Skip to content

no-security-schemes-defined erroneously matches non-root components object #2771

New issue
New issue
Open
Open
no-security-schemes-defined erroneously matches non-root components object#2771
Assignees
mnaumanali94
Labels
t/bugSomething isn't working
@robincgit

Description

@robincgit
robincgit
opened on Jan 24, 2025

Describe the bug

The no-security-schemes-defined rule seems to incorrectly match non-root components objects, resulting in false positives.

To Reproduce

Given this openapi.yml document:

openapi: '3.1.0'
info:
  title: TITLE
  version: 'VERSION'

paths: {}

components:
  schemas:
    Foo:
      type: object
      properties:
        components:
          type: number

  securitySchemes:
    sec:
      type: http
      scheme: bearer

Run this CLI command:

$ spectral lint openapi.yml
[...]
 13:20    error  no-security-schemes-defined  All APIs MUST have a security scheme defined.             components.schemas.Foo.properties.components

Expected behavior

The rule should not match, i.e the behavior should be the same as when renaming the components property of the above Foo schema to component.

Environment

  • Library version: 6.14.2

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

t/bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions