Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: daveshanley/vacuum
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.4.4
Choose a base ref
...
head repository: daveshanley/vacuum
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref

Commits on Nov 9, 2023

  1. Moved doc building to async to speed things up.

    vacuum speeds back up!
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 9, 2023
    Copy the full SHA
    3f2aaba View commit details
  2. bumped deps

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 9, 2023
    Copy the full SHA
    09bd302 View commit details

Commits on Nov 18, 2023

  1. Upgrading linting command to multi-file

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 18, 2023
    Copy the full SHA
    d5fbf0d View commit details
  2. Tuning up experience #361 #367 #334

    - Bad commands and flags are reported now
    - Details view is cleaner and partially supports filepaths
    - Misleading message about passing when using —fail-severity
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 18, 2023
    Copy the full SHA
    e78091f View commit details
  3. Added new message property to override description.

    Supported by all core functions
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 18, 2023
    Copy the full SHA
    90e4c88 View commit details
  4. Adding formatted logging, cleaned some bugs

    bumped latest deps
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 18, 2023
    Copy the full SHA
    e83f435 View commit details
  5. cleaned linting issues and added silent switches back in

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 18, 2023
    Copy the full SHA
    7d152ec View commit details
  6. updated readme with 0.5.0 details

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 18, 2023
    Copy the full SHA
    c604716 View commit details

Commits on Nov 26, 2023

  1. tuning vacuum experience

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 26, 2023
    Copy the full SHA
    efb6219 View commit details
  2. Added another gate to examples function

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 26, 2023
    Copy the full SHA
    39a3aa1 View commit details
  3. added file details extracted from rolodex.

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 26, 2023
    Copy the full SHA
    5b9771f View commit details
  4. bumped deps

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 26, 2023
    Copy the full SHA
    39c79e0 View commit details
  5. stopped dual resolver work

    even faster now!
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 26, 2023
    Copy the full SHA
    41fe14b View commit details
  6. added timeout for statistics test

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 26, 2023
    Copy the full SHA
    a66b58e View commit details
  7. cleaned up html_report test and re-enabled tests in pipeline

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 26, 2023
    Copy the full SHA
    1a670fb View commit details
  8. cleaned test for pipeline

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 26, 2023
    Copy the full SHA
    a182bc7 View commit details
  9. bumped deps to latest libopenapi beta to check pipeline

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 26, 2023
    Copy the full SHA
    500a65e View commit details
  10. updated deps and ready to release

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 26, 2023
    Copy the full SHA
    dc39c62 View commit details

Commits on Nov 29, 2023

  1. fixed glitch where file references are not autoresolved

    they should always be autoresolved, remote is permanently set to on.
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 29, 2023
    Copy the full SHA
    65b32ef View commit details
  2. Update README.md

    Abdallah Abedraba authored and daveshanley committed Nov 29, 2023
    Copy the full SHA
    43de1f4 View commit details

Commits on Nov 30, 2023

  1. Fixed glitch with html-report

    Also updated deps.
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 30, 2023
    Copy the full SHA
    e3f41ea View commit details
  2. ran prettier

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 30, 2023
    Copy the full SHA
    418f3fb View commit details
  3. updated libopenapi to solve a stack overflow issue

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Nov 30, 2023
    Copy the full SHA
    16e2a25 View commit details

Commits on Dec 1, 2023

  1. updated libopenapi

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 1, 2023
    Copy the full SHA
    630aeaa View commit details

Commits on Dec 3, 2023

  1. updated libopenapi

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 3, 2023
    Copy the full SHA
    829661d View commit details
  2. Added circular errors for resolver when they spin out of control

    when paths go nuts, vacuum will catch it.
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 3, 2023
    Copy the full SHA
    af9879a View commit details
  3. extracted circular referenences back out

    just general better handling of circular references from libopenapi
    
    also added a `debug` flag to allow log debugging to be turned on for the `lint` command.
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 3, 2023
    Copy the full SHA
    ab09d18 View commit details

Commits on Dec 4, 2023

  1. Updated to latest libopenapi

    fixes resolving issues with deeply nested exploded files.
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 4, 2023
    Copy the full SHA
    78e687d View commit details

Commits on Dec 7, 2023

  1. allow lookups to be performed correctly

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 7, 2023
    Copy the full SHA
    f8bff51 View commit details

Commits on Dec 12, 2023

  1. updated libopenapi versions.

