swagger-api / validator-badge Goto Github PK

View Code? Open in Web Editor NEW

201.0 18.0 85.0 389 KB

Validate your Swagger JSON/YAML today!

Home Page: http://swagger.io

License: Apache License 2.0

Java 88.29% Dockerfile 0.39% HTML 3.21% Shell 4.05% Python 4.07%

swagger validator-badge swagger-api rest restful-api openapi-specification openapi3 open-source swagger-oss

validator-badge's Introduction

Swagger Validator Badge

This project shows a "valid swagger" badge on your site, supporting Swagger/OpenAPI 2.0 and OpenAPI 3.x specifications.

There is an online version hosted on http://validator.swagger.io.

Using Docker

You can also pull a docker image of the validator directly from DockerHub, e.g.:

docker pull swaggerapi/swagger-validator-v2:v2.1.5
docker run -it -p 8080:8080 --name swagger-validator-v2 swaggerapi/swagger-validator-v2:v2.1.5

Since version 2.0.2 local and non http/https urls are rejected by default, along with redirects; this is controllable with docker env variables / java system properties:

docker run -it -p 8080:8080 -e "REJECT_LOCAL=false" -e "REJECT_REDIRECT=false" --name swagger-validator-v2 swaggerapi/swagger-validator-v2:v2.1.5

In non docker environments, system properties rejectLocal and rejectRedirect can be used.

Web UI is reachable at http://localhost:8080/index.html and OpenAPI spec at http://localhost:8080/validator/openapi.json

You can validate OpenAPI specifications version 2.0 (Swagger), 3.0 and 3.1. Swagger Parser is used for semantic validation. Depending on jsonSchemaValidation query parameter value also JSON Schema validation can be executed (default to true)

Additional parameters allow to customize parsing and validation mode.

<img src="https://validator.swagger.io/validator?url={YOUR_URL}">

Of course the YOUR_URL needs to be addressable by the validator (i.e. won't find anything on localhost). If it validates, you'll get a nice green VALID logo. Failures will give an INVALID logo, and if there are errors parsing the specification or reaching it, an ugly red ERROR logo.

For example, using https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/examples/v2.0/json/petstore-expanded.json as a source, we get ...

If your specification fails to validate for some reason, or if there is an error, you can get more information on why by visiting https://validator.swagger.io/validator/debug?url={YOUR_URL}.

Since the validator uses a browserless back-end to fetch the contents and schema, it's not subject to the terrible world of CORS.

Using cURL

You can also post a spec up to the service with cURL:

curl -X POST -d @swagger.json -H 'Content-Type:application/json' https://validator.swagger.io/validator/debug

In this example, swagger.json is the swagger definition in JSON format, in the CWD.

If your swagger definition file is in YAML format, the command needs to be adapted like so:

curl --data-binary @swagger.yaml -H 'Content-Type:application/yaml' https://validator.swagger.io/validator/debug

Note the use of --data-binary to avoid stripping newlines, along with a different Content-Type header.

Note

All of the above is also applicable to OpenAPI 3.x specifications; for example, using https://petstore3.swagger.io/api/v3/openapi.json as a source, we get ...

Since version 2.1.0 a /parseByUrl and /parseByContent are available, returning a serialized parsed specification, with parsing and result configurable by parameters, e.g. passing resolve, etc. See Swagger Parser.

Running locally

You can build and run the validator locally:

mvn package jetty:run

And access the validator like such:

http://localhost:8080/validator?url={URL}

http://localhost:8080/validator?url=http://petstore.swagger.io/v2/swagger.json

http://localhost:8080/validator?url=https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/examples/v3.0/petstore.yaml

Security contact

Please disclose any security-related issues or vulnerabilities by emailing [email protected], instead of using the public issue tracker.

validator-badge's People

Contributors

Stargazers

Watchers

Forkers

earth2marsh ianmacl ikitommi madusankapremaratne samba-konduri facascante hafizh vsheffer daliandragon mjangid mbukosky kleisauke rlugojr pkdevboxy bcwajapey vikumar-ciena dell- claymodel mariosotil kmizuta sanyaade-iot chrisbdfa senthilg85 sffej dondre daddyauden fastfishio duguruiyuan jb08 guoyu07 cptaffe rahulyhg shockey nilambari danielblair tfredrich iamzken charygao sushmithapunaati bsmth tool-recommender-bot bhanditz cass-green locactus drewish johanspannare doc22940 francescoz93 araveeti1 anaida-gasparyan parulgarg211 arkamar msgpo ahlemfanta vorburger eldadfux isabella232 forkkit neotim mcroissant daekene gracekarina phamrak mariakourtesi kodumbeats m1ghtym0 christianeyee gavinwlove konerjonlar zeromsi gnowland sitedata theplaygod97 lucsbasto fm104 william3johnson inferno-inc nicolascarpi deepaachar bimaagung ptaehoon seanpm2001 astrolemonade ivanovilya116

validator-badge's Issues

[Request] Validation via maven plugin

It would be rather nice to have a swagger spec validator invokable from a maven plugin. This way, tooling that generates swagger specs from code would be able to validate them easily as a part of their build process.

