OpenAPI validation does not fail when incorrect types are passed in the Request Body #64
Comments
BalloonWen
added a commit
to BalloonWen/light-rest-4j
that referenced
this issue
Dec 11, 2018
-Implement light-rest-4j networknt#64 for Swagger ValidatorHandler
This was referenced Dec 11, 2018
Merged
stevehu
added a commit
to networknt/json-schema-validator
that referenced
this issue
Dec 12, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When an OpenAPI YAML file declares a field as an integral type in the request Body, the field could be declared for example as:
...
xyzID:
description: The Internal ID of XYZ that, within the app, uniquely identifies the specific XYZ record.
type: integer
format: int64
example: 911015108
...
The code would map to a Long value and expect that the openapi validation would catch it if somebody were to send in:
...
xyzID: "37983739"
...
Other formats could be used, such as int32, for example.
The code doesn't fail, as a change in the schema validator for handling path and query parameter treats both as idempotent, and the same validator is used:
networknt/json-schema-validator#101
APIs business logic or other cross-cutting concerns wired into the handler chain after openapi-validation would fail.
Recommended solution is to pass in the RequestValidator class in openapi-validator a parameter to the schemavalidator call, see line 112, to segregate between the handling of such values in path/query vs Body.
Request is to address it for all numeric types.
The text was updated successfully, but these errors were encountered: