rulesets

package
v0.3.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 23, 2023 License: MIT Imports: 12 Imported by: 3

Documentation

Index

Constants

View Source
const (
	Style                                = "style"
	Validation                           = "validation"
	NoVerbsInPath                        = "no-http-verbs-in-path"
	PathsKebabCase                       = "paths-kebab-case"
	NoAmbiguousPathsRule                 = "no-ambiguous-paths"
	OperationErrorResponse               = "operation-4xx-response"
	OperationSuccessResponse             = "operation-success-response"
	OperationOperationIdUnique           = "operation-operationId-unique"
	OperationOperationId                 = "operation-operationId"
	OperationParameters                  = "operation-parameters"
	OperationSingularTag                 = "operation-singular-tag"
	OperationTagDefined                  = "operation-tag-defined"
	PathParamsRule                       = "path-params"
	ContactProperties                    = "contact-properties"
	InfoContact                          = "info-contact"
	InfoDescription                      = "info-description"
	InfoLicense                          = "info-license"
	LicenseUrl                           = "license-url"
	OpenAPITagsAlphabetical              = "openapi-tags-alphabetical"
	OpenAPITags                          = "openapi-tags"
	OperationTags                        = "operation-tags"
	OperationDescription                 = "operation-description"
	ComponentDescription                 = "component-description"
	OperationOperationIdValidInUrl       = "operation-operationId-valid-in-url"
	PathDeclarationsMustExist            = "path-declarations-must-exist"
	PathKeysNoTrailingSlash              = "path-keys-no-trailing-slash"
	PathNotIncludeQuery                  = "path-not-include-query"
	TagDescription                       = "tag-description"
	NoRefSiblings                        = "no-$ref-siblings"
	Oas3UnusedComponent                  = "oas3-unused-component"
	Oas2UnusedDefinition                 = "oas2-unused-definition"
	Oas2APIHost                          = "oas2-api-host"
	Oas2APISchemes                       = "oas2-api-schemes"
	Oas2Discriminator                    = "oas2-discriminator"
	Oas2HostNotExample                   = "oas2-host-not-example"
	Oas3HostNotExample                   = "oas3-host-not-example.com"
	Oas2HostTrailingSlash                = "oas2-host-trailing-slash"
	Oas3HostTrailingSlash                = "oas3-host-trailing-slash"
	Oas2ParameterDescription             = "oas2-parameter-description"
	Oas3ParameterDescription             = "oas3-parameter-description"
	Oas3OperationSecurityDefined         = "oas3-operation-security-defined"
	Oas2OperationSecurityDefined         = "oas2-operation-security-defined"
	Oas3ValidSchemaExample               = "oas3-valid-schema-example"
	Oas2ValidSchemaExample               = "oas2-valid-schema-example"
	TypedEnum                            = "typed-enum"
	DuplicatedEntryInEnum                = "duplicated-entry-in-enum"
	NoEvalInMarkdown                     = "no-eval-in-markdown"
	NoScriptTagsInMarkdown               = "no-script-tags-in-markdown"
	DescriptionDuplication               = "description-duplication"
	Oas3APIServers                       = "oas3-api-servers"
	Oas2OperationFormDataConsumeCheck    = "oas2-operation-formData-consume-check"
	Oas2AnyOf                            = "oas2-anyOf"
	Oas2OneOf                            = "oas2-oneOf"
	Oas2Schema                           = "oas2-schema"
	Oas3Schema                           = "oas3-schema"
	OwaspNoNumericIDs                    = "owasp-no-numeric-ids"
	OwaspNoHttpBasic                     = "owasp-no-http-basic"
	OwaspNoAPIKeysInURL                  = "owasp-no-api-keys-in-url"
	OwaspNoCredentialsInURL              = "owasp-no-credentials-in-url"
	OwaspAuthInsecureSchemes             = "owasp-auth-insecure-schemes"
	OwaspJWTBestPractices                = "owasp-jwt-best-practices"
	OwaspProtectionGlobalUnsafe          = "owasp-protection-global-unsafe"
	OwaspProtectionGlobalUnsafeStrict    = "owasp-protection-global-unsafe-strict"
	OwaspProtectionGlobalSafe            = "owasp-protection-global-safe"
	OwaspDefineErrorValidation           = "owasp-define-error-validation"
	OwaspDefineErrorResponses401         = "owasp-define-error-responses-401"
	OwaspDefineErrorResponses500         = "owasp-define-error-responses-500"
	OwaspRateLimit                       = "owasp-rate-limit"
	OwaspRateLimitRetryAfter             = "owasp-rate-limit-retry-after"
	OwaspDefineErrorResponses429         = "owasp-define-error-responses-429"
	OwaspArrayLimit                      = "owasp-array-limit"
	OwaspStringLimit                     = "owasp-string-limit"
	OwaspStringRestricted                = "owasp-string-restricted"
	OwaspIntegerLimit                    = "owasp-integer-limit"
	OwaspIntegerLimitLegacy              = "owasp-integer-limit-legacy"
	OwaspIntegerFormat                   = "owasp-integer-format"
	OwaspNoAdditionalProperties          = "owasp-no-additionalProperties"
	OwaspConstrainedAdditionalProperties = "owasp-constrained-additionalProperties"
	OwaspSecurityHostsHttpsOAS2          = "owasp-security-hosts-https-oas2"
	OwaspSecurityHostsHttpsOAS3          = "owasp-security-hosts-https-oas3"
	SpectralOpenAPI                      = "spectral:oas"
	SpectralOwasp                        = "spectral:owasp"
	VacuumOwasp                          = "vacuum:owasp"
	SpectralRecommended                  = "recommended"
	SpectralAll                          = "all"
	SpectralOff                          = "off"
)

