b/163138925 Integrate command line module with Extended Validator
Change-Id: Icc7fc46ed2f870886b420f1af1f623394368c5fd
diff --git a/oas-cli/build.gradle b/oas-cli/build.gradle
index f00b209..4624448 100644
--- a/oas-cli/build.gradle
+++ b/oas-cli/build.gradle
@@ -4,6 +4,7 @@
dependencies {
implementation 'com.beust:jcommander:1.78'
+ implementation project(':oas-core')
testImplementation project(':oas-test')
}
@@ -13,4 +14,9 @@
attributes('Main-Class': 'com.apigee.security.oas.CommandLineClient')
}
}
+
+javadoc {
+ title = "OpenApi3 Specification Security Client"
+}
+
mainClassName = "com.apigee.security.oas.CommandLineClient"
\ No newline at end of file
diff --git a/oas-cli/src/main/java/com/apigee/security/oas/CommandLineBaseRunner.java b/oas-cli/src/main/java/com/apigee/security/oas/CommandLineBaseRunner.java
index 168084e..b35dfe7 100644
--- a/oas-cli/src/main/java/com/apigee/security/oas/CommandLineBaseRunner.java
+++ b/oas-cli/src/main/java/com/apigee/security/oas/CommandLineBaseRunner.java
@@ -1,44 +1,69 @@
package com.apigee.security.oas;
+import com.apigee.security.oas.extendedvalidator.ExtendedValidator;
+import com.apigee.security.oas.extendedvalidator.ExtensionValidationMessage;
+import com.apigee.security.oas.parser.BaseParser;
+import com.apigee.security.oas.parser.ParserException;
import com.beust.jcommander.ParameterException;
+import com.google.common.collect.ImmutableSet;
import com.google.common.flogger.FluentLogger;
import com.google.inject.Provider;
import java.io.PrintWriter;
+import java.util.Optional;
import javax.inject.Inject;
+import org.openapi4j.parser.model.v3.OpenApi3;
-/** Class that handles the execution. */
final class CommandLineBaseRunner implements CommandLineRunner {
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
private final Provider<PrintWriter> printWriterProvider;
private final CommandLineParser commandLineParser;
+ private final BaseParser baseParser;
+ private final ExtendedValidator extendedValidator;
@Inject
CommandLineBaseRunner(
- Provider<PrintWriter> printWriterProvider, CommandLineParser commandLineParser) {
+ Provider<PrintWriter> printWriterProvider,
+ CommandLineParser commandLineParser,
+ BaseParser baseParser,
+ ExtendedValidator extendedValidator) {
this.printWriterProvider = printWriterProvider;
this.commandLineParser = commandLineParser;
+ this.baseParser = baseParser;
+ this.extendedValidator = extendedValidator;
}
- /**
- * Calls different methods for parsing & validity of arguments, OpenAPI Specification Document
- * (v3), and its security features.
- *
- * <p>Takes a {@code File} to a OpenAPI Specification (v3) document and outputs its Security
- * Validity.
- *
- * @param args Arguments that are passed through command line interface.
