feat: add rule for api must have a securitySchemes defined (#35)

apisyouwonthate · Sep 23, 2022 · 3e729a4 · 3e729a4
1 parent 52be4a6
commit 3e729a4
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 0 deletions.
diff --git a/__tests__/adv-security-schemes-defined.test.ts b/__tests__/adv-security-schemes-defined.test.ts
@@ -0,0 +1,37 @@
+import { DiagnosticSeverity } from "@stoplight/types";
+import testRule from "./__helpers__/helper";
+
+testRule("adv-security-schemes-defined", [
+  {
+    name: "valid case",
+    document: {
+      openapi: "3.1.0",
+      info: { version: "1.0" },
+      components: {
+        securitySchemes: {
+          "oAuth2": {
+            type: "oauth2",
+            flow: {},
+          },
+        },
+      },
+    },
+    errors: [],
+  },
+
+  {
+    name: "invalid case",
+    document: {
+      openapi: "3.1.0",
+      info: { version: "1.0" },
+      components: {},
+    },
+    errors: [
+      {
+        message: "This API definition does not have any security scheme defined.",
+        path: ["components"],
+        severity: DiagnosticSeverity.Error,
+      },
+    ],
+  },
+]);
diff --git a/src/ruleset.ts b/src/ruleset.ts
@@ -278,5 +278,18 @@ export default {
       formats: [oas3],
       severity: DiagnosticSeverity.Warning,
     },
+
+    // Author: Advanced API & Integrations Team (https://www.oneadvanced.com/)
+    "adv-security-schemes-defined": {
+      description: "All APIs MUST have a security scheme defined.",
+      message: "This API definition does not have any security scheme defined.",
+      given: "$..components",
+      then: {
+        field: "securitySchemes",
+        function: truthy
+      },
+      formats: [oas3],
+      severity: DiagnosticSeverity.Error,
+    },
   },
 };