Variables

This section is empty.

Functions

func GetAPIServersRule

func GetAPIServersRule() *model.Rule

GetAPIServersRule checks to make sure there is a valid 'servers' definition in the document.

func GetAllBuiltInRules added in v0.1.0

func GetAllBuiltInRules() map[string]*model.Rule

GetAllBuiltInRules returns a map of all the built-in rules available, ready to be used in a RuleSet.

func GetAllOWASPRules added in v0.2.0

func GetAllOWASPRules() map[string]*model.Rule

GetAllOWASPRules returns a map of all the OWASP rules available, ready to be used in a RuleSet.

func GetComponentDescriptionsRule

func GetComponentDescriptionsRule() *model.Rule

GetComponentDescriptionsRule will check all components for description problems.

func GetContactPropertiesRule

func GetContactPropertiesRule() *model.Rule

GetContactPropertiesRule will return a rule configured to look at contact properties of a spec. it uses the in-built 'truthy' function

func GetDescriptionDuplicationRule

func GetDescriptionDuplicationRule() *model.Rule

GetDescriptionDuplicationRule will check if any descriptions have been copy/pasted or duplicated. all descriptions should be unique, otherwise what is the point?

func GetDuplicatedEntryInEnumRule

func GetDuplicatedEntryInEnumRule() *model.Rule

GetDuplicatedEntryInEnumRule will check that enums used are not duplicates

func GetGlobalOperationTagsRule

func GetGlobalOperationTagsRule() *model.Rule

GetGlobalOperationTagsRule will check that an operation tag exists in top level tags This rule was dropped to a warning from an error after discussion here:

func GetInfoContactRule

func GetInfoContactRule() *model.Rule

GetInfoContactRule Will return a rule that uses the truthy function to check if the info object contains a contact object

func GetInfoDescriptionRule

func GetInfoDescriptionRule() *model.Rule

GetInfoDescriptionRule Will return a rule that uses the truthy function to check if the info object contains a description

func GetInfoLicenseRule

func GetInfoLicenseRule() *model.Rule

GetInfoLicenseRule will return a rule that uses the truthy function to check if the info object contains a license

func GetInfoLicenseUrlRule

func GetInfoLicenseUrlRule() *model.Rule

GetInfoLicenseUrlRule will return a rule that uses the truthy function to check if the info object contains a license with an url that is set.

func GetNoEvalInMarkdownRule

func GetNoEvalInMarkdownRule() *model.Rule

GetNoEvalInMarkdownRule will return a rule that uses the pattern function to check if there is no eval statements markdown used in descriptions

func GetNoRefSiblingsRule

func GetNoRefSiblingsRule() *model.Rule

GetNoRefSiblingsRule will check that there are no sibling nodes next to a $ref (which is technically invalid)

func GetNoScriptTagsInMarkdownRule

func GetNoScriptTagsInMarkdownRule() *model.Rule

GetNoScriptTagsInMarkdownRule will return a rule that uses the pattern function to check if there is no script tags used in descriptions and the title.

func GetNoVerbsInPathRule added in v0.0.13

func GetNoVerbsInPathRule() *model.Rule

GetNoVerbsInPathRule will check all paths to make sure not HTTP verbs have been used as a segment.

func GetOAS2APIHostRule

func GetOAS2APIHostRule() *model.Rule

GetOAS2APIHostRule will check swagger specs for the host property being set.