- */
@Override
public void run(String[] args) {
PrintWriter printWriter = printWriterProvider.get();
+
try {
commandLineParser.parseArguments(args);
- } catch (ParameterException e) {
+ OpenApi3 oas = baseParser.parse(commandLineParser.getOasFile());
+ ImmutableSet<ExtensionValidationMessage> errors = extendedValidator.validate(oas);
+ printWriter.printf("Found %d extension validation errors.\n\n", errors.size());
+ printValidationMessages(errors, printWriter);
+ } catch (ParserException | ParameterException e) {
logger.atSevere().withCause(e).log("Unable to parse arguments");
- printWriter.println(e.getLocalizedMessage());
+ printWriter.printf("Error : %s\n", e.getMessage());
+
+ Optional.ofNullable(e.getCause())
+ .ifPresent(cause -> printWriter.printf("Cause : %s\n", cause.getMessage()));
} finally {
printWriter.close();
}
}
+
+ private static void printValidationMessages(
+ ImmutableSet<ExtensionValidationMessage> errors, PrintWriter printWriter) {
+ Optional.ofNullable(errors)
+ .orElse(ImmutableSet.of())
+ .forEach(
+ validationMessage ->
+ printWriter.printf(
+ "Type: %s\nMessage: %s\nPath: %s\n\n",
+ validationMessage.type(),
+ validationMessage.message(),
+ validationMessage.path()));
+ }
}
diff --git a/oas-cli/src/main/java/com/apigee/security/oas/CommandLineModule.java b/oas-cli/src/main/java/com/apigee/security/oas/CommandLineModule.java
index 8ec27a0..0b2ca39 100644
--- a/oas-cli/src/main/java/com/apigee/security/oas/CommandLineModule.java
+++ b/oas-cli/src/main/java/com/apigee/security/oas/CommandLineModule.java
@@ -1,5 +1,7 @@
package com.apigee.security.oas;
+import com.apigee.security.oas.extendedvalidator.ExtendedValidatorMainModule;
+import com.apigee.security.oas.parser.BaseParserModule;
import com.google.inject.AbstractModule;
/** Top level module that imports other Guice modules relied upon. */
@@ -8,6 +10,8 @@
@Override
protected void configure() {
install(new CommandLineInnerModule());
+ install(new BaseParserModule());
+ install(new ExtendedValidatorMainModule());
binder().requireExplicitBindings();
}
}
diff --git a/oas-cli/src/main/java/com/apigee/security/oas/CommandLineRunner.java b/oas-cli/src/main/java/com/apigee/security/oas/CommandLineRunner.java
index c1452cf..d184f61 100644
--- a/oas-cli/src/main/java/com/apigee/security/oas/CommandLineRunner.java
+++ b/oas-cli/src/main/java/com/apigee/security/oas/CommandLineRunner.java
@@ -3,6 +3,14 @@
/** Performs end to end application logic. */
interface CommandLineRunner {
- /** Executes end to end application logic. */
+ /**
+ * Calls different methods for parsing & validity of arguments, OpenAPI Specification Document
+ * (v3), and its security features.
+ *
+ * <p>Takes a {@code File} to a OpenAPI Specification (v3) document and outputs its Security
+ * Validity.
+ *
+ * @param args Arguments that are passed through command line interface.
+ */
void run(String[] args);
}
diff --git a/oas-cli/src/main/java/com/apigee/security/oas/validators/FileValidator.java b/oas-cli/src/main/java/com/apigee/security/oas/validators/FileValidator.java
index 07edfde..8b9f1de 100644
--- a/oas-cli/src/main/java/com/apigee/security/oas/validators/FileValidator.java
+++ b/oas-cli/src/main/java/com/apigee/security/oas/validators/FileValidator.java
@@ -14,6 +14,8 @@
if (!file.exists()) {
throw new ParameterException(
"The file is either not valid or not accessible", new FileNotFoundException());
+ } else if (file.length() == 0) {
+ throw new ParameterException("The file contents are empty");
}
}
}
diff --git a/oas-cli/src/test/java/com/apigee/security/oas/CommandLineBaseRunnerIntegrationTest.java b/oas-cli/src/test/java/com/apigee/security/oas/CommandLineBaseRunnerIntegrationTest.java
new file mode 100644
