Merge pull request #92 from apiaddicts/develop

Develop

Author: SebastianDT1

CHANGELOG.md

@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.3.3] - 2026-03-20
+
+### Fixed
+    - OAR113 - CustomField Documentation
+    - OAR114 - HttpResponseHeaders Documentation
+    - OAR115 - VerifyRequiredFields Documentation
+
 ## [1.3.2] - 2026-03-05
 
 ### Fixed

pom.xml

@@ -3,7 +3,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>org.apiaddicts.apitools.dosonarapi</groupId>
   <artifactId>sonaropenapi-rules-community</artifactId>
-  <version>1.3.2</version>
+  <version>1.3.3</version>
   <packaging>sonar-plugin</packaging>
 
   <name>SonarQube OpenAPI Community Rules</name>

src/main/resources/org/sonar/l10n/es/openapi/rules/openapi/format/OAR113.html

@@ -0,0 +1,145 @@
+<p>El campo o extensión debe estar en la ubicación asignada</p>
+<h2>Solución compatible (OpenAPI 2)</h2>
+<pre>
+    swagger: "2.0"
+    info:
+      version: "1.0.0"
+      title: "Sample API"
+      x-custom-example: "example value"
+    paths:
+      /example:
+        get:
+          description: "Get example"
+          responses:
+            "200":
+              description: "Successful response"
+              schema:
+                $ref: "#/definitions/ExampleObject"
+    definitions:
+      ExampleObject:
+        type: object
+        properties:
+          id:
+            type: string
+          name:
+            type: string
+        x-extension-field: "example"
+</pre>
+<h2>Ejemplo de código no compatible (OpenAPI 2)</h2>
+<pre>
+    swagger: "2.0"
+    info:
+      version: "1.0.0"
+      title: "Sample API"
+    paths:
+      /example:
+        get:
+          description: "Get example"
+          responses:
+            "200":
+              description: "Successful response"
+              content:
+                application/json:
+                  schema:
+                    $ref: "#/components/schemas/ExampleObject"
+    definitions: # Noncompliant {{OAR113: Field or extension x-custom-example must be at the assigned location}}
+      schemas:
+        ExampleObject:
+          type: object
+          properties:
+            id:
+              type: string
+            name:
+              type: string
+          x-extension-field: "example"
+</pre>
+<h2>Ejemplo de ubicación de código no compatible (OpenAPI 2)</h2>
+<pre>
+    swagger: "2.0"
+    info:
+      version: "1.0.0"
+      title: "Sample API"
+    paths:
+      /example:
+        get:
+          description: "Get example"
+          responses:
+            "200":
+              description: "Successful response"
+              content:
+                application/json:
+                  schema:
+                    $ref: "#/components/schemas/ExampleObject"
+</pre>
+<h2>Solución compatible (OpenAPI 3)</h2>
+<pre>
+    openapi: "3.0.0"
+    info:
+      version: "1.0.0"
+      title: "Sample API"
+      x-extension-example: "example value"
+    paths:
+      /example:
+        get:
+          description: "Get example"
+          responses:
+            "200":
+              description: "Successful response"
+              content:
+                application/json:
+                  schema:
+                    $ref: "#/components/schemas/ExampleObject"
+    components:
+      schemas:
+        ExampleObject:
+          type: object
+          properties:
+            id:
+              type: string
+            name:
+              type: string
+          x-extension-field: "example"
+</pre>
+<h2>Ejemplo de código no compatible (OpenAPI 3)</h2>
+<pre>
+    openapi: "3.0.0"
+    info:
+      version: "1.0.0"
+      title: "Sample API"
+    paths:
+      /example:
+        get:
+          description: "Get example"
+          responses:
+            "200":
+              description: "Successful response"
+              content:
+                application/json:
+                  schema:
+                    $ref: "#/components/schemas/ExampleObject"
+    components:
+      schemas:
+        ExampleObject:
+          type: object
+          properties:
+            id:
+              type: string
+            name:
+              type: string
+          x-extension-field: "example"
+</pre>
+<h2>Ejemplo de ubicación de código no compatible (OpenAPI 3)</h2>
+<pre>
+    openapi: "3.0.0" # Noncompliant {{OAR113: The location components is not present.}}
+    info:
+      version: "1.0.0"
+      title: "Sample API"
+    paths:
+      /example:
+        get:
+          description: "Get example"
+          responses:
+            "200":
+              description: "Successful response"
+
+</pre>

src/main/resources/org/sonar/l10n/es/openapi/rules/openapi/format/OAR113.json

@@ -0,0 +1,13 @@
+{
+  "title": "OAR113 - CustomField - El campo o extensión debe estar en la ubicación asignada",
+  "type": "BUG",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "30min"
+  },
+  "tags": [
+    "format"
+  ],
+  "defaultSeverity": "MINOR"
+}