func GetOAS2APISchemesRule

func GetOAS2APISchemesRule() *model.Rule

GetOAS2APISchemesRule uses the schema function to check if swagger has schemes and that it's an array with at least one item.

func GetOAS2DiscriminatorRule

func GetOAS2DiscriminatorRule() *model.Rule

GetOAS2DiscriminatorRule will check swagger schemas to ensure they are using discriminations correctly.

func GetOAS2ExamplesRule

func GetOAS2ExamplesRule() *model.Rule

GetOAS2ExamplesRule will check the entire spec for correct example use.

func GetOAS2FormDataConsumesRule

func GetOAS2FormDataConsumesRule() *model.Rule

GetOAS2FormDataConsumesRule will check that an "application/x-www-form-urlencoded" or "multipart/form-data" is defined in the 'consumes' node for in any parameters that use in formData.

func GetOAS2HostNotExampleRule

func GetOAS2HostNotExampleRule() *model.Rule

GetOAS2HostNotExampleRule checks to make sure that example.com is not being used as a host. TODO: how common is this? should we keep it? change it?

func GetOAS2HostTrailingSlashRule

func GetOAS2HostTrailingSlashRule() *model.Rule

GetOAS2HostTrailingSlashRule checks to make sure there is no trailing slash on the host

func GetOAS2ParameterDescriptionRule

func GetOAS2ParameterDescriptionRule() *model.Rule

GetOAS2ParameterDescriptionRule will check specs to make sure parameters have a description.

func GetOAS2PolymorphicAnyOfRule

func GetOAS2PolymorphicAnyOfRule() *model.Rule

GetOAS2PolymorphicAnyOfRule will check that 'anyOf' has not been used in a swagger spec (introduced in 3.0)

func GetOAS2PolymorphicOneOfRule

func GetOAS2PolymorphicOneOfRule() *model.Rule

GetOAS2PolymorphicOneOfRule will check that 'oneOf' has not been used in a swagger spec (introduced in 3.0)

func GetOAS2SchemaRule

func GetOAS2SchemaRule() *model.Rule

GetOAS2SchemaRule will check that the schema is valid for swagger docs.

func GetOAS2SecurityDefinedRule

func GetOAS2SecurityDefinedRule() *model.Rule

GetOAS2SecurityDefinedRule will check that security definitions exist and validate for OpenAPI 2

func GetOAS2UnusedComponentRule

func GetOAS2UnusedComponentRule() *model.Rule

GetOAS2UnusedComponentRule will check that there aren't any components anywhere that haven't been used.

func GetOAS3ExamplesRule

func GetOAS3ExamplesRule() *model.Rule

GetOAS3ExamplesRule will check the entire spec for correct example use.

func GetOAS3HostNotExampleRule

func GetOAS3HostNotExampleRule() *model.Rule

GetOAS3HostNotExampleRule checks to make sure that example.com is not being used as a host. TODO: how common is this? should we keep it? change it?

func GetOAS3HostTrailingSlashRule added in v0.0.5

func GetOAS3HostTrailingSlashRule() *model.Rule

GetOAS3HostTrailingSlashRule checks to make sure there is no trailing slash on the host

func GetOAS3ParameterDescriptionRule

func GetOAS3ParameterDescriptionRule() *model.Rule

GetOAS3ParameterDescriptionRule will check specs to make sure parameters have a description.

func GetOAS3SchemaRule

func GetOAS3SchemaRule() *model.Rule

GetOAS3SchemaRule will check that the schema is valid for openapi 3+ docs.

func GetOAS3SecurityDefinedRule

func GetOAS3SecurityDefinedRule() *model.Rule

GetOAS3SecurityDefinedRule will check that security definitions exist and validate for OpenAPI 3

func GetOAS3UnusedComponentRule

func GetOAS3UnusedComponentRule() *model.Rule

GetOAS3UnusedComponentRule will check that there aren't any components anywhere that haven't been used.

func GetOWASPArrayLimitRule added in v0.2.0

func GetOWASPArrayLimitRule() *model.Rule

It will return duplicate errors for each branch of any if/else/then logic

func GetOWASPAuthInsecureSchemesRule added in v0.2.0

func GetOWASPAuthInsecureSchemesRule() *model.Rule

func GetOWASPConstrainedAdditionalPropertiesRule added in v0.2.0

func GetOWASPConstrainedAdditionalPropertiesRule() *model.Rule

func GetOWASPDefineErrorResponses401Rule added in v0.2.0

func GetOWASPDefineErrorResponses401Rule() *model.Rule

func GetOWASPDefineErrorResponses429Rule added in v0.2.0

func GetOWASPDefineErrorResponses429Rule() *model.Rule

func GetOWASPDefineErrorResponses500Rule added in v0.2.0

func GetOWASPDefineErrorResponses500Rule() *model.Rule

func GetOWASPDefineErrorValidationRule added in v0.2.0

func GetOWASPDefineErrorValidationRule() *model.Rule

func GetOWASPIntegerFormatRule added in v0.2.0

func GetOWASPIntegerFormatRule() *model.Rule

It will return duplicate errors for each branch of any if/else/then logic

func GetOWASPIntegerLimitLegacyRule added in v0.2.0

func GetOWASPIntegerLimitLegacyRule() *model.Rule

It will return duplicate errors for each branch of any if/else/then logic

func GetOWASPIntegerLimitRule added in v0.2.0

func GetOWASPIntegerLimitRule() *model.Rule

It will return duplicate errors for each branch of any if/else/then logic

func GetOWASPJWTBestPracticesRule added in v0.2.0

func GetOWASPJWTBestPracticesRule() *model.Rule

func GetOWASPNoAPIKeysInURLRule added in v0.2.0

func GetOWASPNoAPIKeysInURLRule() *model.Rule

func GetOWASPNoAdditionalPropertiesRule added in v0.2.0

func GetOWASPNoAdditionalPropertiesRule() *model.Rule

func GetOWASPNoCredentialsInURLRule added in v0.2.0

func GetOWASPNoCredentialsInURLRule() *model.Rule

func GetOWASPNoHttpBasicRule added in v0.2.0

func GetOWASPNoHttpBasicRule() *model.Rule

func GetOWASPNoNumericIDsRule added in v0.2.0

func GetOWASPNoNumericIDsRule() *model.Rule

func GetOWASPRateLimitRetryAfterRule added in v0.2.0

func GetOWASPRateLimitRetryAfterRule() *model.Rule

func GetOWASPRateLimitRule added in v0.2.0

func GetOWASPRateLimitRule() *model.Rule

func GetOWASPSecurityHostsHttpsOAS2Rule added in v0.2.0

func GetOWASPSecurityHostsHttpsOAS2Rule() *model.Rule

func GetOWASPSecurityHostsHttpsOAS3Rule added in v0.2.0

func GetOWASPSecurityHostsHttpsOAS3Rule() *model.Rule

func GetOWASPStringLimitRule added in v0.2.0

func GetOWASPStringLimitRule() *model.Rule

It will return duplicate errors for each branch of any if/else/then logic

func GetOWASPStringRestrictedRule added in v0.2.0

func GetOWASPStringRestrictedRule() *model.Rule

It will return duplicate errors for each branch of any if/else/then logic

func GetOpenApiTagsAlphabeticalRule

func GetOpenApiTagsAlphabeticalRule() *model.Rule

GetOpenApiTagsAlphabeticalRule will return a rule that uses the alphabetical function to check if tags are in alphabetical order

func GetOpenApiTagsRule

func GetOpenApiTagsRule() *model.Rule

GetOpenApiTagsRule uses the schema function to check if there tags exist and that it's an array with at least one item.

func GetOperationDescriptionRule

func GetOperationDescriptionRule() *model.Rule

GetOperationDescriptionRule will return a rule that uses the truthy function to check if an operation has defined a description or not, or does not meet the required length

func GetOperationErrorResponseRule added in v0.0.13

func GetOperationErrorResponseRule() *model.Rule

GetOperationErrorResponseRule will return the rule for checking for a 4xx response defined in operations.

func GetOperationIdRule

func GetOperationIdRule() *model.Rule

GetOperationIdRule will check to make sure that operationIds exist on all operations

func GetOperationIdUniqueRule

func GetOperationIdUniqueRule() *model.Rule

GetOperationIdUniqueRule will check to make sure that operationIds are all unique and non-repeating

func GetOperationIdValidInUrlRule

func GetOperationIdValidInUrlRule() *model.Rule

GetOperationIdValidInUrlRule will check id an operationId will be valid when used in an url.

func GetOperationParametersRule

func GetOperationParametersRule() *model.Rule

GetOperationParametersRule will check that an operation has valid parameters defined

func GetOperationSingleTagRule

func GetOperationSingleTagRule() *model.Rule

GetOperationSingleTagRule will check to see if an operation has more than a single tag

func GetOperationSuccessResponseRule

func GetOperationSuccessResponseRule() *model.Rule

GetOperationSuccessResponseRule will check that every operation has a success response defined.

func GetOperationTagsRule

func GetOperationTagsRule() *model.Rule

GetOperationTagsRule uses the schema function to check if there tags exist and that it's an array with at least one item.