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 12, 2023
    Copy the full SHA
    2c4d20d View commit details

Commits on Dec 13, 2023

  1. Added base remote ruleset capability

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 13, 2023
    Copy the full SHA
    cf4cc80 View commit details
  2. Added local file support for extending rulesets.

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 13, 2023
    Copy the full SHA
    df41dd3 View commit details
  3. cleaned up linting issues

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 13, 2023
    Copy the full SHA
    c6d0988 View commit details
  4. added variation for yaml file extension.

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 13, 2023
    Copy the full SHA
    3731ddc View commit details
  5. Fixed example custom ruleset.

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 13, 2023
    Copy the full SHA
    40f2189 View commit details
  6. Added new -m and -b banner flags for lint #278

    The banner can now be disabled using the `-b`  or `—no-banner` flag, as well as the message output (when using `-d`) can be disabled with the `-m` or the `—no-message` flags.
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 13, 2023
    Copy the full SHA
    7478bab View commit details
  7. addressed #284

    moved down to a warning.
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 13, 2023
    Copy the full SHA
    d5f0ea3 View commit details
  8. New -a / —all-results flag enables all result output #293

    Want to see everything when using `-d`, well now you can.
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 13, 2023
    Copy the full SHA
    3389e98 View commit details
  9. message now overrides all core function messages #318

    By adding a ‘message` property to a rule that uses a core function, any violations for that rule, will use the supplied message completely, vs the default output built into vacuum for that core function. This gives complete control over the message presented to users who violate the rule.
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 13, 2023
    Copy the full SHA
    96a7e48 View commit details
  10. fixed formatting and casing function

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 13, 2023
    Copy the full SHA
    2f41083 View commit details
  11. Added a version command #377

    As I was cleaning up the docs, I noticed that a `version` command would go down well.
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 13, 2023
    Copy the full SHA
    af6b2c1 View commit details
  12. updated readme

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 13, 2023
    Copy the full SHA
    936075b View commit details

Commits on Dec 15, 2023

  1. Copy the full SHA
    976fd89 View commit details
  2. feature: upgrade to libopenapi with orderedmap support (#386)

    * feature: upgrade to libopenapi with orderedmap support
    
    * fix: tests
    
    * chore: update dependencies
    
    * chore: update dependencies
    
    * chore: update dependency to main branch
    
    * chore: update dependencies
    TristanSpeakEasy authored Dec 15, 2023
    Copy the full SHA
    79497b0 View commit details

Commits on Dec 19, 2023

  1. Fixed issue reported in #400

    When using the `-k` flag, vacuum was performing a directory suck of every file in the the working directory and down, and performing an index on everything.
    
    This is not desired behavior out of the box.
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 19, 2023
    Copy the full SHA
    9135313 View commit details
  2. bumped deps

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 19, 2023
    Copy the full SHA
    fd07988 View commit details

Commits on Dec 20, 2023

  1. Fixed zuplo link

    Fixes the zuplo sponsorship link
    ntotten authored and daveshanley committed Dec 20, 2023
    Copy the full SHA
    431ac35 View commit details
  2. Added timeout feature to prevent runaway linting

    A default five second timeout stops rules that are stuck, can be controlled via linting timeout.root.go
    
    `-g` flag or `—timeout`
    
    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 20, 2023
    Copy the full SHA
    17468ea View commit details
  3. fixed go.mod

    Signed-off-by: quobix <dave@quobix.com>
    daveshanley committed Dec 20, 2023
    Copy the full SHA
    40f3484 View commit details

