openapi-enforcer - npm Package Compare versions

Comparing version 1.22.2 to 1.22.3

CHANGELOG.md

@@ -7,2 +7,10 @@ # Change Log
 
+## 1.22.3
+
+### Security
+
+- **Update Dependencies**
+
+  Updated some dependencies to address security vulnerabilities.
+
 ## 1.22.2
@@ -9,0 +17,0 @@

package.json

 {
   "name": "openapi-enforcer",
-  "version": "1.22.2",
+  "version": "1.22.3",
   "description": "Library for validating, parsing, and formatting data against open api schemas.",
@@ -5,0 +5,0 @@ "main": "index.js",

test/issues.test.js

@@ -356,2 +356,118 @@ const expect = require('chai').expect;
 
+    describe.skip('issue-156 validate non-primitives in request query string', () => {
+        let def
+        let param
+        beforeEach(async () => {
+            param = {
+                name: 'arrayenums',
+                in: 'query',
+                schema: {
+                    type: 'array',
+                    items: {
+                        type: 'string',
+                        enum: ['Foo', 'Bar', 'Baz']
+                    }
+                }
+            }
+            def = {
+                openapi: '3.0.0',
+                info: { title: '', version: 'v1' },
+                paths: {
+                    '/foo': {
+                        get: {
+                            parameters: [param],
+                            responses: {
+                                200: { description: 'ok' }
+                            }
+                        }
+                    }
+                }
+            }
+
+        })
+
+        it('will allow query string in path using exploded form style', async () => {
+            Object.assign(param, { explode: true, style: 'form' })
+            const [openapi] = await Enforcer(def, { hideWarnings: true, fullResult: true })
+            const [ req, error ] = openapi.request({
+                method: 'GET',
+                path: '/foo?arrayenums=Foo&arrayenums=Bar'
+            })
+            expect(req.query.arrayenums).to.deep.equal(['Foo', 'Bar'])
+        })
+
+        it('will allow query string in path using form style', async () => {
+            Object.assign(param, { explode: false, style: 'form' })
+            const [openapi] = await Enforcer(def, { hideWarnings: true, fullResult: true })
+            const [ req, error ] = openapi.request({
+                method: 'GET',
+                path: '/foo?arrayenums=Foo,Bar'
+            })
+            expect(req.query.arrayenums).to.deep.equal(['Foo', 'Bar'])
+        })
+
+        it('will allow query string in path using exploded space delimited style', async () => {
+            Object.assign(param, { explode: true, style: 'spaceDelimited' })
+            const [openapi] = await Enforcer(def, { hideWarnings: true, fullResult: true })
+            const [ req, error ] = openapi.request({
+                method: 'GET',
+                path: '/foo?arrayenums=Foo&arrayenums=Bar'
+            })
+            expect(req.query.arrayenums).to.deep.equal(['Foo', 'Bar'])
+        })
+
+        it('will allow query string in path using space delimited style', async () => {
+            Object.assign(param, { explode: false, style: 'spaceDelimited' })
+            const [openapi] = await Enforcer(def, { hideWarnings: true, fullResult: true })
+            const [ req, error ] = openapi.request({
+                method: 'GET',
+                path: '/foo?arrayenums=Foo%20Bar'
+            })
+            expect(req.query.arrayenums).to.deep.equal(['Foo', 'Bar'])
+        })
+
+        it('will allow query string in path using exploded pipe delimited style', async () => {
+            Object.assign(param, { explode: true, style: 'pipeDelimited' })
+            const [openapi] = await Enforcer(def, { hideWarnings: true, fullResult: true })
+            const [ req, error ] = openapi.request({
+                method: 'GET',
+                path: '/foo?arrayenums=Foo&arrayenums=Bar'
+            })
+            expect(req.query.arrayenums).to.deep.equal(['Foo', 'Bar'])
+        })
+
+        it('will allow query string in path using pipe delimited style', async () => {
+            Object.assign(param, { explode: false, style: 'pipeDelimited' })
+            const [openapi] = await Enforcer(def, { hideWarnings: true, fullResult: true })
+            const [ req, error ] = openapi.request({
+                method: 'GET',
+                path: '/foo?arrayenums=Foo|Bar'
+            })
+            expect(req.query.arrayenums).to.deep.equal(['Foo', 'Bar'])
+        })
+
+        it('will allow an array of strings in query map', async () => {
+            const [openapi] = await Enforcer(def, { hideWarnings: true, fullResult: true })
+            const [ req, error ] = openapi.request({
+                method: 'GET',
+                path: '/foo',
+                query: {
+                    arrayenums: ['Foo', 'Bar']
+                }
+            })
+            expect(error).to.equal(undefined)
+        })
+
+        it('will allow a string of style form', async () => {
+            const [ req, error ] = openapi.request({
+                method: 'GET',
+                path: '/foo',
+                query: {
+                    arrayenums: ['Foo', 'Bar']
+                }
+            })
+            expect(error).to.equal(undefined)
+        })
+    })
+
 });

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1061337

0.46%

Lines of code

20837

0.51%

No dependency changes