  description: 'The error message.',
  type: 'string',
+ pattern: '^[a-zA-Z0-9 ]+$',
+ minLength: 1,
+ maxLength: 128,
  },
  more_info: {
  description: 'Additional info about the error.',
  type: 'string',
+ pattern: '^[a-zA-Z0-9 ]+$',
+ minLength: 1,
+ maxLength: 128,
  },
  target: {
  $ref: '#/components/schemas/ErrorTarget',
@@ -1078,6 +1087,9 @@ module.exports = {
  description:
  'The name of the field/header/query parameter associated with the error.',
  type: 'string',
+ pattern: '^[a-zA-Z0-9 ]+$',
+ minLength: 1,
+ maxLength: 30,
  },
  },
  },

diff --git a/packages/validator/test/cli-validator/mock-files/oas3/clean-with-tabs.yml b/packages/validator/test/cli-validator/mock-files/oas3/clean-with-tabs.yml
@@ -48,6 +48,9 @@ paths:
  schema:
  type: string
  description: A link to the next page of responses
+ pattern: '^[a-zA-Z0-9]+$'
+ minLength: 1
+ maxLength: 128
  content:
  application/json:
  schema:
@@ -159,6 +162,9 @@ components:
  next_token:
  type: string
  description: next token
+ pattern: '^[a-zA-Z0-9_]+$'
+ minLength: 1
+ maxLength: 128
  first:
  allOf:
  - $ref: '#/components/schemas/PageLink'
@@ -190,6 +196,9 @@ components:
  href:
  description: Request URL string
  type: string
+ pattern: '^[a-zA-Z0-9]+$'
+ minLength: 1
+ maxLength: 128
  Error:
  type: object
  description:

diff --git a/packages/validator/test/cli-validator/mock-files/oas3/clean.yml b/packages/validator/test/cli-validator/mock-files/oas3/clean.yml
@@ -48,6 +48,9 @@ paths:
  schema:
  type: string
  description: A link to the next page of responses
+ pattern: '^[a-zA-Z0-9]+$'
+ minLength: 1
+ maxLength: 128
  content:
  application/json:
  schema:
@@ -159,6 +162,9 @@ components:
  next_token:
  type: string
  description: next token
+ pattern: '^[a-zA-Z0-9_]+$'
+ minLength: 1
+ maxLength: 128
  first:
  allOf:
  - $ref: '#/components/schemas/PageLink'
@@ -190,6 +196,9 @@ components:
  href:
  description: Request URL string
  type: string
+ pattern: '^[a-zA-Z0-9]+$'
+ minLength: 1
+ maxLength: 128
  Error:
  type: object
  description:

diff --git a/packages/validator/test/cli-validator/mock-files/oas31/clean.yml b/packages/validator/test/cli-validator/mock-files/oas31/clean.yml
@@ -48,6 +48,9 @@ paths:
  schema:
  type: string
  description: A link to the next page of responses
+ pattern: '^[a-zA-Z0-9]+$'
+ minLength: 1
+ maxLength: 128
  content:
  application/json:
  schema:
@@ -159,6 +162,9 @@ components:
  next_token:
  type: string
  description: next token
+ pattern: '^[a-zA-Z0-9_]+$'
+ minLength: 1
+ maxLength: 128
  first:
  allOf:
  - $ref: '#/components/schemas/PageLink'
@@ -190,6 +196,9 @@ components:
  href:
  description: Request URL string
  type: string
+ pattern: '^[a-zA-Z0-9]+$'
+ minLength: 1
+ maxLength: 128
  Error:
  type: object
  description: