feat: Add new linter to check empty response schemas

Author: en-milie

src/main/java/com/endava/cats/fuzzer/contract/EmptyResponseSchemaLinterFuzzer.java

@@ -0,0 +1,89 @@
+package com.endava.cats.fuzzer.contract;
+
+import com.endava.cats.annotations.LinterFuzzer;
+import com.endava.cats.http.HttpMethod;
+import com.endava.cats.model.FuzzingData;
+import com.endava.cats.report.TestCaseListener;
+import com.endava.cats.util.CatsModelUtils;
+import io.github.ludovicianul.prettylogger.PrettyLogger;
+import io.github.ludovicianul.prettylogger.PrettyLoggerFactory;
+import io.swagger.v3.oas.models.Operation;
+import io.swagger.v3.oas.models.media.MediaType;
+import io.swagger.v3.oas.models.responses.ApiResponse;
+import jakarta.inject.Singleton;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+@LinterFuzzer
+@Singleton
+public class EmptyResponseSchemaLinterFuzzer extends BaseLinterFuzzer {
+    private final PrettyLogger log = PrettyLoggerFactory.getLogger(this.getClass());
+    private final List<String> ignoreStatusCodes = List.of("204", "304");
+    private final List<String> ignoreContentTypes = List.of("application/octet-stream", "image/png", "image/jpeg", "application/pdf");
+
+    public EmptyResponseSchemaLinterFuzzer(TestCaseListener tcl) {
+        super(tcl);
+    }
+
+    @Override
+    public void process(FuzzingData data) {
+        testCaseListener.addScenario(log, "Detect empty response schemas (inline) that have no properties, $ref, or allOf/anyOf/oneOf");
+        testCaseListener.addExpectedResult(log, "All response schemas should define properties, use $ref, or include oneOf/allOf/anyOf");
+
+        List<String> violations = new ArrayList<>();
+        Operation operation = HttpMethod.getOperation(data.getMethod(), data.getPathItem());
+
+        if (operation.getResponses() != null) {
+            for (Map.Entry<String, ApiResponse> entry : operation.getResponses().entrySet()) {
+                String status = entry.getKey();
+                ApiResponse response = entry.getValue();
+
+                if (ignoreStatusCodes.contains(status)) {
+                    continue;
+                }
+
+                if (response.getContent() != null) {
+                    for (Map.Entry<String, MediaType> mediaEntry : response.getContent().entrySet()) {
+                        String contentType = mediaEntry.getKey();
+                        MediaType media = mediaEntry.getValue();
+
+                        if (ignoreContentTypes.contains(contentType)) {
+                            continue;
+                        }
+
+                        if (media.getSchema() != null && CatsModelUtils.isEmptyObjectSchema(media.getSchema())) {
+                            violations.add("Response schema on response %s is an empty object".formatted(status));
+                        }
+                    }
+                } else {
+                    violations.add("Response %s does not define any content".formatted(status));
+                }
+            }
+        }
+
+        if (!violations.isEmpty()) {
+            testCaseListener.reportResultWarn(
+                    log,
+                    data,
+                    "Empty response schemas found",
+                    String.join("\n", violations)
+            );
+        } else {
+            testCaseListener.reportResultInfo(log, data, "All response schemas define properties, $ref, or structural composition");
+        }
+    }
+
+
+    @Override
+    protected String runKey(FuzzingData data) {
+        return data.getPath() + data.getMethod();
+    }
+
+    @Override
+    public String description() {
+        return "detects response schemas that define neither properties, $ref, nor structural composition (oneOf, anyOf, allOf)";
+    }
+}
+

src/test/java/com/endava/cats/fuzzer/contract/EmptyResponseSchemaLinterFuzzerTest.java

@@ -0,0 +1,91 @@
+package com.endava.cats.fuzzer.contract;
+
+import com.endava.cats.args.IgnoreArguments;
+import com.endava.cats.args.ReportingArguments;
+import com.endava.cats.context.CatsGlobalContext;
+import com.endava.cats.http.HttpMethod;
+import com.endava.cats.model.FuzzingData;
+import com.endava.cats.report.ExecutionStatisticsListener;
+import com.endava.cats.report.TestCaseExporter;
+import com.endava.cats.report.TestCaseExporterHtmlJs;
+import com.endava.cats.report.TestCaseListener;
+import io.quarkus.test.junit.QuarkusTest;
+import io.swagger.parser.OpenAPIParser;
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.media.Schema;
+import jakarta.enterprise.inject.Instance;
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.stream.Stream;
+
+@QuarkusTest
+class EmptyResponseSchemaLinterFuzzerTest {
+
+    private TestCaseListener testCaseListener;
+    private EmptyResponseSchemaLinterFuzzer emptyResponseSchemaLinterFuzzer;
+
+    @BeforeEach
+    void setup() {
+        Instance<TestCaseExporter> exporters = Mockito.mock(Instance.class);
+        TestCaseExporter exporter = Mockito.mock(TestCaseExporterHtmlJs.class);
+        Mockito.when(exporters.stream()).thenReturn(Stream.of(exporter));
+        testCaseListener = Mockito.spy(new TestCaseListener(Mockito.mock(CatsGlobalContext.class), Mockito.mock(ExecutionStatisticsListener.class), exporters,
+                Mockito.mock(IgnoreArguments.class), Mockito.mock(ReportingArguments.class)));
+        emptyResponseSchemaLinterFuzzer = new EmptyResponseSchemaLinterFuzzer(testCaseListener);
+    }
+
+    @Test
+    void shouldReportWarnWhenNoContent() throws Exception {
+        OpenAPI openAPI = new OpenAPIParser().readContents(Files.readString(Paths.get("src/test/resources/inconsistent-api-2.yml")), null, null).getOpenAPI();
+        FuzzingData data = FuzzingData.builder().openApi(openAPI).method(HttpMethod.PUT).pathItem(openAPI.getPaths().get("/users/{userId}")).build();
+        emptyResponseSchemaLinterFuzzer.fuzz(data);
+
+        Mockito.verify(testCaseListener, Mockito.times(1)).reportResultWarn(Mockito.any(), Mockito.any(), Mockito.eq("Empty response schemas found"), Mockito.eq("Response 200 does not define any content"));
+    }
+
+    @Test
+    void shouldReportWarnWhenWhenEmptyObject() throws Exception {
+        OpenAPI openAPI = new OpenAPIParser().readContents(Files.readString(Paths.get("src/test/resources/inconsistent-api-2.yml")), null, null).getOpenAPI();
+        FuzzingData data = FuzzingData.builder().openApi(openAPI).method(HttpMethod.POST).pathItem(openAPI.getPaths().get("/users/{userId}")).build();
+        emptyResponseSchemaLinterFuzzer.fuzz(data);
+
+        Mockito.verify(testCaseListener, Mockito.times(1)).reportResultWarn(Mockito.any(), Mockito.any(), Mockito.eq("Empty response schemas found"), Mockito.eq("Response schema on response 200 is an empty object"));
+    }
+
+    @Test
+    void shouldReportInfo() throws Exception {
+        OpenAPI openAPI = new OpenAPIParser().readContents(Files.readString(Paths.get("src/test/resources/consistent-api.yml")), null, null).getOpenAPI();
+        FuzzingData data = FuzzingData.builder().openApi(openAPI).method(HttpMethod.POST).pathItem(openAPI.getPaths().get("/pets/states")).reqSchema(new Schema()).build();
+        emptyResponseSchemaLinterFuzzer.fuzz(data);
+
+        Mockito.verify(testCaseListener, Mockito.times(1)).reportResultInfo(Mockito.any(), Mockito.any(), Mockito.eq("All response schemas define properties, $ref, or structural composition"));
+    }
+
+    @Test
+    void shouldNotRunOnSecondAttempt() throws Exception {
+        OpenAPI openAPI = new OpenAPIParser().readContents(Files.readString(Paths.get("src/test/resources/consistent-api.yml")), null, null).getOpenAPI();
+        FuzzingData data = FuzzingData.builder().openApi(openAPI).pathItem(openAPI.getPaths().get("/pets/states")).method(HttpMethod.POST).reqSchema(new Schema()).build();
+        emptyResponseSchemaLinterFuzzer.fuzz(data);
+
+        Mockito.verify(testCaseListener, Mockito.times(1)).reportResultInfo(Mockito.any(), Mockito.any(), Mockito.eq("All response schemas define properties, $ref, or structural composition"));
+
+        Mockito.reset(testCaseListener);
+        emptyResponseSchemaLinterFuzzer.fuzz(data);
+        Mockito.verify(testCaseListener, Mockito.times(0)).createAndExecuteTest(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any());
+    }
+
+    @Test
+    void shouldReturnSimpleClassNameForToString() {
+        Assertions.assertThat(emptyResponseSchemaLinterFuzzer).hasToString(emptyResponseSchemaLinterFuzzer.getClass().getSimpleName());
+    }
+
+    @Test
+    void shouldReturnMeaningfulDescription() {
+        Assertions.assertThat(emptyResponseSchemaLinterFuzzer.description()).isEqualTo("detects response schemas that define neither properties, $ref, nor structural composition (oneOf, anyOf, allOf)");
+    }
+}

src/test/resources/inconsistent-api-2.yml

@@ -0,0 +1,127 @@
+openapi: "3.0.0"
+info:
+  version: 1.0.0
+  title: Swagger Petstore
+  description: A sample API that uses a petstore as an example to demonstrate features in the OpenAPI 3.0 specification
+  termsOfService: http://swagger.io/terms/
+  contact:
+    name: Swagger API Team
+    email: [email protected]
+    url: http://swagger.io
+  license:
+    name: Apache 2.0
+    url: https://www.apache.org/licenses/LICENSE-2.0.html
+servers:
+  - url: http://petstore.swagger.io/api
+paths:
+  /users/{userId}:
+    post:
+      summary: Update a user
+      parameters:
+        - in: path
+          name: userId
+          required: true
+          schema:
+            type: string
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+      responses:
+        '200':
+          description: No content
+          content:
+            application/json:
+              schema:
+                type: object
+        '204':
+          description: No Content
+    put:
+      summary: Update a user
+      parameters:
+        - in: path
+          name: userId
+          required: true
+          schema:
+            type: string
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+      responses:
+        '200':
+          description: No content
+        '204':
+          description: No Content
+  /pets/{id}:
+    get:
+      description: Returns a user based on a single ID, if the user does not have access to the pet
+      operationId: find pet by id
+      parameters:
+        - name: id
+          in: path
+          description: ID of pet to fetch
+          required: true
+          schema:
+            type: integer
+            format: int64
+            example: 78
+        - name: page
+          in: query
+          description: Page number
+          required: true
+          schema:
+            type: string
+            example: test
+        - name: ""
+          in: query
+          schema:
+            type: string
+            example: ""
+      responses:
+        '200':
+          description: pet response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Pet'
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+components:
+  schemas:
+    Pet:
+      properties:
+        id:
+          type: integer
+          format: int64
+          minimum: 0
+        code:
+          type: string
+          format: byte
+          example: MjIyMjIyMg==
+        additionalCode:
+          type: string
+          format: binary
+          example: MjIyMjIyMg==
+    Error:
+      properties:
+        id:
+          type: integer
+          format: int64
+          minimum: 0
+        code:
+          type: string
+          format: byte
+          example: MjIyMjIyMg==
+        additionalCode:
+          type: string
+          format: binary
+          example: MjIyMjIyMg==