feat: Add new linter to multiple success reponse codes

en-milie · en-milie · commit 12d2c5cbccd0 · 2025-05-22T22:07:48.000+03:00
diff --git a/src/main/java/com/endava/cats/fuzzer/contract/MultipleSuccessCodesLinterFuzzer.java b/src/main/java/com/endava/cats/fuzzer/contract/MultipleSuccessCodesLinterFuzzer.java
@@ -0,0 +1,64 @@
+package com.endava.cats.fuzzer.contract;
+
+import com.endava.cats.annotations.LinterFuzzer;
+import com.endava.cats.http.HttpMethod;
+import com.endava.cats.model.FuzzingData;
+import com.endava.cats.report.TestCaseListener;
+import io.github.ludovicianul.prettylogger.PrettyLogger;
+import io.github.ludovicianul.prettylogger.PrettyLoggerFactory;
+import io.swagger.v3.oas.models.Operation;
+import jakarta.inject.Singleton;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@LinterFuzzer
+@Singleton
+public class MultipleSuccessCodesLinterFuzzer extends BaseLinterFuzzer {
+    private final PrettyLogger log = PrettyLoggerFactory.getLogger(this.getClass());
+
+    public MultipleSuccessCodesLinterFuzzer(TestCaseListener tcl) {
+        super(tcl);
+    }
+
+    @Override
+    public void process(FuzzingData data) {
+        testCaseListener.addScenario(log, "Check if an operation defines more than one success (2xx) status code");
+        testCaseListener.addExpectedResult(log, "Each operation should ideally define a single 2xx response for clarity and predictability");
+
+        List<String> violations = new ArrayList<>();
+        Operation operation = HttpMethod.getOperation(data.getMethod(), data.getPathItem());
+
+        if (operation.getResponses() != null) {
+            List<String> successCodes = operation.getResponses().keySet().stream()
+                    .filter(code -> code.startsWith("2"))
+                    .toList();
+
+            if (successCodes.size() > 1) {
+                violations.add("Operation defines multiple 2xx status codes: %s"
+                        .formatted(successCodes));
+            }
+        }
+
+        if (!violations.isEmpty()) {
+            testCaseListener.reportResultWarn(
+                    log,
+                    data,
+                    "Multiple 2xx success status codes found",
+                    String.join("\n", violations)
+            );
+        } else {
+            testCaseListener.reportResultInfo(log, data, "Each operation defines at most one success (2xx) response code");
+        }
+    }
+
+    @Override
+    protected String runKey(FuzzingData data) {
+        return data.getPath() + data.getMethod();
+    }
+
+    @Override
+    public String description() {
+        return "flags operations that define more than one 2xx success response, which may cause ambiguity for SDKs and clients";
+    }
+}
diff --git a/src/test/java/com/endava/cats/args/FilterArgumentsTest.java b/src/test/java/com/endava/cats/args/FilterArgumentsTest.java
@@ -78,7 +78,7 @@ void shouldIncludeAllFuzzers() {
         List<String> fuzzers = filterArguments.getFirstPhaseFuzzersForPath();
 
         Assertions.assertThat(fuzzers).contains("LeadingControlCharsInHeadersFuzzer", "LeadingWhitespacesInHeadersFuzzer", "LeadingMultiCodePointEmojisInFieldsTrimValidateFuzzer"
-                , "RemoveFieldsFuzzer", "CheckSecurityHeadersFuzzer").hasSize(158);
+                , "RemoveFieldsFuzzer", "CheckSecurityHeadersFuzzer").hasSize(161);
     }
 
     @Test
@@ -145,7 +145,7 @@ void shouldReturnGetAndDeleteWhenNotHttpMethodSupplied() {
 
     @Test
     void shouldReturnAllRegisteredFuzzers() {
-        Assertions.assertThat(filterArguments.getAllRegisteredFuzzers()).hasSize(163);
+        Assertions.assertThat(filterArguments.getAllRegisteredFuzzers()).hasSize(166);
     }
 
