v0.7.1

Changelog

• 17f3af3 I thought I was in vim for some reason.
• 61b63de bumped dependencies
• e908e72 resolved panic reported in #412

v0.7.0

v0.7.0 introduces a complete rebuild of the OWASP rule functions. They have now all been moved into custom functions. This was done because the previous rules were choking at scale, and all the paths were undecipherable.

This update should address issue #398

view OWASP functions

• All paths provided by all built in rules are now complete and detailed.
• OWASP rules run much, much faster and have more detailed reporting and no duplicate errors.

Example functions re-written.

The examples functionality have all been rewritten. They now run much faster and are much more accurate. They have also been broken down into three rules, from the previous one.

Modified rule: oas3-valid-schema-example

This rule now ONLY checks that schemas provided by examples are valid.

New rule: oas3-missing-example

view docs

This rule checks to ensure all Schemas, Parameters, Headers and Media Types have an examples or example field set,
and ensures that no empty values are provided.

New rule: oas3-example-external-check

view docs

This rule checks that no examples in Parameters, Headers and Media Types have used both an externalValue and a value property.

These modifications address #403 and #392

New feature 'Hard Mode'

All commands support the new -z / --hard-mode flag. This will enable every built-in rule in vacuum. This is the highest level of compliance available built into vacuum.

If you want to really test your OpenAPI spec, then try Hard Mode, and then feel sad.

Fixed spectral-report paths

Issues #295 and #304 have been addressed with the path cleanup work.

Dashboard and html-report updates

Only categories that triggered results are available in reports and the terminal UI now. #399

Changelog

• 5cd70e2 Added hard mode -z turns on EVERTHING
• eb8ceee Added property support to all OWASP functions.
• 9f960d8 Another sweep through to clean up
• cfd43ea Cleaned up readme and error
• f48c65f Rebuilding OpenAPI functions
• 19529aa Tuned exising tests, removed swagger variations
• 5fee442 Update README.md
• 70c08a4 Updated against new doctor API
• f641668 cleaned up linting
• b4bfa82 cleaning things up, polish and more.
• ba19914 completed OWASP upgrade
• be5143e examples function is now mostly rebuilt.
• e813f0d html-report only shows categories with results #399
• 19b4bb9 lots of OWASP function building.
• ed1f099 quick tidy up
• f537f20 removing JSON parsing channel after cleanup.
• 7aab2ff replaced old examples code, extracted rules into multiple functions. #403
• c4adbe2 updated to latest libopenapi
• 79ab746 working through OWASP rebuild.

v0.6.3

Changelog

• 17468ea Added timeout feature to prevent runaway linting
• 431ac35 Fixed zuplo link
• 40f3484 fixed go.mod

v0.6.2

Changelog

• 9135313 Fixed issue reported in #400
• fd07988 bumped deps

v0.6.1

Changelog

• 976fd89 Remove inconsistent "OWASP API1:2019 - " from rule description
• 79497b0 feature: upgrade to libopenapi with orderedmap support (#386)
• 936075b updated readme

v0.6.0

Changelog

• af6b2c1 Added a version command #377
• cf4cc80 Added base remote ruleset capability
• df41dd3 Added local file support for extending rulesets.
• 7478bab Added new -m and -b banner flags for lint #278
• 40f2189 Fixed example custom ruleset.
• 3389e98 New -a / —all-results flag enables all result output #293
• 96a7e48 message now overrides all core function messages #318
• 3731ddc added variation for yaml file extension.
• d5f0ea3 addressed #284
• c6d0988 cleaned up linting issues
• 2f41083 fixed formatting and casing function

v0.5.11

Changelog

• 2c4d20d updated libopenapi versions.

v0.5.10

Changelog

• f8bff51 allow lookups to be performed correctly

v0.5.9

Changelog

• 78e687d Updated to latest libopenapi

v0.5.8

Changelog

• ab09d18 extracted circular referenences back out