Commits on Jan 4, 2024

  1. Update README.md

    Removed unnecessary backticks
    volovikariel authored and daveshanley committed Jan 4, 2024
    Copy the full SHA
    5fee442 View commit details
Showing with 16,263 additions and 4,968 deletions.
  1. +3 −0 .dockerignore
  2. BIN .github/sponsors/zuplo-dark.png
  3. BIN .github/sponsors/zuplo-light.png
  4. +9 −7 .github/workflows/build.yaml
  5. +12 −4 .github/workflows/publish.yaml
  6. +27 −0 .gitignore
  7. +1 −1 .goreleaser.yaml
  8. +2 −2 Dockerfile
  9. +164 −14 README.md
  10. +6 −8 benchmarks/html_report_test.go
  11. +30 −3 cmd/build_results.go
  12. +2 −2 cmd/build_results_test.go
  13. +153 −0 cmd/bundle.go
  14. +13 −2 cmd/dashboard.go
  15. +120 −0 cmd/generate_ignorefile.go
  16. +57 −0 cmd/generate_ignorefile_test.go
  17. +7 −3 cmd/generate_ruleset.go
  18. +11 −8 cmd/html_report.go
  19. +92 −0 cmd/language_server.go
  20. +484 −141 cmd/lint.go
  21. +72 −0 cmd/lint_test.go
  22. +32 −22 cmd/root.go
  23. +30 −8 cmd/shared_functions.go
  24. +1 −1 cmd/shared_functions_test.go
  25. +27 −6 cmd/spectral_report.go
  26. +303 −0 cmd/test_data/vacuum-report.json
  27. +57 −10 cmd/vacuum_report.go
  28. +38 −0 cmd/vacuum_report_test.go
  29. +23 −0 cmd/version.go
  30. +15 −4 cui/dashboard.go
  31. +151 −28 functions/core/alphabetical.go
  32. +5 −0 functions/core/blank.go
  33. +103 −33 functions/core/casing.go
  34. +138 −0 functions/core/casing_test.go
  35. +48 −5 functions/core/defined.go
  36. +88 −5 functions/core/defined_test.go
  37. +44 −7 functions/core/enumeration.go
  38. +42 −5 functions/core/falsy.go
  39. +14 −1 functions/core/falsy_test.go
  40. +105 −37 functions/core/length.go
  41. +47 −2 functions/core/length_test.go
  42. +124 −24 functions/core/pattern.go
  43. +24 −0 functions/core/pattern_test.go
  44. +130 −20 functions/core/schema.go
  45. +4 −4 functions/core/schema_test.go
  46. +66 −12 functions/core/truthy.go
  47. +37 −6 functions/core/truthy_test.go
  48. +43 −8 functions/core/undefined.go
  49. +31 −2 functions/core/undefined_test.go
  50. +40 −8 functions/core/xor.go
  51. +31 −3 functions/functions.go
  52. +1 −1 functions/functions_test.go
  53. +158 −34 functions/openapi/component_descriptions.go
  54. +19 −5 functions/openapi/component_descriptions_test.go
  55. +21 −13 functions/openapi/description_duplication.go
  56. +1 −1 functions/openapi/description_duplication_test.go
  57. +28 −17 functions/openapi/duplicated_enum_entry.go
  58. +32 −22 functions/openapi/duplicated_enum_test.go
  59. +0 −726 functions/openapi/examples.go
  60. +104 −0 functions/openapi/examples_external_val.go
  61. +196 −0 functions/openapi/examples_external_val_test.go
  62. +387 −0 functions/openapi/examples_missing.go
  63. +357 −0 functions/openapi/examples_missing_test.go
  64. +266 −0 functions/openapi/examples_schema.go
  65. +507 −0 functions/openapi/examples_schema_test.go
  66. +0 −709 functions/openapi/examples_test.go
  67. +13 −7 functions/openapi/formdata_consume_check.go
  68. +1 −1 functions/openapi/formdata_consume_check_test.go
  69. +53 −0 functions/openapi/info_contact.go
  70. +86 −0 functions/openapi/info_contact_properties.go
  71. +53 −0 functions/openapi/info_description.go
  72. +53 −0 functions/openapi/info_license.go
  73. +53 −0 functions/openapi/info_license_url.go
  74. +53 −0 functions/openapi/info_license_urlspdx.go
  75. +46 −0 functions/openapi/info_license_urlspdx_test.go
  76. +13 −6 functions/openapi/no_ambiguous_paths.go
  77. +1 −1 functions/openapi/no_ambiguous_paths_test.go
  78. +19 −2 functions/openapi/no_eval_descriptions.go
  79. +1 −1 functions/openapi/no_eval_descriptions_test.go
  80. +9 −3 functions/openapi/no_http_verbs_in_path.go
  81. +8 −2 functions/openapi/no_ref_siblings.go
  82. +1 −1 functions/openapi/no_ref_siblings_test.go
  83. +72 −0 functions/openapi/no_request_body.go
  84. +147 −0 functions/openapi/no_request_body_test.go
  85. +10 −4 functions/openapi/oas2_discriminator.go
  86. +1 −1 functions/openapi/oas2_discriminator_test.go
  87. +12 −9 functions/openapi/oas2_operation_security_defined.go
  88. +1 −1 functions/openapi/oas2_operation_security_defined_test.go
  89. +67 −0 functions/openapi/oas_no_ref_siblings.go
  90. +264 −0 functions/openapi/oas_ref_siblings_test.go
  91. +42 −9 functions/openapi/oas_schema.go
  92. +1 −1 functions/openapi/oas_schema_test.go
  93. +19 −13 functions/openapi/openapi_api_servers.go
  94. +1 −1 functions/openapi/openapi_api_servers_test.go
  95. +2 −1 functions/openapi/openapi_utils.go
  96. +39 −37 functions/openapi/operation_4x_response.go
  97. +53 −29 functions/openapi/operation_4x_response_test.go
  98. +131 −130 functions/openapi/operation_descriptions.go
  99. +165 −118 functions/openapi/operation_descriptions_test.go
  100. +32 −20 functions/openapi/operation_id.go
  101. +34 −20 functions/openapi/operation_id_test.go
  102. +15 −9 functions/openapi/operation_parameters.go
  103. +6 −6 functions/openapi/operation_parameters_test.go
  104. +14 −19 functions/openapi/operation_security_defined.go
  105. +1 −1 functions/openapi/operation_security_defined_test.go
  106. +9 −4 functions/openapi/operation_single_tag.go
  107. +1 −1 functions/openapi/operation_single_tag_test.go
  108. +36 −70 functions/openapi/operation_tag_defined.go
  109. +20 −13 functions/openapi/operation_tag_defined_test.go
  110. +28 −68 functions/openapi/operation_tags.go
  111. +104 −70 functions/openapi/operation_tags_test.go
  112. +12 −6 functions/openapi/parameter_description.go
  113. +1 −1 functions/openapi/parameter_description_test.go
  114. +62 −0 functions/openapi/path_item_ref.go
  115. +48 −0 functions/openapi/path_item_ref_test.go
  116. +37 −56 functions/openapi/path_parameters.go
  117. +67 −1 functions/openapi/path_parameters_test.go
  118. +40 −25 functions/openapi/paths_kebab_case.go
  119. +12 −8 functions/openapi/paths_kebab_case_test.go
  120. +8 −2 functions/openapi/polymorphic_anyOf.go
  121. +1 −1 functions/openapi/polymorphic_anyOf_test.go
  122. +8 −2 functions/openapi/polymorphic_oneOf.go
  123. +1 −1 functions/openapi/polymorphic_oneOf_test.go
  124. +20 −13 functions/openapi/post_response_success.go
  125. +3 −3 functions/openapi/post_response_success_test.go
  126. +354 −0 functions/openapi/schema_type.go
  127. +1,223 −0 functions/openapi/schema_type_test.go
  128. +12 −7 functions/openapi/success_response.go
  129. +4 −4 functions/openapi/success_response_test.go
  130. +55 −0 functions/openapi/tag_description.go
  131. +8 −2 functions/openapi/typed_enum.go
  132. +1 −1 functions/openapi/typed_enum_test.go
  133. +9 −4 functions/openapi/unique_operation_id.go
  134. +1 −1 functions/openapi/unique_operation_id_test.go
  135. +42 −10 functions/openapi/unused_component.go
  136. +87 −91 functions/openapi/unused_component_test.go
  137. +71 −0 functions/owasp/additional_properties_constrained.go
  138. +133 −0 functions/owasp/additional_properties_constrained_test.go
  139. +52 −0 functions/owasp/array_limit.go
  140. +90 −0 functions/owasp/array_limit_test.go
  141. +58 −0 functions/owasp/auth_insecure_schemes.go
  142. +88 −0 functions/owasp/auth_insecure_schemes_test.go
  143. +126 −0 functions/owasp/check_error_response.go
  144. +155 −0 functions/owasp/check_error_response_test.go
  145. +125 −104 functions/owasp/check_security.go
  146. +256 −8 functions/owasp/check_security_test.go
  147. +87 −21 functions/owasp/define_error_definition.go
  148. +24 −3 functions/owasp/define_error_definition_test.go
  149. +101 −56 functions/owasp/header_definition.go
  150. +98 −27 functions/owasp/header_definition_test.go
  151. +52 −0 functions/owasp/hosts_https.go
  152. +79 −0 functions/owasp/hosts_https_test.go
  153. +56 −0 functions/owasp/integer_format.go
  154. +137 −0 functions/owasp/integer_format_test.go
  155. +111 −0 functions/owasp/integer_limit.go
  156. +231 −0 functions/owasp/integer_limit_test.go
  157. +62 −0 functions/owasp/jwt_best_practice.go
  158. +121 −0 functions/owasp/jwt_best_practice_test.go
  159. +55 −0 functions/owasp/no_additional_properties.go
  160. +159 −0 functions/owasp/no_additional_properties_test.go
  161. +61 −0 functions/owasp/no_api_key_url.go
  162. +91 −0 functions/owasp/no_api_key_url_test.go
  163. +58 −0 functions/owasp/no_basic_auth.go
  164. +90 −0 functions/owasp/no_basic_auth_test.go
  165. +61 −0 functions/owasp/no_credentials_in_url.go