src/main/resources/org/sonar/l10n/es/openapi/rules/openapi/format/OAR115.html

@@ -0,0 +1,83 @@
+<p>Los datos en el campo requerido deben existir en los parámetros del esquema</p>
+<h2>Ejemplo de código no compatible (OpenAPI 2)</h2>
+<pre>
+swagger: "2.0"
+info:
+  title: API de ejemplo
+  version: "1.0.0"
+paths: {}
+definitions:
+  ErrorResponse:
+    type: object
+    properties:
+      code:
+        type: integer
+      message:
+        type: string
+    required:
+      - code
+      - message
+      - otherfield # Noncompliant {{OAR115: This value does not exist, it must be defined in the schema properties}}
+
+</pre>
+<h2>Solución compatible (OpenAPI 2)</h2>
+<pre>
+swagger: "2.0"
+info:
+  title: API de ejemplo
+  version: "1.0.0"
+paths: {}
+definitions:
+  ErrorResponse:
+    type: object
+    properties:
+      code:
+        type: integer
+      message:
+        type: string
+    required:
+      - code
+      - message
+</pre>
+<h2>Ejemplo de código no compatible (OpenAPI 3)</h2>
+<pre>
+openapi: 3.0.0
+info:
+  title: API de ejemplo
+  version: "1.0.0"
+paths: {}
+components:
+  schemas:
+    ErrorResponse:
+      type: object
+      properties:
+        code:
+          type: integer
+        message:
+          type: string
+      required:
+        - code
+        - message
+        - otherfield # Noncompliant {{OAR115: This value does not exist, it must be defined in the schema properties}}
+
+</pre>
+<h2>Solución compatible (OpenAPI 3)</h2>
+<pre>
+openapi: 3.0.3
+info:
+  title: API de ejemplo
+  version: "1.0.0"
+paths: {}
+components:
+  schemas:
+    ErrorResponse:
+      type: object
+      properties:
+        code:
+          type: integer
+        message:
+          type: string
+      required:
+        - code
+        - message
+</pre>

src/main/resources/org/sonar/l10n/es/openapi/rules/openapi/format/OAR115.json

@@ -0,0 +1,13 @@
+{
+  "title": "OAR115 - VerifyRequiredFields - Los datos en el campo requerido deben existir en los parámetros del esquema",
+  "type": "BUG",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "30min"
+  },
+  "tags": [
+    "format"
+  ],
+  "defaultSeverity": "MINOR"
+}

src/main/resources/org/sonar/l10n/es/openapi/rules/openapi/security/OAR114.html

@@ -0,0 +1,82 @@
+<h2>Normativa - Definición de API</h2>
+<p>Sobrescribir ciertas cabeceras, permitir el uso de cualquier cabecera sin restricción o no especificar las cabeceras obligatorias puede causar vulnerabilidades en la API.</p>
+<h2>Ejemplo de código no compatible (OpenAPI 2)</h2>
+<pre>
+  swagger: "2.0"
+  info:
+    version: 1.0.0
+    title: Swagger Petstore
+  paths:
+    /pets:
+      get:
+        responses:
+          200:
+            description: Ok
+            headers: 
+              Authorization: <span class="error-info" style="color: #FD8E18;"># Noncompliant {{OAR033: Header not allowed}}</span>
+                description: Forbidden header
+                schema:
+                  type: string
+</pre>
+<h2>Solución compatible (OpenAPI 2)</h2>
+<pre>
+swagger: "2.0"
+info:
+  version: 1.0.0
+  title: Swagger Petstore
+paths:
+  /pets:
+    get:
+      responses:
+        200:
+          description: Ok
+          headers:
+            x-api-key:
+              description: Mandatory header
+              schema:
+                type: string
+            traceId:
+              description: Optional but allowed
+              schema:
+                type: string
+</pre>
+<h2>Ejemplo de código no compatible (OpenAPI 3)</h2>
+<pre>
+  openapi: "3.0.0"
+  info:
+    version: 1.0.0
+    title: Swagger Petstore
+  paths:
+    /pets:
+      get:
+        responses:
+          200:
+            description: Ok
+             headers: 
+              Authorization: <span class="error-info" style="color: #FD8E18;"># Noncompliant {{OAR033: Header not allowed}}</span>
+                description: Forbidden header
+                schema:
+                  type: string
+</pre>
+<h2>Solución compatible (OpenAPI 3)</h2>
+<pre>
+openapi: "3.0.0"
+info:
+  version: 1.0.0
+  title: Swagger Petstore
+paths:
+  /pets:
+    get:
+      responses:
+        200:
+          description: Ok
+          headers:
+            x-api-key:
+              description: Mandatory header
+              schema:
+                type: string
+            traceId:
+              description: Optional but allowed
+              schema:
+                type: string
+</pre>

src/main/resources/org/sonar/l10n/es/openapi/rules/openapi/security/OAR114.json

@@ -0,0 +1,13 @@
+{
+  "title": "OAR114 - HttpResponseHeaders - Existen cabeceras de petición obligatorias y otras que no están permitidas",
+  "type": "VULNERABILITY",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "15min"
+  },
+  "tags": [
+    "safety"
+  ],
+  "defaultSeverity": "CRITICAL"
+}