openapi_parser icon indicating copy to clipboard operation
openapi_parser copied to clipboard
verified publisher icon ota42y

UUID string format validation too lax

Open plore opened this issue 2 years ago • 2 comments

Hi,

first of all, thanks for all your efforts on this project!

I noticed that string validation for the uuid format is a bit too lax and passes on obviously non-uuid strings:

Given the following OpenAPI file

#schema.yml
openapi: 3.0.3
paths:
  /foo:
    get:
      parameters:
        - name: id
          in: query
          schema:
            type: string
            format: uuid

I would expect the following code to fail

require 'openapi_parser'
require 'yaml'

root = OpenAPIParser.parse(YAML.load_file('schema.yml'))
request_operation = root.request_operation(:get, '/foo')

request_operation.validate_request_parameter({"id" => "204730df-d3f5-364b-9aeb-d1372aba0d35-foobar"}, {})
request_operation.validate_request_parameter({"id" => "foobar-204730df-d3f5-364b-9aeb-d1372aba0d35"}, {})

But it runs without error. I guess your regex matches as long as it finds a valid uuid substring.

Any chance of tightening this up? Would be willing to help if you think it a good idea.

plore avatar Mar 12 '23 08:03 plore

Yes, we should be fix this problem! This is bug because we check UUID format and this string pass checking :thinking: https://github.com/ota42y/openapi_parser/blob/master/lib/openapi_parser/schema_validator/string_validator.rb#L69

ota42y avatar Mar 12 '23 13:03 ota42y

@ota42y https://github.com/ota42y/openapi_parser/pull/149 should fix this problem. Is anything else blocking this or could we move forward?

plore avatar Jan 19 '24 14:01 plore