  166. +100 −0 functions/owasp/no_credentials_in_url_test.go
  167. +66 −0 functions/owasp/no_numeric_ids.go
  168. +167 −0 functions/owasp/no_numeric_ids_test.go
  169. +81 −0 functions/owasp/ratelimit_retry_429.go
  170. +97 −0 functions/owasp/ratelimit_retry_429_test.go
  171. +53 −0 functions/owasp/string_limit.go
  172. +128 −0 functions/owasp/string_limit_test.go
  173. +57 −0 functions/owasp/string_restricted.go
  174. +90 −0 functions/owasp/string_restricted_test.go
  175. +52 −32 go.mod
  176. +112 −457 go.sum
  177. +16 −4 html-report/build_report.go
  178. +3 −3 html-report/build_report_test.go
  179. +4 −4 html-report/templates/header.gohtml
  180. +1 −1 html-report/templates/report-template.gohtml
  181. +2 −2 html-report/ui/build/static/js/vacuumReport.js
  182. +12 −4 html-report/ui/src/components/html-report/category-rules/category-rule-component.ts
  183. +70 −0 language-server/config.go
  184. +49 −0 language-server/document.go
  185. +198 −0 language-server/server.go
  186. +9 −0 model/functions.go
  187. +57 −10 model/results.go
  188. +24 −13 model/rules.go
  189. +7 −3 model/rules_test.go
  190. +6 −0 model/test_files/burgershop.ignorefile.yaml
  191. +2 −2 model/test_files/circular-tests.yaml
  192. +2 −2 model/test_files/mixedref-burgershop.openapi.yaml
  193. +47 −1 model/utils.go
  194. +8 −0 model/utils_test.go
  195. +5 −2 motor/build_rolodex.go
  196. +519 −98 motor/rule_applicator.go
  197. +239 −32 motor/rule_applicator_test.go
  198. +1 −1 motor/rule_tests/openapi_rule_test.go
  199. +0 −21 motor/rule_tests/owasp_tests/array_limit_test.go
  200. +1 −1 motor/rule_tests/owasp_tests/auth_insecure_schemes_test.go
  201. +35 −0 motor/rule_tests/owasp_tests/contrained_additional_properties_test.go
  202. +3 −1 motor/rule_tests/owasp_tests/define_error_responses_401_test.go
  203. +3 −1 motor/rule_tests/owasp_tests/define_error_responses_429_test.go
  204. +3 −1 motor/rule_tests/owasp_tests/define_error_responses_500_test.go
  205. +13 −13 motor/rule_tests/owasp_tests/integer_format_test.go
  206. +122 −131 motor/rule_tests/owasp_tests/integer_limit_legacy_test.go
  207. +0 −11 motor/rule_tests/owasp_tests/no_additional_properties_test.go
  208. +1 −1 motor/rule_tests/owasp_tests/no_http_basic_test.go
  209. +115 −124 motor/rule_tests/owasp_tests/security_hosts_https_oas_2_test.go
  210. +0 −4 motor/rule_tests/owasp_tests/security_hosts_https_oas_3_test.go
  211. +0 −19 motor/rule_tests/owasp_tests/string_limit_test.go
  212. +0 −30 motor/rule_tests/owasp_tests/string_restricted_test.go
  213. +54 −16 parser/json_schema.go
  214. +11 −12 parser/json_schema_test.go
  215. +32 −13 plugin/javascript/js_plugin.go
  216. +7 −5 plugin/plugin_loader.go
  217. +5 −5 plugin/plugin_loader_test.go
  218. +1 −1 plugin/sample/README.md
  219. +5 −1 plugin/sample/check_single_path.go
  220. +31 −30 plugin/sample/go.mod
  221. +75 −79 plugin/sample/go.sum
  222. +5 −1 plugin/sample/useless_func.go
  223. +2 −1 rulesets/examples/custom-ruleset.yaml
  224. +1 −1 rulesets/examples/specific-ruleset.yaml
  225. +112 −541 rulesets/owasp_ruleset_functions.go
  226. +197 −0 rulesets/remote_ruleset.go
  227. +44 −0 rulesets/remote_ruleset_test.go
  228. +13 −0 rulesets/rule_fixes.go
  229. +189 −43 rulesets/ruleset_functions.go
  230. +132 −34 rulesets/rulesets.go
  231. +444 −5 rulesets/rulesets_test.go
  232. +153 −0 rulesets/schemas/rule.schema.json
  233. +12 −0 statistics/statistics.go
  234. +29 −13 statistics/statistics_test.go
  235. +11 −0 utils/check_property.go
  236. +20 −0 utils/end_node.go
  237. +40 −0 utils/lint_file_request.go
  238. +74 −15 vacuum-report/junit.go
  239. +2 −2 vacuum-report/junit_test.go
  240. +2 −0 vacuum-report/vacuum_report.go
  241. +3 −0 vacuum.go
3 changes: 3 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
ui/dist
go.work
go.work.sum
Binary file modified .github/sponsors/zuplo-dark.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified .github/sponsors/zuplo-light.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
16 changes: 9 additions & 7 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
@@ -16,11 +16,15 @@ jobs:
- name: Set up Go 1.x
uses: actions/setup-go@v3
with:
go-version: 1.21
go-version: 1.23
id: go

- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 50
fetch-tags: true
show-progress: true

- name: Check go mod tidy is up to date
run: go mod tidy && git diff --exit-code
@@ -32,18 +36,16 @@ jobs:
curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
dep ensure
fi
- name: Test
run: go test ./...
- name: Build
run: make build
- name: Clean modcache
run: go clean -modcache
- name: Lint
uses: golangci/golangci-lint-action@v2

build-report-ui:
runs-on: ubuntu-20.04
strategy:
matrix:
node-version: [ 16.x ]
node-version: [ 20.x ]
steps:
- uses: actions/checkout@v3
name: Checkout repository
16 changes: 12 additions & 4 deletions .github/workflows/publish.yaml
Original file line number Diff line number Diff line change
@@ -22,10 +22,10 @@ jobs:
go-version: 1.21

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4
uses: goreleaser/goreleaser-action@v5
with:
version: latest
args: release --rm-dist
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GH_PAT }}

@@ -36,7 +36,11 @@ jobs:

steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v4
with:
fetch-depth: 50
fetch-tags: true
show-progress: true

- name: Set version
id: vars
@@ -77,7 +81,11 @@ jobs:
contents: read
steps:
- name: Check out the repo
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 50
fetch-tags: true
show-progress: true

- name: Log in to Docker Hub
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
27 changes: 27 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# If you prefer the allow list template instead of the deny list, see community template:
# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
#
# Binaries for programs and plugins
*.exe
*.exe~
*.dll
*.so
*.dylib

# Test binary, built with `go test -c`
*.test

# Output of the go coverage tool, specifically when used with LiteIDE
*.out

# Dependency directories (remove the comment below to include it)
vendor/

# Go workspace file
go.work
go.work.sum

# env file
.env

/bin
2 changes: 1 addition & 1 deletion .goreleaser.yaml
Original file line number Diff line number Diff line change
@@ -28,7 +28,7 @@ changelog:
- '^docs:'
- '^test:'
brews:
- tap:
- repository:
owner: daveshanley
name: homebrew-vacuum

4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.21
FROM golang:1.23

RUN mkdir -p /opt/vacuum

@@ -7,7 +7,7 @@ WORKDIR /opt/vacuum
COPY . ./

RUN go mod download && go mod verify
RUN go build -ldflags="-w -s" -v -o /vacuum vacuum.go
RUN go build -ldflags="-w -s -X 'main.version=$(git describe --tags --abbrev=0)' -X 'main.date=$(date +%Y-%m-%dT%TZ)'" -v -o /vacuum vacuum.go

FROM debian:bookworm-slim

178 changes: 164 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
@@ -56,6 +56,13 @@ Alternatively, you can pull it from
[Github packages](https://github.com/daveshanley/vacuum/pkgs/container/vacuum).
To do that, replace `dshanley/vacuum` with `ghcr.io/daveshanley/vacuum` in the above commands.