func GetPathDeclarationsMustExistRule

func GetPathDeclarationsMustExistRule() *model.Rule

GetPathDeclarationsMustExistRule will check to make sure there are no empty path variables

func GetPathNoTrailingSlashRule

func GetPathNoTrailingSlashRule() *model.Rule

GetPathNoTrailingSlashRule will make sure that paths don't have trailing slashes

func GetPathNotIncludeQueryRule

func GetPathNotIncludeQueryRule() *model.Rule

GetPathNotIncludeQueryRule checks to ensure paths are not including any query parameters.

func GetPathParamsRule

func GetPathParamsRule() *model.Rule

GetPathParamsRule checks if path params are valid and defined.

func GetPathsKebabCaseRule added in v0.0.13

func GetPathsKebabCaseRule() *model.Rule

GetPathsKebabCaseRule will check that each path segment is kebab-case

func GetRecommendedOWASPRules added in v0.2.0

func GetRecommendedOWASPRules() map[string]*model.Rule

GetRecommendedOWASPRules returns a map of all the OWASP rules available, ready to be used in a RuleSet.

func GetTagDescriptionRequiredRule

func GetTagDescriptionRequiredRule() *model.Rule

GetTagDescriptionRequiredRule checks to ensure tags defined have been given a description

func GetTypedEnumRule

func GetTypedEnumRule() *model.Rule

GetTypedEnumRule checks to ensure enums are of the specified type

func NoAmbiguousPaths added in v0.0.12

func NoAmbiguousPaths() *model.Rule

NoAmbiguousPaths will check for paths that are ambiguous with one another

Types

type RuleSet

type RuleSet struct {
	Description      string                 `json:"description,omitempty" yaml:"description,omitempty"`
	DocumentationURI string                 `json:"documentationUrl,omitempty" yaml:"documentationUrl,omitempty"`
	Formats          []string               `json:"formats,omitempty" yaml:"formats,omitempty"`
	RuleDefinitions  map[string]interface{} `json:"rules" yaml:"rules"` // this can be either a string, or an entire rule (super annoying, stoplight).
	Rules            map[string]*model.Rule `json:"-" yaml:"-"`
	Extends          interface{}            `json:"extends,omitempty" yaml:"extends,omitempty"` // can be string or tuple (again... why stoplight?)
	// contains filtered or unexported fields
}

RuleSet represents a collection of Rule definitions.

func CreateRuleSetFromData

func CreateRuleSetFromData(data []byte) (*RuleSet, error)

CreateRuleSetFromData will create a new RuleSet instance from either a JSON or YAML input

func CreateRuleSetFromRuleMap added in v0.1.0

func CreateRuleSetFromRuleMap(rules map[string]*model.Rule) *RuleSet

CreateRuleSetFromRuleMap creates a RuleSet from a map of rules. Built-in rules can can be exposed by using the GetAllBuiltInRules() function.

func CreateRuleSetUsingJSON

func CreateRuleSetUsingJSON(jsonData []byte) (*RuleSet, error)

CreateRuleSetUsingJSON will create a new RuleSet instance from a JSON byte array

func GenerateDefaultOpenAPIRuleSet added in v0.1.0

func GenerateDefaultOpenAPIRuleSet() *RuleSet

GenerateDefaultOpenAPIRuleSet generates a default ruleset for OpenAPI. All the built-in rules, ready to go.

func (*RuleSet) GetExtendsValue

func (rs *RuleSet) GetExtendsValue() map[string]string

GetExtendsValue returns an array of maps defining which ruleset this one extends. The value can be a single string or an array of tuples, so this normalizes things into a standard structure.

type RuleSets

type RuleSets interface {

	// GenerateOpenAPIDefaultRuleSet generates a ready to run pointer to a model.RuleSet containing all
	// OpenAPI rules supported by vacuum. Passing all these rules would be considered a very good quality specification.
	GenerateOpenAPIDefaultRuleSet() *RuleSet

	// GenerateOpenAPIRecommendedRuleSet generates a ready to run pointer to a model.RuleSet that contains only
	// recommended rules (not all rules). Passing all these rules would result in a quality specification
	GenerateOpenAPIRecommendedRuleSet() *RuleSet

	// GenerateRuleSetFromSuppliedRuleSet will generate a ready to run ruleset based on a supplied configuration. This
	// will look for any extensions and apply all rules turned on, turned off and any custom rules.
	GenerateRuleSetFromSuppliedRuleSet(config *RuleSet) *RuleSet
}

RuleSets is used to generate default RuleSets built into vacuum

func BuildDefaultRuleSets

func BuildDefaultRuleSets() RuleSets

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL