libopenapi-validator icon indicating copy to clipboard operation
libopenapi-validator copied to clipboard
verified publisher icon pb33f

When validating cookie parameters, the presence of required cookies is not checked

Open svkirillov opened this issue 4 months ago • 0 comments

When validating cookie parameters, no error is raised if the required cookie is missing from the request. This means that when validating a request that lacks the required cookie but otherwise is valid, the request is considered valid. The expected behavior is to return an error with details.

Versions in my go.mod

github.com/pb33f/libopenapi v0.28.0
github.com/pb33f/libopenapi-validator v0.6.4

Example

package main

import (
	"fmt"
	"net/http"

	"github.com/pb33f/libopenapi"
	"github.com/pb33f/libopenapi-validator/parameters"
)

func main() {
	spec := `openapi: 3.1.0
paths:
  /burgers/beef:
    get:
      parameters:
        - name: PattyPreference
          in: cookie
          required: true
          schema:
            type: number`

	doc, _ := libopenapi.NewDocument([]byte(spec))
	m, _ := doc.BuildV3Model()
	v := parameters.NewParameterValidator(&m.Model)

	request, _ := http.NewRequest(http.MethodGet, "https://things.com/burgers/beef", nil)
	//request.AddCookie(&http.Cookie{Name: "PattyPreference", Value: "1"})

	valid, errors := v.ValidateCookieParams(request)

	fmt.Println(valid) // valid == True, should be False
	fmt.Println(errors) // errors == [], should be not empty
}

svkirillov avatar Sep 27 '25 20:09 svkirillov