## Run with Go

If you have go >= 1.16 installed, you can use `go run` to build and run it:

```
go run github.com/daveshanley/vacuum@latest lint <your-openapi-spec.yaml>
```

---

@@ -83,17 +90,6 @@ like our _very kind_ sponsors:

[scalar](https://scalar.com)

<a href="https://zuplo.com">
<picture>
<source media="(prefers-color-scheme: dark)" srcset=".github/sponsors/zuplo-dark.png">
<img alt="scalar" src=".github/sponsors/zuplo-light.png">
</picture>
</a>

[zuplo](https://zuplo.com)



---

## Come chat with us
@@ -103,8 +99,118 @@ come say hi!

## Documentation

🔥 **New in** `v0.16+` 🔥 : **JSON 9535 Compliant**.

vacuum now expects JSON Path Queries to be [RFC 9535](https://www.rfc-editor.org/rfc/rfc9535) compliant. Finally standardized!

---

`v0.15+`: **Fixes, New Rules, Functions and Command**.

There is a new command `generate-ignorefile` that will generate an ignore file from a linting report.

New rule `no-request-body` checks for incorrect request bodies in operations, and `path-item-refs` checks for
$refs being used in path items.

---

v0.14+`: **Engine Speedup**.

**Speed!** We've made some significant improvements to how efficiently large documents are walked
Which means vacuum is now faster than ever.

---

`v0.12+` : Core functions support JSON Path.

Now all **core** functions return the **correct and accurate JSON path for each linting result**. Previously this was not possible
at all, but with some clever engineering, we have made it happen. It's a small thing, but with huge impact.

This feature has been available on the OpenAPI functions for some time, however core functions were without a comparison.
But no more! core functions have joined the party.

A new `--no-clip` flag is available on the `lint` command. This prevents message/path truncation.

---

`v0.11+`: Ignore Linting Errors/Violations.

v0.11 introduces the ability to ignore specific linting errors. This is useful for when you want to implement new
rules to existing production APIs. In some cases, correcting the lint errors would result in a breaking change.

Having a way to ignore these errors allows you to implement the new rules for new APIs while maintaining
backwards compatibility for existing ones.

[Learn more about ignoring violations](https://quobix.com/vacuum/ignoring/)

---

`v0.10+` : **Quality release**.

v0.10 is a quality release, with a number of fixes and improvements to rule schemas, function names and more.
vacuum now powers [The OpenAPI doctor](https://pb33f.io/doctor/). To enable correct ruleset management and automation
a number of functions have been renamed, interfaces have been upgraded and rule functions schemas are now accurate.

This is a breaking change for anyone using vacuum as a library with custom rules.

---

`v0.9+` : **Built in Language Server**.

A new command is available `language-server`. This starts vacuum as an LSP compatible language server. Run vacuum
in your favorite IDE and get linting and validation as you type, in realtime.

Will support any LSP compatible editor, like VSCode, Sublime, vim, etc.

[Install the VSCode extension](https://marketplace.visualstudio.com/items?itemName=pb33f.vacuum)
[Learn more about the language-server command](https://quobix.com/vacuum/commands/language-server/)

---

`v0.8+` : **OpenAPI Bundler**.

A new command is available `bundle` will bundle all external references for an OpenAPI file into a single file.

[Learn more about the bundle command](https://quobix.com/vacuum/commands/bundle/)

A new linting rule is available `oas-schema-check` will perform type checks and validation on all schemas in your
OpenAPI file. It's enabled by default in the recommended ruleset.

[oas-schema-check rule docs](https://quobix.com/vacuum/rules/schemas/oas-schema-check/)

---

`v0.7+` : **Hard Mode**.

Want to lint your spec with the most strict ruleset possible? Now you can! Use the `-z` / `--hard-mode` flag to enable

---

`v0.6+` : **Sharable / distributed rulesets** now available.

Want to share / extend / distribute your own rulesets? Now you can!

[Learn more about sharable rulesets](https://quobix.com/vacuum/rulesets/sharing/)

---

`v0.5+` : **Multi-file linting** now available for the `lint` command.