     @Test
diff --git a/src/test/java/com/endava/cats/command/LintCommandTest.java b/src/test/java/com/endava/cats/command/LintCommandTest.java
@@ -45,8 +45,8 @@ void shouldRunContractFuzzers() {
         ReflectionTestUtils.setField(lintCommand, "contract", "src/test/resources/petstore-empty.yml");
 
         lintCommand.run();
-        Assertions.assertThat(filterArguments.getFirstPhaseFuzzersForPath()).hasSize(27);
-        Mockito.verify(testCaseListener, Mockito.times(27)).afterFuzz("/pets/{id}");
+        Assertions.assertThat(filterArguments.getFirstPhaseFuzzersForPath()).hasSize(30);
+        Mockito.verify(testCaseListener, Mockito.times(30)).afterFuzz("/pets/{id}");
     }
 
     @Test
diff --git a/src/test/java/com/endava/cats/fuzzer/contract/MultipleSuccessCodesLinterFuzzerTest.java b/src/test/java/com/endava/cats/fuzzer/contract/MultipleSuccessCodesLinterFuzzerTest.java
@@ -0,0 +1,82 @@
+package com.endava.cats.fuzzer.contract;
+
+import com.endava.cats.args.IgnoreArguments;
+import com.endava.cats.args.ReportingArguments;
+import com.endava.cats.context.CatsGlobalContext;
+import com.endava.cats.http.HttpMethod;
+import com.endava.cats.model.FuzzingData;
+import com.endava.cats.report.ExecutionStatisticsListener;
+import com.endava.cats.report.TestCaseExporter;
+import com.endava.cats.report.TestCaseExporterHtmlJs;
+import com.endava.cats.report.TestCaseListener;
+import io.quarkus.test.junit.QuarkusTest;
+import io.swagger.parser.OpenAPIParser;
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.media.Schema;
+import jakarta.enterprise.inject.Instance;
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.stream.Stream;
+
+@QuarkusTest
+class MultipleSuccessCodesLinterFuzzerTest {
+
+    private TestCaseListener testCaseListener;
+    private MultipleSuccessCodesLinterFuzzer multipleSuccessCodesLinterFuzzer;
+
+    @BeforeEach
+    void setup() {
+        Instance<TestCaseExporter> exporters = Mockito.mock(Instance.class);
+        TestCaseExporter exporter = Mockito.mock(TestCaseExporterHtmlJs.class);
+        Mockito.when(exporters.stream()).thenReturn(Stream.of(exporter));
+        testCaseListener = Mockito.spy(new TestCaseListener(Mockito.mock(CatsGlobalContext.class), Mockito.mock(ExecutionStatisticsListener.class), exporters,
+                Mockito.mock(IgnoreArguments.class), Mockito.mock(ReportingArguments.class)));
+        multipleSuccessCodesLinterFuzzer = new MultipleSuccessCodesLinterFuzzer(testCaseListener);
+    }
+
+    @Test
+    void shouldReportWarn() throws Exception {
+        OpenAPI openAPI = new OpenAPIParser().readContents(Files.readString(Paths.get("src/test/resources/inconsistent-api-2.yml")), null, null).getOpenAPI();
+        FuzzingData data = FuzzingData.builder().openApi(openAPI).method(HttpMethod.PUT).pathItem(openAPI.getPaths().get("/users/{userId}")).build();
+        multipleSuccessCodesLinterFuzzer.fuzz(data);
+
+        Mockito.verify(testCaseListener, Mockito.times(1)).reportResultWarn(Mockito.any(), Mockito.any(), Mockito.eq("Multiple 2xx success status codes found"), Mockito.eq("Operation defines multiple 2xx status codes: [200, 204]"));
+    }
+
+    @Test
+    void shouldReportInfo() throws Exception {
+        OpenAPI openAPI = new OpenAPIParser().readContents(Files.readString(Paths.get("src/test/resources/consistent-api.yml")), null, null).getOpenAPI();
+        FuzzingData data = FuzzingData.builder().openApi(openAPI).method(HttpMethod.POST).pathItem(openAPI.getPaths().get("/pets/states")).reqSchema(new Schema()).build();
+        multipleSuccessCodesLinterFuzzer.fuzz(data);
+
+        Mockito.verify(testCaseListener, Mockito.times(1)).reportResultInfo(Mockito.any(), Mockito.any(), Mockito.eq("Each operation defines at most one success (2xx) response code"));
+    }
+
+    @Test
+    void shouldNotRunOnSecondAttempt() throws Exception {
+        OpenAPI openAPI = new OpenAPIParser().readContents(Files.readString(Paths.get("src/test/resources/consistent-api.yml")), null, null).getOpenAPI();
+        FuzzingData data = FuzzingData.builder().openApi(openAPI).pathItem(openAPI.getPaths().get("/pets/states")).method(HttpMethod.POST).reqSchema(new Schema()).build();
+        multipleSuccessCodesLinterFuzzer.fuzz(data);
+
+        Mockito.verify(testCaseListener, Mockito.times(1)).reportResultInfo(Mockito.any(), Mockito.any(), Mockito.eq("Each operation defines at most one success (2xx) response code"));
+
+        Mockito.reset(testCaseListener);
+        multipleSuccessCodesLinterFuzzer.fuzz(data);
+        Mockito.verify(testCaseListener, Mockito.times(0)).createAndExecuteTest(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any());
+    }
+
+    @Test
+    void shouldReturnSimpleClassNameForToString() {
+        Assertions.assertThat(multipleSuccessCodesLinterFuzzer).hasToString(multipleSuccessCodesLinterFuzzer.getClass().getSimpleName());
+    }
+
+    @Test
+    void shouldReturnMeaningfulDescription() {
+        Assertions.assertThat(multipleSuccessCodesLinterFuzzer.description()).isEqualTo("flags operations that define more than one 2xx success response, which may cause ambiguity for SDKs and clients");
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ void shouldIncludeAllFuzzers() {`
`78`	`78`	`List<String> fuzzers = filterArguments.getFirstPhaseFuzzersForPath();`
`79`	`79`
`80`	`80`	`Assertions.assertThat(fuzzers).contains("LeadingControlCharsInHeadersFuzzer", "LeadingWhitespacesInHeadersFuzzer", "LeadingMultiCodePointEmojisInFieldsTrimValidateFuzzer"`
`81`		`- , "RemoveFieldsFuzzer", "CheckSecurityHeadersFuzzer").hasSize(158);`
	`81`	`+ , "RemoveFieldsFuzzer", "CheckSecurityHeadersFuzzer").hasSize(161);`
`82`	`82`	`}`
`83`	`83`
`84`	`84`	`@Test`
`@@ -145,7 +145,7 @@ void shouldReturnGetAndDeleteWhenNotHttpMethodSupplied() {`
`145`	`145`
`146`	`146`	`@Test`
`147`	`147`	`void shouldReturnAllRegisteredFuzzers() {`
`148`		`- Assertions.assertThat(filterArguments.getAllRegisteredFuzzers()).hasSize(163);`
	`148`	`+ Assertions.assertThat(filterArguments.getAllRegisteredFuzzers()).hasSize(166);`
`149`	`149`	`}`
`150`	`150`
`151`	`151`	`@Test`
Original file line number	Diff line number	Diff line change
`@@ -45,8 +45,8 @@ void shouldRunContractFuzzers() {`
`45`	`45`	`ReflectionTestUtils.setField(lintCommand, "contract", "src/test/resources/petstore-empty.yml");`
`46`	`46`
`47`	`47`	`lintCommand.run();`
`48`		`- Assertions.assertThat(filterArguments.getFirstPhaseFuzzersForPath()).hasSize(27);`
`49`		`- Mockito.verify(testCaseListener, Mockito.times(27)).afterFuzz("/pets/{id}");`
	`48`	`+ Assertions.assertThat(filterArguments.getFirstPhaseFuzzersForPath()).hasSize(30);`
	`49`	`+ Mockito.verify(testCaseListener, Mockito.times(30)).afterFuzz("/pets/{id}");`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`@Test`