feat(ls): add rules for OpenAPI 2.0 Security Requirement Object (#3667)

char0n · web-flow · commit 7cd71f60dd6a · 2024-01-12T11:07:48.000+01:00
Refs #3621
diff --git a/packages/apidom-ls/src/config/codes.ts b/packages/apidom-ls/src/config/codes.ts
@@ -791,6 +791,9 @@ enum ApilintCodes {
   OPENAPI2_XML_FIELD_ATTRIBUTE_TYPE = 3200400,
   OPENAPI2_XML_FIELD_WRAPPED_TYPE = 3200500,
 
+  OPENAPI2_SECURITY_REQUIREMENT = 3210000,
+  OPENAPI2_SECURITY_REQUIREMENT_KEYS_DEFINED,
+
   OPENAPI3_0 = 5000000,
 
   OPENAPI3_0_OPENAPI_VALUE_PATTERN_3_0_0 = 5000100,
@@ -866,8 +869,8 @@ enum ApilintCodes {
   OPENAPI3_0_PATHS = 5090000,
   OPENAPI3_0_PATHS_VALUES_TYPE,
 
-  OPENAPI_3_0_SECURITY_REQUIREMENT = 5100000,
-  OPENAPI_3_0_SECURITY_REQUIREMENT_KEYS_DEFINED,
+  OPENAPI3_0_SECURITY_REQUIREMENT = 5100000,
+  OPENAPI3_0_SECURITY_REQUIREMENT_KEYS_DEFINED,
 
   OPENAPI3_0_TAG = 5110000,
   OPENAPI3_0_TAG_FIELD_NAME_TYPE = 5110100,
diff --git a/packages/apidom-ls/src/config/openapi/security-requirement/documentation.ts b/packages/apidom-ls/src/config/openapi/security-requirement/documentation.ts
@@ -1,6 +1,10 @@
-import { OpenAPI30, OpenAPI31 } from '../target-specs';
+import { OpenAPI2, OpenAPI30, OpenAPI31 } from '../target-specs';
 
 const documentation = [
+  {
+    docs: '#### [Security Requirement Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md#security-requirement-object)\n\nLists the required security schemes to execute this operation. The object can have multiple security schemes declared in it which are all required (that is, there is a logical AND between the schemes).\n\nThe name used for each property MUST correspond to a security scheme declared in the [Security Definitions](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.m#securityDefinitionsObject).\n\n##### Patterned Fields\n\nField Pattern | Type | Description\n---|:---:|---\n{name} | [`string`] | Each name must correspond to a security scheme which is declared in the [Security Definitions](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.m#securityDefinitions). If the security scheme is of type `"oauth2"`, then the value is a list of scope names required for the execution. For other security scheme types, the array MUST be empty.\n\n##### Security Requirement Object Examples\n\n###### Non-OAuth2 Security Requirement\n\n```js\n{\n  "api_key": []\n}\n```\n\n\n\\\nYAML\n```yaml\napi_key: []\n```\n\n###### OAuth2 Security Requirement\n\n```js\n{\n  "petstore_auth": [\n    "write:pets",\n    "read:pets"\n  ]\n}\n```\n\n```yaml\npetstore_auth:\n- write:pets\n- read:pets\n```',
+    targetSpecs: OpenAPI2,
+  },
   {
     docs: '#### [Security Requirement Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#securityRequirementObject)\n\nLists the required security schemes to execute this operation.\nThe name used for each property MUST correspond to a security scheme declared in the [Security Schemes](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#componentsSecuritySchemes) under the [Components Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#componentsObject).\n\nSecurity Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized.\nThis enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.\n\nWhen a list of Security Requirement Objects is defined on the [OpenAPI Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#oasObject) or [Operation Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#operationObject), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request.\n\n##### Patterned Fields\n\nField Pattern | Type | Description\n---|:---:|---\n{name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#componentsSecuritySchemes) under the [Components Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#componentsObject). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty.\n\n##### Security Requirement Object Examples\n\n###### Non-OAuth2 Security Requirement\n\n\n\\\nJSON\n```json\n{\n  "api_key": []\n}\n```\n\n\n\\\nYAML\n```yaml\napi_key: []\n```\n\n###### OAuth2 Security Requirement\n\n```json\n{\n  "petstore_auth": [\n    "write:pets",\n    "read:pets"\n  ]\n}\n```\n\n```yaml\npetstore_auth:\n- write:pets\n- read:pets\n```\n\n###### Optional OAuth2 Security\n\nOptional OAuth2 security as would be defined in an [OpenAPI Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#openapi-object) or an [Operation Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#operation-object):\n\n```json\n{\n  "security": [\n    {},\n    {\n      "petstore_auth": [\n        "write:pets",\n        "read:pets"\n      ]\n    }\n  ]\n}\n```\n\n```yaml\nsecurity:\n  - {}\n  - petstore_auth:\n    - write:pets\n    - read:pets\n```',
     targetSpecs: OpenAPI30,
diff --git a/packages/apidom-ls/src/config/openapi/security-requirement/lint/index.ts b/packages/apidom-ls/src/config/openapi/security-requirement/lint/index.ts
@@ -1,5 +1,6 @@
-import keysDefinedLint from './keys--defined';
+import keysDefined2_0Lint from './keys--defined-2-0';
+import keysDefined3_0__3_1Lint from './keys--defined-3-0--3-1';
 
-const lints = [keysDefinedLint];
+const lints = [keysDefined2_0Lint, keysDefined3_0__3_1Lint];
 
 export default lints;
diff --git a/packages/apidom-ls/src/config/openapi/security-requirement/lint/keys--defined-2-0.ts b/packages/apidom-ls/src/config/openapi/security-requirement/lint/keys--defined-2-0.ts
@@ -0,0 +1,20 @@
+import { DiagnosticSeverity } from 'vscode-languageserver-types';
+
+import ApilintCodes from '../../../codes';
+import { LinterMeta } from '../../../../apidom-language-types';
+import { OpenAPI2 } from '../../target-specs';
+
+// eslint-disable-next-line @typescript-eslint/naming-convention
+const keysDefined2_0Lint: LinterMeta = {
+  code: ApilintCodes.OPENAPI2_SECURITY_REQUIREMENT_KEYS_DEFINED,
+  source: 'apilint',
+  message: 'security keys must be included in defined security schemes',
+  severity: DiagnosticSeverity.Error,
+  linterFunction: 'apilintKeysIncluded',
+  linterParams: ['root.securityDefinitions'],
+  marker: 'key',
+  data: {},
+  targetSpecs: OpenAPI2,
+};
+
+export default keysDefined2_0Lint;
diff --git a/packages/apidom-ls/src/config/openapi/security-requirement/lint/keys--defined-3-0--3-1.ts b/packages/apidom-ls/src/config/openapi/security-requirement/lint/keys--defined-3-0--3-1.ts
@@ -4,8 +4,9 @@ import ApilintCodes from '../../../codes';
 import { LinterMeta } from '../../../../apidom-language-types';
 import { OpenAPI3 } from '../../target-specs';
 
-const keysDefinedLint: LinterMeta = {
-  code: ApilintCodes.OPENAPI_3_0_SECURITY_REQUIREMENT_KEYS_DEFINED,
+// eslint-disable-next-line @typescript-eslint/naming-convention
+const keysDefined3_0__3_1Lint: LinterMeta = {
+  code: ApilintCodes.OPENAPI3_0_SECURITY_REQUIREMENT_KEYS_DEFINED,
   source: 'apilint',
   message: 'security keys must be included in defined security schemes',
   severity: DiagnosticSeverity.Error,
@@ -16,4 +17,4 @@ const keysDefinedLint: LinterMeta = {
   targetSpecs: OpenAPI3,
 };
 
-export default keysDefinedLint;
+export default keysDefined3_0__3_1Lint;
