Merge pull request #488 from postmanlabs/fix478/invalidValueInPathVariablesValidation

Fix #478: invalid value in path variables validation

Author: VShingala

lib/common/schemaUtilsCommon.js

@@ -345,5 +345,16 @@ module.exports = {
 
   isKnownType: function(schema) {
     return typeof schemaTypeToJsValidator[schema.type] === 'function';
+  },
+
+  getServersPathVars: function(servers) {
+    return servers.reduce((acc, current) => {
+      const newVarNames = current.hasOwnProperty('variables') ?
+        Object.keys(current.variables).filter((varName) => {
+          return !acc.includes(varName);
+        }) :
+        [];
+      return [...acc, ...newVarNames];
+    }, []);
   }
 };

lib/schemaUtils.js

@@ -3322,7 +3322,7 @@ module.exports = {
 
   /**
    *
-   * @param {*} determinedPathVariables the key/determined-value pairs of the path variables (from Postman)
+   * @param {*} matchedPathData the matchedPath data
    * @param {*} transactionPathPrefix the jsonpath for this validation (will be prepended to all identified mismatches)
    * @param {*} schemaPath the applicable pathItem defined at the schema level
    * @param {*} components the components + paths from the OAS spec that need to be used to resolve $refs
@@ -3333,7 +3333,7 @@ module.exports = {
    * @returns {array} mismatches (in the callback)
    */
   checkPathVariables: function (
-    determinedPathVariables,
+    matchedPathData,
     transactionPathPrefix,
     schemaPath,
     components,
@@ -3347,7 +3347,9 @@ module.exports = {
     var mismatchProperty = 'PATHVARIABLE',
       // all path variables defined in this path. acc. to the spec, all path params are required
       schemaPathVariables,
-      pmPathVariables;
+      pmPathVariables,
+      determinedPathVariables = matchedPathData.pathVariables,
+      unmatchedVariablesFromTransaction = matchedPathData.unmatchedVariablesFromTransaction;
 
     if (options.validationPropertiesToIgnore.includes(mismatchProperty)) {
       return callback(null, []);
@@ -3413,17 +3415,41 @@ module.exports = {
     }, (err, res) => {
       let mismatches = [],
         mismatchObj;
+      const unmatchedSchemaVariableNames = determinedPathVariables.filter((pathVariable) => {
+        return !pathVariable._varMatched;
+      }).map((schemaPathVar) => {
+        return schemaPathVar.key;
+      });
 
       if (err) {
         return callback(err);
       }
 
       // go through required schemaPathVariables, and params that aren't found in the given transaction are errors
-      _.each(schemaPathVariables, (pathVar) => {
+      _.each(schemaPathVariables, (pathVar, index) => {
         if (!_.find(determinedPathVariables, (param) => {
           // only consider variable matching if url path variables is not allowed
           return param.key === pathVar.name && (options.allowUrlPathVarMatching || param._varMatched);
         })) {
+          let reasonCode = 'MISSING_IN_REQUEST',
+            reason,
+            actualValue,
+            currentUnmatchedVariableInTransaction = unmatchedVariablesFromTransaction[index],
+            isInvalidValue = currentUnmatchedVariableInTransaction !== undefined;
+
+          if (unmatchedSchemaVariableNames.length > 0 && isInvalidValue) {
+            reason = `The ${currentUnmatchedVariableInTransaction.key} path variable does not match with ` +
+              `path variable expected (${unmatchedSchemaVariableNames[index]}) in the schema at this position`;
+            actualValue = {
+              key: currentUnmatchedVariableInTransaction.key,
+              description: this.getParameterDescription(currentUnmatchedVariableInTransaction),
+              value: currentUnmatchedVariableInTransaction.value
+            };
+          }
+          else {
+            reason = `The required path variable "${pathVar.name}" was not found in the transaction`;
+            actualValue = null;
+          }
 
           // assign parameter example(s) as schema examples;
           this.assignParameterExamples(pathVar);
@@ -3432,14 +3458,14 @@ module.exports = {
             property: mismatchProperty,
             transactionJsonPath: transactionPathPrefix,
             schemaJsonPath: pathVar.pathPrefix,
-            reasonCode: 'MISSING_IN_REQUEST',
-            reason: `The required path variable "${pathVar.name}" was not found in the transaction`
+            reasonCode,
+            reason
           };
 
           if (options.suggestAvailableFixes) {
             mismatchObj.suggestedFix = {
               key: pathVar.name,
-              actualValue: null,
+              actualValue,
               suggestedValue: {
                 key: pathVar.name,
                 value: safeSchemaFaker(pathVar.schema || {}, 'example', PROCESSING_TYPE.VALIDATION,

lib/schemapack.js

@@ -1,6 +1,5 @@
 'use strict';
 
