Skip to content

v0.7.0

Compare
Choose a tag to compare
@daveshanley daveshanley released this 05 Jan 02:33
· 226 commits to main since this release

v0.7.0 introduces a complete rebuild of the OWASP rule functions. They have now all been moved into custom functions. This was done because the previous rules were choking at scale, and all the paths were undecipherable.

This update should address issue #398

view OWASP functions

  • All paths provided by all built in rules are now complete and detailed.
  • OWASP rules run much, much faster and have more detailed reporting and no duplicate errors.

Example functions re-written.

The examples functionality have all been rewritten. They now run much faster and are much more accurate. They have also been broken down into three rules, from the previous one.

Modified rule: oas3-valid-schema-example

This rule now ONLY checks that schemas provided by examples are valid.

New rule: oas3-missing-example

view docs

This rule checks to ensure all Schemas, Parameters, Headers and Media Types have an examples or example field set,
and ensures that no empty values are provided.

New rule: oas3-example-external-check

view docs

This rule checks that no examples in Parameters, Headers and Media Types have used both an externalValue and a value property.

These modifications address #403 and #392

New feature 'Hard Mode'

All commands support the new -z / --hard-mode flag. This will enable every built-in rule in vacuum. This is the highest level of compliance available built into vacuum.

If you want to really test your OpenAPI spec, then try Hard Mode, and then feel sad.

Fixed spectral-report paths

Issues #295 and #304 have been addressed with the path cleanup work.

Dashboard and html-report updates

Only categories that triggered results are available in reports and the terminal UI now. #399

Changelog

  • 5cd70e2 Added hard mode -z turns on EVERTHING
  • eb8ceee Added property support to all OWASP functions.
  • 9f960d8 Another sweep through to clean up
  • cfd43ea Cleaned up readme and error
  • f48c65f Rebuilding OpenAPI functions
  • 19529aa Tuned exising tests, removed swagger variations
  • 5fee442 Update README.md
  • 70c08a4 Updated against new doctor API
  • f641668 cleaned up linting
  • b4bfa82 cleaning things up, polish and more.
  • ba19914 completed OWASP upgrade
  • be5143e examples function is now mostly rebuilt.
  • e813f0d html-report only shows categories with results #399
  • 19b4bb9 lots of OWASP function building.
  • ed1f099 quick tidy up
  • f537f20 removing JSON parsing channel after cleanup.
  • 7aab2ff replaced old examples code, extracted rules into multiple functions. #403
  • c4adbe2 updated to latest libopenapi
  • 79ab746 working through OWASP rebuild.