index 0000000..7185266
--- /dev/null
+++ b/oas-cli/src/test/java/com/apigee/security/oas/CommandLineBaseRunnerIntegrationTest.java
@@ -0,0 +1,123 @@
+package com.apigee.security.oas;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import com.apigee.security.oas.providers.PrintWriterProvider;
+import com.google.common.io.Resources;
+import com.google.inject.Binder;
+import com.google.inject.Guice;
+import com.google.inject.Module;
+import com.google.inject.util.Modules;
+import java.io.PrintWriter;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Captor;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
+import org.mockito.quality.Strictness;
+
+@Category(SlowTests.class)
+public class CommandLineBaseRunnerIntegrationTest {
+
+ public final class TestModule implements Module {
+ @Override
+ public void configure(Binder binder) {
+ binder.bind(PrintWriterProvider.class).toInstance(printWriterProvider);
+ }
+ }
+
+ @Rule public MockitoRule rule = MockitoJUnit.rule().strictness(Strictness.STRICT_STUBS);
+ @Captor private ArgumentCaptor<String> stringCaptor;
+ @Captor private ArgumentCaptor<Integer> intCaptor;
+ @Mock private PrintWriterProvider printWriterProvider;
+ @Mock private PrintWriter printWriter;
+ private CommandLineRunner commandLineRunner;
+
+ private static String getResourcePath(String name) {
+ return Resources.getResource(name).getPath();
+ }
+
+ /** Overriding guice dependencies and setting up command line runner. */
+ @Before
+ public void setup() {
+ when(printWriterProvider.get()).thenReturn(printWriter);
+
+ commandLineRunner =
+ Guice.createInjector(Modules.override(new CommandLineModule()).with(new TestModule()))
+ .getInstance(CommandLineRunner.class);
+ }
+
+ @Test
+ public void run_wrongFileType_printsParserException() {
+ commandLineRunner.run(new String[] {"--file", getResourcePath("Test_Text_File.txt")});
+
+ verify(printWriter, times(2)).printf(any(String.class), stringCaptor.capture());
+
+ assertThat(stringCaptor.getAllValues().toString().toLowerCase()).contains("failed", "parse");
+ }
+
+ @Test
+ public void run_emptyFile_printsParameterException() {
+ commandLineRunner.run(new String[] {"--file", getResourcePath("Empty_Json_File.json")});
+
+ verify(printWriter).printf(any(String.class), stringCaptor.capture());
+
+ assertThat(stringCaptor.getValue().toLowerCase()).contains("file", "empty");
+ }
+
+ @Test
+ public void run_validOasFile_printsZeroErrors() {
+ commandLineRunner.run(new String[] {"--file", getResourcePath("Valid_OAS.json")});
+
+ verify(printWriter).printf(stringCaptor.capture(), intCaptor.capture());
+
+ assertThat(intCaptor.getValue()).isEqualTo(0);
+ assertThat(stringCaptor.getValue().toLowerCase()).contains("found", "errors");
+ }
+
+ @Test
+ public void run_validOasFile_validSecurityExtensionUsage_printsZeroErrors() {
+ commandLineRunner.run(
+ new String[] {"--file", getResourcePath("Valid_OAS_Valid_Extensions.json")});
+
+ verify(printWriter).printf(stringCaptor.capture(), intCaptor.capture());
+
+ assertThat(intCaptor.getValue()).isEqualTo(0);
+ assertThat(stringCaptor.getValue().toLowerCase()).contains("found", "errors");
+ }
+
+ @Test
+ public void run_invalidOasFile() {
+ commandLineRunner.run(new String[] {"--file", getResourcePath("Invalid_OAS.json")});
+
+ verify(printWriter, times(2)).printf(any(String.class), stringCaptor.capture());
+
+ assertThat(stringCaptor.getAllValues().toString().toLowerCase())
+ .contains("failed", "parse", "openapi3", "failure");
+ }
+
+ @Test
+ public void run_validOasFile_invalidSecurityExtensionSchema_printsErrors() {
+ commandLineRunner.run(
+ new String[] {"--file", getResourcePath("Valid_OAS_Invalid_Schema.json")});
+