-
 // This is the default collection name if one can't be inferred from the OpenAPI spec
 const COLLECTION_NAME = 'Imported from OpenAPI 3.0',
   { getConcreteSchemaUtils } = require('./common/versionUtils.js'),
@@ -26,7 +25,8 @@ const COLLECTION_NAME = 'Imported from OpenAPI 3.0',
   // This provides the base class for
   // errors with the input OpenAPI spec
   OpenApiErr = require('./error.js'),
-  schemaUtils = require('./schemaUtils');
+  schemaUtils = require('./schemaUtils'),
+  { getServersPathVars } = require('./common/schemaUtilsCommon.js');
 
 let path = require('path'),
   concreteUtils,
@@ -495,12 +495,29 @@ class SchemaPack {
         return setTimeout(() => {
           // 2. perform validation for each identified matchedPath (schema endpoint)
           return async.map(matchedPaths, (matchedPath, pathsCallback) => {
+            const transactionPathVariables = _.get(transaction, 'request.url.variable', []),
+              localServers = matchedPath.path.hasOwnProperty('servers') ?
+                matchedPath.path.servers :
+                [],
+              serversPathVars = [...getServersPathVars(localServers), ...getServersPathVars(schema.servers)],
+              isNotAServerPathVar = (pathVarName) => {
+                return !serversPathVars.includes(pathVarName);
+              };
 
+            matchedPath.unmatchedVariablesFromTransaction = [];
             // override path variable value with actual value present in transaction
             // as matched pathvariable contains key as value, as it is generated from url only
             _.forEach(matchedPath.pathVariables, (pathVar) => {
-              let mappedPathVar = _.find(_.get(transaction, 'request.url.variable', []), (transactionPathVar) => {
-                return transactionPathVar.key === pathVar.key;
+              const mappedPathVar = _.find(transactionPathVariables, (transactionPathVar) => {
+                let matched = transactionPathVar.key === pathVar.key;
+                if (
+                  !matched &&
+                  isNotAServerPathVar(transactionPathVar.key) &&
+                  !matchedPath.unmatchedVariablesFromTransaction.includes(transactionPathVar)
+                ) {
+                  matchedPath.unmatchedVariablesFromTransaction.push(transactionPathVar);
+                }
+                return matched;
               });
               pathVar.value = _.get(mappedPathVar, 'value', pathVar.value);
               // set _varMatched flag which represents if variable was found in transaction or not
@@ -522,7 +539,7 @@ class SchemaPack {
                 schemaUtils.checkMetadata(transaction, '$', matchedPath.path, matchedPath.name, options, cb);
               },
               path: function(cb) {
-                schemaUtils.checkPathVariables(matchedPath.pathVariables, '$.request.url.variable', matchedPath.path,
+                schemaUtils.checkPathVariables(matchedPath, '$.request.url.variable', matchedPath.path,
                   componentsAndPaths, options, schemaCache, jsonSchemaDialect, cb);
               },
               queryparams: function(cb) {

test/data/validationData/issues/issue#478/global-servers-path-variables-collection.json

