Skip to content

Releases: apiaddicts/sonaropenapi-rules

1.4.1

Choose a tag to compare

@SebastianDT1 SebastianDT1 released this 04 Jun 16:46
7fc0bd0

[1.4.1] - 2026-06-04

Added

  • Add OpenAPI language support without YAML and JSON conflicts.

Changed

  • Bump plugin version to 1.4.1.
  • Update sonaropenapi.version to 1.2.1.
  • Reference openapi-front-end and openapi-test-tools dependencies via ${sonaropenapi.version} property instead of hardcoded version.

Fixed

  • OAR004 - ValidWso2ScopesRoles - Fixed false negative where roles defined as a YAML/JSON array were not validated element by element. Updated AbstractPatternWso2ScopesCheck.visitScope() to iterate array elements via fieldNode.elements() and validate each one individually. Added test fixtures for array roles in v2, v3, v31 and v32 formats.
  • OAR014 - ResourceLevelWithinNonSuggestedRange - Removed upper bound threshold: rule now fires for all depths ≥ 4 (previously only fired for depths 4–5), aligning with Spectral behavior. Updated v2 test fixtures to mark depth-6 paths as noncompliant.
  • OAR015 - ResourceLevelMaxAllowed - Updated depth calculation algorithm in AbstractResourceLevelCheck.matchLevel(String path) to count only literal segments, explicitly excluding path parameters (e.g. {customerId}) and /me segments — matching Spectral's algorithm exactly. Previously used a pathParts − literalParamPairs formula that produced different results for paths starting with parameters, consecutive parameters, or containing /me.
  • OAR020 - ExpandParameterCheck - Fixed false negative where GET operations on non-/examples paths (e.g. /pets, /orders) without a parameters block were not reported. Changed default path strategy from include-only /examples to exclude-all (empty exclude list), so the rule now applies to all collection GET endpoints. Added /me path exclusion and health-check path exclusion (status, health, ping) in visitNode, aligning with Spectral's filter. Added without-parameters test cases for v2, v3, v31 and v32.
  • OAR021 - ExcludeParameterCheck - Same fix as OAR020 applied for $exclude parameter. Changed default path strategy to exclude-all, added /me and health-check exclusions, added without-parameters test cases.
  • OAR028 - FilterParameterCheck - Rewritten to extend AbstractQueryParameterCheck. Fires exactly once per GET operation when $filter query parameter is absent; does not fire if $filter is present alongside other parameters; resolves $filter referenced via $ref to components. Covers ALL collection GET endpoints except /me paths, terminal /{id} paths and health-check paths (status, health, ping).
  • OAR037 - StringFormatCheck - Fixed false negative where string schemas without a format field were not reported. Updated isInvalidString to also fire when format == null.
  • OAR038 - StandardCreateResponseCheck - POST 201 responses must have a schema whose properties are named data or error, each with at least one sub-property. Fires with a distinct message when the property name is invalid vs. when sub-properties are missing.
  • OAR066 - SnakeCaseNamingConventionCheck - Fixed false positives on industry-standard property name prefixes. Skip properties whose names start with @ or x-.
  • OAR073 - RateLimitCheck - Extended default excluded paths from /status, /health-check to /status, /health, /health-check, /ping, /liveness, /readiness in DEFAULT_PATHS.

What's Changed

Full Changelog: 1.3.7...1.4.1

1.3.7

Choose a tag to compare

@SebastianDT1 SebastianDT1 released this 18 May 17:53

[1.3.7] - 2026-05-18

Fixed

  • Add Spanish documentation for OAR048

Full Changelog: 1.3.6...1.3.7

1.3.6

Choose a tag to compare

@SebastianDT1 SebastianDT1 released this 05 May 18:05
ddf9363

[1.3.6] - 2026-05-05

Fixed

- External `$ref` tests no longer require outbound internet access. Fixtures
  are now served by a local HTTP server (`ExternalRefHttpServer`) on
  `http://localhost:18089`, started in `BaseCheckTest`. Affected tests:
  OAR031 (v2/v3), OAR094, OAR068, OAR086.

What's Changed

New Contributors

Full Changelog: 1.3.5...1.3.6

1.3.5

Choose a tag to compare

@SebastianDT1 SebastianDT1 released this 08 Apr 18:27
6848eea

[1.3.5] - 2026-04-08

Fixed

- OAR102 - SecondPartBasePathCheck Test
- OAR101 - FirstPartBasePathCheck Test
- OAR034 - StandardPagedResponseSchemaCheck Test
- OAR029 - StandardResponseSchemaCheck Test
- OAR083 - ForbiddenQueryParamsCheck Test
- OAR084 - ForbiddenFormatsInQueryCheck Test
- OAR043 - ParsingErrorCheck Test
- OAR028 - FilterParameterCheck Test
- OAR073 - RateLimitCheck Test
- OAR079 - PathParameter404Check Test

- AbstractSchemaCheck
- AbstractForbiddenQueryCheck
- AbstractPathResponseCheck
- VerbPathMatcher

What's Changed

Full Changelog: 1.3.4...1.3.5

1.3.4

Choose a tag to compare

@SebastianDT1 SebastianDT1 released this 07 Apr 13:57
52ce601

Fixed

  • OAR029 - StandardResponseSchemaCheck Test

  • OAR080 - SecuritySchemasCheck Test

  • OAR112 - RegexCheck Test

  • OpenAPICustomPlugin Test

  • OpenAPICustomProfileDefinition Test

  • OpenAPICustomRuleRepository Test

  • OpenAPICustomRulesDefinition Test

What's Changed

New Contributors

Full Changelog: 1.3.3...1.3.4

1.3.3

Choose a tag to compare

@SebastianDT1 SebastianDT1 released this 20 Mar 19:04
c7cc350

What's Changed

Full Changelog: 1.3.2...1.3.3

1.3.2

Choose a tag to compare

@SebastianDT1 SebastianDT1 released this 05 Mar 12:41
6290b53

[1.3.2] - 2026-03-05

Fixed

- OAR031 - Examples

What's Changed

Full Changelog: v1.3.1...1.3.2

1.3.1

Choose a tag to compare

@SebastianDT1 SebastianDT1 released this 19 Feb 13:58
885a9c2

[1.3.1] - 2026-02-19

Changed

- Resolved all SonarCloud issues

What's Changed

Full Changelog: v1.3.0...v1.3.1

1.3.0

Choose a tag to compare

@SebastianDT1 SebastianDT1 released this 08 Jan 16:43
2c8d45a

[1.3.0] - 2026-01-05

Changed

- OAR104 - ResourcesByPostVerbCheck

Fixed

- OAR019 - SelectParameterCheck
- OAR020 - ExpandParameterCheck

What's Changed

  • Fix/57/oar019 path by @mels-h in #60
  • fix prevent oar020 for paths ending with params and tests by @mels-h in #61
  • feat: add search to default excluded path patterns in oar104 by @mels-h in #63
  • adding new version 1.3.0 by @mels-h in #64
  • Develop by @mels-h in #62

Full Changelog: v1.2.5...v1.3.0

1.2.5

Choose a tag to compare

@SebastianDT1 SebastianDT1 released this 31 Dec 16:17
21ba5be

What's Changed

  • fix oar021 false positive for paths ending with params by @mels-h in #59

Full Changelog: v1.2.4...v1.2.5