+ verify(printWriter, times(4)).printf(any(String.class), stringCaptor.capture());
+ assertThat(stringCaptor.getAllValues()).contains("INVALID_SCHEMA");
+ }
+
+ @Test
+ public void run_validOasFile_invalidSecurityExtensionScope_printsErrors() {
+ commandLineRunner.run(new String[] {"--file", getResourcePath("Valid_OAS_Invalid_Scope.json")});
+
+ verify(printWriter, times(5)).printf(any(String.class), stringCaptor.capture());
+ assertThat(stringCaptor.getAllValues()).contains("INVALID_SCOPE");
+ }
+}
diff --git a/oas-cli/src/test/java/com/apigee/security/oas/CommandLineBaseRunnerTest.java b/oas-cli/src/test/java/com/apigee/security/oas/CommandLineBaseRunnerTest.java
index 2fc0284..5e686ea 100644
--- a/oas-cli/src/test/java/com/apigee/security/oas/CommandLineBaseRunnerTest.java
+++ b/oas-cli/src/test/java/com/apigee/security/oas/CommandLineBaseRunnerTest.java
@@ -7,8 +7,12 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import com.apigee.security.oas.extendedvalidator.ExtendedValidator;
+import com.apigee.security.oas.parser.BaseParser;
import com.beust.jcommander.ParameterException;
+import com.google.common.collect.ImmutableSet;
import com.google.inject.Provider;
+import java.io.File;
import java.io.PrintWriter;
import org.junit.Before;
import org.junit.Rule;
@@ -19,14 +23,20 @@
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnit;
import org.mockito.junit.MockitoRule;
+import org.mockito.quality.Strictness;
+import org.openapi4j.parser.model.v3.OpenApi3;
@RunWith(JUnit4.class)
public class CommandLineBaseRunnerTest {
- @Rule public MockitoRule rule = MockitoJUnit.rule();
+ @Rule public MockitoRule rule = MockitoJUnit.rule().strictness(Strictness.STRICT_STUBS);
@Mock private Provider<PrintWriter> printWriterProvider;
@Mock private CommandLineParser commandLineParser;
+ @Mock private BaseParser baseParser;
+ @Mock private ExtendedValidator extendedValidator;
@Mock private PrintWriter printWriter;
+ @Mock private OpenApi3 openApi3;
+ @Mock private File file;
@InjectMocks private CommandLineBaseRunner commandLineRunner;
@Before
@@ -36,12 +46,38 @@
@Test
public void run_callsParseArguments() {
+ when(commandLineParser.getOasFile()).thenReturn(file);
+ when(baseParser.parse(any(File.class))).thenReturn(openApi3);
+ when(extendedValidator.validate(openApi3)).thenReturn(ImmutableSet.of());
+
commandLineRunner.run(new String[] {""});
verify(commandLineParser, atLeastOnce()).parseArguments(any(String[].class));
}
@Test
+ public void run_callsBaseParsersParse() {
+ when(commandLineParser.getOasFile()).thenReturn(file);
+ when(baseParser.parse(file)).thenReturn(openApi3);
+ when(extendedValidator.validate(openApi3)).thenReturn(ImmutableSet.of());
+
+ commandLineRunner.run(new String[] {""});
+
+ verify(baseParser, atLeastOnce()).parse(file);
+ }
+
+ @Test
+ public void run_callsExtendedValidatorsValidate() {
+ when(commandLineParser.getOasFile()).thenReturn(file);
+ when(baseParser.parse(file)).thenReturn(openApi3);
+ when(extendedValidator.validate(openApi3)).thenReturn(ImmutableSet.of());
+
+ commandLineRunner.run(new String[] {""});
+
+ verify(extendedValidator, atLeastOnce()).validate(openApi3);
+ }
+
+ @Test
public void run_onException_printsExceptionMessageAndClosesPrintWriter() {
String exceptionMessage = "No Parameters received";
doThrow(new ParameterException(exceptionMessage))
@@ -50,7 +86,7 @@
commandLineRunner.run(new String[] {""});
- verify(printWriter, atLeastOnce()).println(contains(exceptionMessage));
+ verify(printWriter, atLeastOnce()).printf(any(String.class), contains(exceptionMessage));
verify(printWriter, atLeastOnce()).close();
}
}
diff --git a/oas-cli/src/test/java/com/apigee/security/oas/CommandLineModuleTest.java b/oas-cli/src/test/java/com/apigee/security/oas/CommandLineModuleTest.java
