Support for remote/file references #1674

kylef · 2020-02-17T13:36:37Z

Support for remote (http) and local file references in OAS 2 and 3 schemas along with API Blueprint's Schema keyword.

For example, a schema such as:

{
  "$ref": "./api/attribute.yaml#/attribute"
}

This particular feature needs a lot of thought as it can allow potential security problems for example when you run Dredd against an API Blueprint or OpenAPI document which contains a remote $ref in a schema. The $ref could potentially be used to populate a request body with sensitive data such as /etc/shadow, ~/.npmrc, ~/.ssh/id_rsa etc. This is the particular reason why this has been been supported. JSON Schema can be used to generate request and response bodies.

Additional context

Raised from #1329 (comment)

The text was updated successfully, but these errors were encountered:

kylef · 2020-02-17T15:07:04Z

Duplicate of #676

kylef mentioned this issue Feb 17, 2020

Required response parameters not validated if they are only in $ref in definitions #1329

Open

kylef marked this as a duplicate of #676 Feb 17, 2020

kylef closed this as completed Feb 17, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support for remote/file references #1674

Support for remote/file references #1674

kylef commented Feb 17, 2020

kylef commented Feb 17, 2020

Support for remote/file references #1674

Support for remote/file references #1674

Comments

kylef commented Feb 17, 2020

kylef commented Feb 17, 2020