Want to lint multiple files at once? Now you can!

```shell
vacuum lint file1.json path/to/file2.yaml file3.json
```

Want to suck in a ton of files? Use a **glob** pattern!

```shell
vacuum lint some/path/**/*.yaml
```


---
🔥 **New in** `v0.3.0+` 🔥 : [Custom JavaScript Functions](https://quobix.com/vacuum/api/custom-javascript-functions/) are now available out of the box.
`v0.3+`: [Custom JavaScript Functions](https://quobix.com/vacuum/api/custom-javascript-functions/) are now available out of the box.

Write custom functions in JavaScript and use them in any ruleset. No need
to compile golang code to extend vacuum anymore!
@@ -113,7 +219,7 @@ to compile golang code to extend vacuum anymore!


---
**New in** `v0.2.0+`: [OWASP API rules](https://quobix.com/vacuum/rules/owasp/) are now available out of the box.
`v0.2+`: [OWASP API rules](https://quobix.com/vacuum/rules/owasp/) are now available out of the box.

[Learn more about enabling OWASP API rules](https://quobix.com/vacuum/rulesets/owasp/).

@@ -133,6 +239,7 @@ See all the documentation at https://quobix.com/vacuum
- [vacuum report](https://quobix.com/vacuum/commands/report/)
- [dashboard](https://quobix.com/vacuum/commands/dashboard/)
- [html-report](https://quobix.com/vacuum/commands/html-report/)
- [bundle](https://quobix.com/vacuum/commands/bundle/)
- [spectral-report](https://quobix.com/vacuum/commands/spectral-report/)
- [Developer API](https://quobix.com/vacuum/api/getting-started/)
- [Using The Index](https://quobix.com/vacuum/api/spec-index/)
@@ -156,14 +263,15 @@ See all the documentation at https://quobix.com/vacuum
- [OpenAPI Functions](https://quobix.com/vacuum/functions/openapi/)
- [OWASP Functions](https://quobix.com/vacuum/functions/owasp/)
- [Understanding RuleSets](https://quobix.com/vacuum/rulesets/understanding/)
- [Sharing RuleSets](https://quobix.com/vacuum/rulesets/sharing/)
- [All Rules](https://quobix.com/vacuum/rulesets/all/)
- [No Rules](https://quobix.com/vacuum/rulesets/no-rules/)
- [Recommended Rules](https://quobix.com/vacuum/rulesets/recommended/)
- [Custom Rules](https://quobix.com/vacuum/rulesets/custom-rulesets/)

---

> **vacuum can suck all the lint of a 5mb OpenAPI spec in about 230ms.**
> **vacuum can suck all the lint of a 5mb OpenAPI spec in milliseconds.**
Designed to reliably lint OpenAPI specifications, **very, very quickly**. Including _very large_ ones. Spectral can be quite slow
when used as an API and does not scale for enterprise applications.
@@ -230,6 +338,19 @@ in your favorite browser and explore the results.
./vacuum lint -d <your-openapi-spec.yaml>
```
## Lint multiple files at once
```
./vacuum lint -d <spec1.yaml> <spec2.yaml> <spec3.yaml>
```
## Lint multiple files using a glob pattern
```
./vacuum lint -d some/path/**/*.yaml
```
## See full linting report with inline code snippets
```
@@ -290,6 +411,35 @@ recognizes a compressed report file and will deal with it automatically when rea
> When using compression, the file name will be `vacuum-report-MM-DD-YY-HH_MM_SS.json.gz`. vacuum uses gzip internally.
## Ignoring specific linting errors
You can ignore specific linting errors by providing an `--ignore-file` argument to the `lint` and `report` commands.
```
./vacuum lint --ignore-file <path-to-ignore-file.yaml> -d <your-openapi-spec.yaml>
```
```
./vacuum report --ignore-file <path-to-ignore-file.yaml> -c <your-openapi-spec.yaml> <report-prefix>
```
The ignore-file should point to a .yaml file that contains a list of errors to be ignored by vacuum. The structure of the
yaml file is as follows:
```
<rule-id-1>:
- <json_path_to_error_or_warning_1>
- <json_path_to_error_or_warning_2>
<rule-id-2>:
- <json_path_to_error_or_warning_1>
- <json_path_to_error_or_warning_2>
...
```
Ignoring errors is useful for when you want to implement new rules to existing production APIs. In some cases,
correcting the lint errors would result in a breaking change. Having a way to ignore these errors allows you to implement
the new rules for new APIs while maintaining backwards compatibility for existing ones.
---
## Try out the dashboard
Loading