index d5cf534..33b74de 100644
--- a/oas-cli/src/test/java/com/apigee/security/oas/CommandLineModuleTest.java
+++ b/oas-cli/src/test/java/com/apigee/security/oas/CommandLineModuleTest.java
@@ -3,6 +3,8 @@
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.catchThrowable;
+import com.apigee.security.oas.extendedvalidator.ExtendedValidator;
+import com.apigee.security.oas.parser.BaseParser;
import com.google.inject.Guice;
import com.google.inject.Injector;
import java.io.PrintWriter;
@@ -38,4 +40,16 @@
assertThat(catchThrowable(() -> injector.getInstance(PrintWriter.class).close()))
.doesNotThrowAnyException();
}
+
+ @Test
+ public void createBaseParser_shouldNotThrowException() {
+ assertThat(catchThrowable(() -> injector.getInstance(BaseParser.class)))
+ .doesNotThrowAnyException();
+ }
+
+ @Test
+ public void createExtendedValidator_shouldNotThrowException() {
+ assertThat(catchThrowable(() -> injector.getInstance(ExtendedValidator.class)))
+ .doesNotThrowAnyException();
+ }
}
diff --git a/oas-cli/src/test/java/com/apigee/security/oas/FileValidatorTest.java b/oas-cli/src/test/java/com/apigee/security/oas/FileValidatorTest.java
index 2416039..674f296 100644
--- a/oas-cli/src/test/java/com/apigee/security/oas/FileValidatorTest.java
+++ b/oas-cli/src/test/java/com/apigee/security/oas/FileValidatorTest.java
@@ -7,7 +7,6 @@
import com.apigee.security.oas.validators.FileValidator;
import com.beust.jcommander.ParameterException;
import com.google.common.io.Resources;
-import java.net.URISyntaxException;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -15,14 +14,15 @@
@RunWith(JUnit4.class)
public class FileValidatorTest {
- private static final String VALID_FILE_NAME = "validOpenApi3DemoSpec.yaml";
- private String validFileUriParam;
private FileValidator fileValidator;
+ private static String getResourcePath(String name) {
+ return Resources.getResource(name).getPath();
+ }
+
@Before
- public void setup() throws URISyntaxException {
- validFileUriParam = Resources.getResource(VALID_FILE_NAME).toURI().getPath();
+ public void setup() {
fileValidator = new FileValidator();
}
@@ -34,8 +34,19 @@
}
@Test
+ public void validate_emptyFile_throwsParameterExceptionWithMessage() {
+ assertThatThrownBy(
+ () -> fileValidator.validate("file", getResourcePath("Empty_Json_File.json")))
+ .isInstanceOf(ParameterException.class)
+ .hasMessageContainingAll("file", "empty");
+ }
+
+ @Test
public void validate_existentFile_doesNotThrowException() {
- assertThat(catchThrowable(() -> fileValidator.validate("file", validFileUriParam)))
+ assertThat(
+ catchThrowable(
+ () ->
+ fileValidator.validate("file", getResourcePath("validOpenApi3DemoSpec.yaml"))))
.doesNotThrowAnyException();
}
}
diff --git a/oas-cli/src/test/resources/Empty_Json_File.json b/oas-cli/src/test/resources/Empty_Json_File.json
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/oas-cli/src/test/resources/Empty_Json_File.json
diff --git a/oas-cli/src/test/resources/Invalid_OAS.json b/oas-cli/src/test/resources/Invalid_OAS.json
new file mode 100644
index 0000000..577cd49
--- /dev/null
+++ b/oas-cli/src/test/resources/Invalid_OAS.json
@@ -0,0 +1,54 @@
+{
+ "openapi": "3.0.0",
+ "info": {
+ "title": "Simple API overview",
+ "version": "2.0.0"
+ },
+ "/": {
+ "paths": {
+ "summary": "List API versions",
+ "get": {
+ "operationId": "listVersionsv2",
+ "responses": {
+ "200": {
+ "description": "200 response",
+ "application/json": {
+ "content": {
+ "examples": {
+ "value": {
+ "foo": {
+ "versions": [
+ {
+ "status": "CURRENT",
+ "updated": "2011-01-21T11:33:21Z",
+ "id": "v2.0",
+ "links": [
+ {
+ "href": "http://127.0.0.1:8774/v2/",
+ "rel": "self"
+ }
+ ]
+ },
+ {
+ "status": "EXPERIMENTAL",