@@ -0,0 +1,225 @@
+{
+  "item": [
+    {
+      "id": "1c9e80af-cc42-47c7-beae-f4b78e1bd3e1",
+      "name": "Info for a specific pet",
+      "request": {
+        "name": "Info for a specific pet",
+        "description": {},
+        "url": {
+          "path": [
+            "pets",
+            ":petId"
+          ],
+          "host": [
+            "{{baseUrl}}"
+          ],
+          "query": [],
+          "variable": [
+            {
+              "description": "Assigned by the service provider",
+              "type": "any",
+              "value": "{{username}}",
+              "key": "username"
+            },
+            {
+              "description": " (This can only be one of 8843,443)",
+              "type": "any",
+              "value": "{{port}}",
+              "key": "port"
+            },
+            {
+              "description": {
+                "content": "",
+                "type": "text/plain"
+              },
+              "type": "any",
+              "value": "{{basePath}}",
+              "key": "basePath"
+            },
+            {
+              "disabled": false,
+              "type": "any",
+              "value": "<string>",
+              "key": "petId",
+              "description": "(Required) The id of the pet to retrieve"
+            }
+          ]
+        },
+        "header": [
+          {
+            "key": "Accept",
+            "value": "application/json"
+          }
+        ],
+        "method": "GET",
+        "auth": null
+      },
+      "response": [
+        {
+          "id": "291f119a-d162-4676-83c0-91ce6595407b",
+          "name": "Expected response to a valid request",
+          "originalRequest": {
+            "url": {
+              "path": [
+                "pets",
+                ":petId"
+              ],
+              "host": [
+                "{{baseUrl}}"
+              ],
+              "query": [],
+              "variable": [
+                {
+                  "description": "Assigned by the service provider",
+                  "type": "any",
+                  "value": "{{username}}",
+                  "key": "username"
+                },
+                {
+                  "description": " (This can only be one of 8843,443)",
+                  "type": "any",
+                  "value": "{{port}}",
+                  "key": "port"
+                },
+                {
+                  "description": {
+                    "content": "",
+                    "type": "text/plain"
+                  },
+                  "type": "any",
+                  "value": "{{basePath}}",
+                  "key": "basePath"
+                },
+                {
+                  "disabled": false,
+                  "type": "any",
+                  "value": "<string>",
+                  "key": "petId",
+                  "description": "(Required) The id of the pet to retrieve"
+                }
+              ]
+            },
+            "method": "GET",
+            "body": {}
+          },
+          "status": "OK",
+          "code": 200,
+          "header": [
+            {
+              "key": "Content-Type",
+              "value": "application/json"
+            }
+          ],
+          "body": "{\n  \"id\": -74238905,\n  \"name\": \"et aliqua officia\",\n  \"tag\": \"qui do\"\n}",
+          "cookie": [],
+          "_postman_previewlanguage": "json"
+        },
+        {
+          "id": "c00295c6-c859-46a4-8aae-8e2a6a2f64f3",
+          "name": "unexpected error",
+          "originalRequest": {
+            "url": {
+              "path": [
+                "pets",
+                ":petId"
+              ],
+              "host": [
+                "{{baseUrl}}"
+              ],
+              "query": [],
+              "variable": [
+                {
+                  "description": "Assigned by the service provider",
+                  "type": "any",
+                  "value": "{{username}}",
+                  "key": "username"
+                },
+                {
+                  "description": " (This can only be one of 8843,443)",
+                  "type": "any",
+                  "value": "{{port}}",
+                  "key": "port"
+                },
+                {
+                  "description": {
+                    "content": "",
+                    "type": "text/plain"
+                  },
+                  "type": "any",
+                  "value": "{{basePath}}",
+                  "key": "basePath"
+                },
+                {
+                  "disabled": false,
+                  "type": "any",
+                  "value": "<string>",
+                  "key": "petId",
+                  "description": "(Required) The id of the pet to retrieve"
+                }
+              ]
+            },
+            "method": "GET",
+            "body": {}
+          },
+          "status": "Internal Server Error",
+          "code": 500,
+          "header": [
+            {
+              "key": "Content-Type",
+              "value": "application/json"
+            }
+          ],
+          "body": "{\n  \"code\": -79318973,\n  \"message\": \"ex c\"\n}",
+          "cookie": [],
+          "_postman_previewlanguage": "json"
+        }
+      ],
+      "event": []
+    }
+  ],
+  "event": [],
+  "variable": [
+    {
+      "description": {
+        "content": "Assigned by the service provider",
+        "type": "text/plain"
+      },
+      "type": "any",
+      "value": "demo",
+      "key": "username"
+    },
+    {
+      "description": {
+        "content": " (This can only be one of 8843,443)",
+        "type": "text/plain"
+      },
+      "type": "any",
+      "value": "8843",
+      "key": "port"
+    },
+    {
+      "description": {
+        "content": "",
+        "type": "text/plain"
+      },
+      "type": "any",
+      "value": "v2",
+      "key": "basePath"
+    },
+    {
+      "type": "string",
+      "value": "https://{{username}}.myTestServer.com:{{port}}/{{basePath}}",
+      "key": "baseUrl"
+    }
+  ],
+  "info": {
+    "_postman_id": "a1d9a3d3-6195-46b3-95ff-016edd9b283d",
+    "name": "Swagger Petstore",
+    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
+    "description": {
+      "content": "",
+      "type": "text/plain"
+    }
+  }
+}