+ "updated": "2013-07-23T11:33:21Z",
+ "id": "v3.0",
+ "links": [
+ {
+ "href": "http://127.0.0.1:8774/v3/",
+ "rel": "self"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/oas-cli/src/test/resources/Test_Text_File.txt b/oas-cli/src/test/resources/Test_Text_File.txt
new file mode 100644
index 0000000..bdf08de
--- /dev/null
+++ b/oas-cli/src/test/resources/Test_Text_File.txt
@@ -0,0 +1 @@
+test file
\ No newline at end of file
diff --git a/oas-cli/src/test/resources/Valid_OAS.json b/oas-cli/src/test/resources/Valid_OAS.json
new file mode 100644
index 0000000..1d40e7e
--- /dev/null
+++ b/oas-cli/src/test/resources/Valid_OAS.json
@@ -0,0 +1,54 @@
+{
+ "openapi": "3.0.0",
+ "info": {
+ "title": "Simple API overview",
+ "version": "2.0.0"
+ },
+ "paths": {
+ "/": {
+ "get": {
+ "operationId": "listVersionsv2",
+ "summary": "List API versions",
+ "responses": {
+ "200": {
+ "description": "200 response",
+ "content": {
+ "application/json": {
+ "examples": {
+ "foo": {
+ "value": {
+ "versions": [
+ {
+ "status": "CURRENT",
+ "updated": "2011-01-21T11:33:21Z",
+ "id": "v2.0",
+ "links": [
+ {
+ "href": "http://127.0.0.1:8774/v2/",
+ "rel": "self"
+ }
+ ]
+ },
+ {
+ "status": "EXPERIMENTAL",
+ "updated": "2013-07-23T11:33:21Z",
+ "id": "v3.0",
+ "links": [
+ {
+ "href": "http://127.0.0.1:8774/v3/",
+ "rel": "self"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/oas-cli/src/test/resources/Valid_OAS_Invalid_Schema.json b/oas-cli/src/test/resources/Valid_OAS_Invalid_Schema.json
new file mode 100644
index 0000000..1b6aab3
--- /dev/null
+++ b/oas-cli/src/test/resources/Valid_OAS_Invalid_Schema.json
@@ -0,0 +1,81 @@
+{
+ "openapi": "3.0.0",
+ "info": {
+ "title": "Simple API overview",
+ "version": "2.0.0"
+ },
+ "x-security-type-definitions": {
+ "inherits-from": ["ns"]
+ },
+ "paths": {
+ "/user": {
+ "get": {
+ "x-security-allow": ["pii"],
+ "operationId": "listVersionsv2",
+ "summary": "List API versions",
+ "parameters": [
+ {
+ "x-security-type": ["ns", 1],
+ "name": "limit",
+ "in": "query",
+ "description": "How many items to return at one time (max 100)",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "format": "int32"
+ }
+ },
+ {
+ "x-security-type": [2,"pii"],
+ "name": "phone",
+ "in": "query",
+ "description": "Phone number",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "200 response",
+ "content": {
+ "application/json": {
+ "examples": {
+ "foo": {
+ "value": {
+ "versions": [
+ {
+ "status": "CURRENT",
+ "updated": "2011-01-21T11:33:21Z",
+ "id": "v2.0",
+ "links": [
+ {
+ "href": "http://127.0.0.1:8774/v2/",
+ "rel": "self"
+ }
+ ]
+ },
+ {
+ "status": "EXPERIMENTAL",
+ "updated": "2013-07-23T11:33:21Z",
+ "id": "v3.0",
+ "links": [
+ {
+ "href": "http://127.0.0.1:8774/v3/",
+ "rel": "self"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/oas-cli/src/test/resources/Valid_OAS_Invalid_Scope.json b/oas-cli/src/test/resources/Valid_OAS_Invalid_Scope.json
new file mode 100644
index 0000000..f237d22
--- /dev/null
+++ b/oas-cli/src/test/resources/Valid_OAS_Invalid_Scope.json
@@ -0,0 +1,82 @@
+{
+ "openapi": "3.0.0",
+ "info": {
+ "title": "Simple API overview",
+ "version": "2.0.0"
+ },
+ "x-security-type-definitions": {
+ "inherits-from": ["ns"]
+ },
+ "paths": {
+ "/user": {
+ "x-security-allow": ["pii"],
+ "get": {
+ "operationId": "listVersionsv2",
+ "summary": "List API versions",
+ "x-custom-ext": ["data"],
+ "parameters": [
+ {
+ "x-security-type": ["ns", 1],
+ "name": "limit",
+ "in": "query",
+ "description": "How many items to return at one time (max 100)",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "format": "int32"
+ }
+ },
+ {
+ "x-security-type": [2, "pii"],
+ "name": "phone",
+ "in": "query",
+ "description": "Phone number",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "200 response",
+ "content": {
+ "application/json": {
+ "examples": {
+ "foo": {
+ "value": {
+ "versions": [
+ {
+ "status": "CURRENT",
+ "updated": "2011-01-21T11:33:21Z",
+ "id": "v2.0",
+ "links": [
+ {
+ "href": "http://127.0.0.1:8774/v2/",
+ "rel": "self"
+ }
+ ]
+ },
+ {
+ "status": "EXPERIMENTAL",
+ "updated": "2013-07-23T11:33:21Z",
+ "id": "v3.0",
+ "links": [
+ {
+ "href": "http://127.0.0.1:8774/v3/",
+ "rel": "self"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/oas-cli/src/test/resources/Valid_OAS_Valid_Extensions.json b/oas-cli/src/test/resources/Valid_OAS_Valid_Extensions.json
new file mode 100644
index 0000000..34c5b96
--- /dev/null
+++ b/oas-cli/src/test/resources/Valid_OAS_Valid_Extensions.json
@@ -0,0 +1,83 @@
+{
+ "openapi": "3.0.0",
+ "info": {
+ "title": "Simple API overview",
+ "version": "2.0.0"
+ },
+ "x-security-type-definitions": [
+ {
+ "type": "pii",
+ "inherits-from": ["ns"]
+ }],
+ "paths": {
+ "/user": {
+ "get": {
+ "x-security-allow": ["pii"],
+ "operationId": "listVersionsv2",
+ "summary": "List API versions",
+ "parameters": [
+ {
+ "x-security-type": ["ns"],
+ "name": "limit",
+ "in": "query",
+ "description": "How many items to return at one time (max 100)",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "format": "int32"
+ }
+ },
+ {
+ "x-security-type": ["pii"],
+ "name": "phone",
+ "in": "query",
+ "description": "Phone number",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "200 response",
+ "content": {
+ "application/json": {
+ "examples": {
+ "foo": {
+ "value": {
+ "versions": [
+ {
+ "status": "CURRENT",
+ "updated": "2011-01-21T11:33:21Z",
+ "id": "v2.0",
+ "links": [
+ {
+ "href": "http://127.0.0.1:8774/v2/",
+ "rel": "self"
+ }
+ ]
+ },
+ {
+ "status": "EXPERIMENTAL",
+ "updated": "2013-07-23T11:33:21Z",
+ "id": "v3.0",
+ "links": [
+ {
+ "href": "http://127.0.0.1:8774/v3/",
+ "rel": "self"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/oas-core/build.gradle b/oas-core/build.gradle
index 908c2e3..eb00aba 100644
--- a/oas-core/build.gradle
+++ b/oas-core/build.gradle
@@ -1,6 +1,8 @@
+apply plugin: 'java-library'
+
dependencies {
- implementation "org.openapi4j:openapi-parser:${libVersions.openapiParser}"
- implementation "org.openapi4j:openapi-core:${libVersions.openapiCore}"
+ api "org.openapi4j:openapi-parser:${libVersions.openapiParser}"
+ api "org.openapi4j:openapi-core:${libVersions.openapiCore}"
implementation "com.google.auto.value:auto-value-annotations:${libVersions.autoValue}"
implementation "com.google.inject.extensions:guice-assistedinject:${libVersions.guice}"
implementation "com.networknt:json-schema-validator:${libVersions.jsonSchemaValidator}"
@@ -11,3 +13,7 @@
annotationProcessor "com.google.auto.value:auto-value:${libVersions.autoValue}"
}
+javadoc {
+ title = "OpenApi3 Specification Security Library"
+}
+
diff --git a/oas-core/src/main/java/com/apigee/security/oas/extendedvalidator/BaseExtensionValidationIntegrator.java b/oas-core/src/main/java/com/apigee/security/oas/extendedvalidator/BaseExtensionValidationIntegrator.java
deleted file mode 100644
index 1fc861e..0000000
--- a/oas-core/src/main/java/com/apigee/security/oas/extendedvalidator/BaseExtensionValidationIntegrator.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package com.apigee.security.oas.extendedvalidator;
-
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableMap;
-import java.util.Map;
-import java.util.Optional;
-import org.openapi4j.parser.model.OpenApiSchema;
-
-final class BaseExtensionValidationIntegrator extends ExtensionValidationIntegrator {
-
- // TODO(b/161441872): Inject ExtensionValidationIntegrator member dependencies.
-
- @Override
- public void validateExtensions(
- ImmutableMap<String, Object> extensions,
- ImmutableList<Map.Entry<Class<? extends OpenApiSchema>, Optional<String>>>
- updatedTraversalPath) {
- // TODO(b/161441872): Add validation logic here.
- }
-}
diff --git a/oas-core/src/main/java/com/apigee/security/oas/extendedvalidator/ExtensionValidationIntegrator.java b/oas-core/src/main/java/com/apigee/security/oas/extendedvalidator/ExtensionValidationIntegrator.java
deleted file mode 100644
index c38c062..0000000
--- a/oas-core/src/main/java/com/apigee/security/oas/extendedvalidator/ExtensionValidationIntegrator.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package com.apigee.security.oas.extendedvalidator;
-
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableMap;
-import java.util.Map;
-import java.util.Optional;
-import org.openapi4j.parser.model.OpenApiSchema;
-
-/** Carries out the process of validating ApiSecurityTool's OpenApi extensions. */
-public abstract class ExtensionValidationIntegrator {
-
- // TODO(b/161441872): Add needed member dependencies to be injected by child classes.
-
- /**
- * Validates extensions from a mapping of extension {@linkplain String name} to extension
- * {@linkplain Object content}.
- */
- abstract void validateExtensions(
- ImmutableMap<String, Object> extensions,
- ImmutableList<Map.Entry<Class<? extends OpenApiSchema>, Optional<String>>>
- updatedTraversalPath);
-}
diff --git a/oas-core/src/main/java/com/apigee/security/oas/extendedvalidator/ExtensionValidationMessage.java b/oas-core/src/main/java/com/apigee/security/oas/extendedvalidator/ExtensionValidationMessage.java
index 387da6c..505b982 100644
--- a/oas-core/src/main/java/com/apigee/security/oas/extendedvalidator/ExtensionValidationMessage.java
+++ b/oas-core/src/main/java/com/apigee/security/oas/extendedvalidator/ExtensionValidationMessage.java
@@ -4,14 +4,14 @@
/** Holds information about an error occurred during validation. */
@AutoValue
-abstract class ExtensionValidationMessage {
+public abstract class ExtensionValidationMessage {
static Builder builder() {
return new AutoValue_ExtensionValidationMessage.Builder();
}
@AutoValue.Builder
- abstract static class Builder {
+ public abstract static class Builder {
abstract Builder setType(String value);
abstract Builder setMessage(String value);
@@ -21,9 +21,9 @@
abstract ExtensionValidationMessage build();
}
- abstract String type();
+ public abstract String type();
- abstract String message();
+ public abstract String message();
- abstract String path();
+ public abstract String path();
}
diff --git a/oas-test/src/main/java/com/apigee/security/oas/SlowTests.java b/oas-test/src/main/java/com/apigee/security/oas/SlowTests.java
new file mode 100644
index 0000000..5e6aa0f
--- /dev/null
+++ b/oas-test/src/main/java/com/apigee/security/oas/SlowTests.java
@@ -0,0 +1,4 @@
+package com.apigee.security.oas;
+
+/** {@link org.junit.experimental.categories.Category Category} marker interface for categorizing slow integration tests. */
+public interface SlowTests {}