Update provided JSON Schema

invalid swagger version "2.0"

When I export in json with Swagger UI, the swagger version is generated as:
"swagger": "2.0",

but validator badge reports this as invalid:

[
    {
        "level": "error",
        "domain": "validation",
        "keyword": "enum",
        "message": "instance value (\"2.0\") not found in enum (possible values: [2.0])",
        "schema": {
            "loadingURI": "#",
            "pointer": "/properties/swagger"
        },
        "instance": {
            "pointer": "/swagger"
        }
    },
    {
        "level": "error",
        "domain": "validation",
        "keyword": "type",
        "message": "instance type (string) does not match any allowed primitive type (allowed: [\"integer\",\"number\"])",
        "schema": {
            "loadingURI": "#",
            "pointer": "/properties/swagger"
        },
        "instance": {
            "pointer": "/swagger"
        }
    }
]

Separate (deployed) jar with validation codes

can't depend on this project as it's packaged as a war and not deployed into any public maven repo. Would be good to get the ValidatorService as a standalone component to be used in JVM-based swagger adaptions.

Model definition - "properties missing"?

I get this message:

{"messages":["attribute definitions.MyModel.properties is missing"]}

from http://online.swagger.io/ when validating this json:

{
"definitions": {
    "MyModel": {
        "format": "email", 
        "type": "string"
    }
}, 
"info": {
    "title": "sometitle", 
    "version": "0.1"
}, 
"paths": {
    "/api/hi": {
        "get": {
            "description": "some really good notes", 
            "parameters": [
                {
                    "description": "somedescription", 
                    "in": "query", 
                    "name": "foo", 
                    "type": "string"
                }
            ], 
            "responses": {
                "200": {
                    "description": "supergeil", 
                    "schema": {
                        "$ref": "#/definitions/MyModel"
                    }
                }
            }, 
            "summary": "upload", 
            "tags": [
                "heyho"
            ]
        }
    }
}, 
"swagger": "2.0"
}

However, on http://swagger.io/specification/#schemaObject it shows in the examples section this "primitive example":

{
    "type": "string",
    "format": "email"
}

Is a primitive object valid?

Publish a privacy policy

As the validator is fetching specs that may be private (for example from a privately hosted version of swagger-ui), this may lead users to leak private API specs to your service.
It would be helpful for trust to publish a privacy policy about what the public instance of validator at online.swagger.io does server-side:

how are handled the URIs of spec file submitted to the validator? (logged? for how long?)
how are handled the content of spec downloaded by the validator? (cached? stored?)
what is the User-agent of the validator in HTTP headers? Does it respects /robots.txt?

server error for godaddy wildcard certificates

i'm using a godaddy wildcard certificate.

validation via http works:
http://online.swagger.io/validator/debug?url=http://photo-dev.tonightwe.com:80/swagger/docs/0.0.1

however validation via https throws a server error:
http://online.swagger.io/validator/debug?url=https://photo-dev.tonightwe.com:443/swagger/docs/0.0.1

guessing because this works it's gotta be a certificate compatibility issue:
https://raw.githubusercontent.com/swagger-api/swagger-spec/master/examples/v2.0/json/petstore-expanded.json

Readme: link to swagger shcema leads to 404

Just the subject.

Validator doesn't enforce uniqueness constraint of operationId

The spec defines operationId as optional, however it must be unique. The validator passes specs that violate that constraint today.

pom.xml needs to be updated to 1.0.18-SNAPSHOT

Looks like the 1.0.17-SNAPSHOT is no longer in the repository so running the server breaks.

<properties>
        <jetty.http.port>8002</jetty.http.port>
        <logback-version>1.1.3</logback-version>
        <jersey-version>2.22.1</jersey-version>
        <commons-io-version>2.4</commons-io-version>
        <httpclient-version>4.5.1</httpclient-version>
        <swagger-core-version>1.5.6</swagger-core-version>
        <swagger-parser-version>1.0.18-SNAPSHOT</swagger-parser-version>
        <servlet-api-version>3.1.0</servlet-api-version>
        <jetty-version>9.2.9.v20150224</jetty-version>
        <json-schema-validator-version>2.2.6</json-schema-validator-version>
        <jackson-version>2.6.4</jackson-version>
</properties>

Cannot download oss-parent-4.pom from sontatype.org

Hi!

When I run:

mvn package jetty:run

...I get the following output:

[INFO] Scanning for projects...
Downloading: https://oss.sonatype.org/content/repositories/snapshots/org/sonatype/oss/oss-parent/5/oss-parent-5.pom

...where it hangs.

I tried just downloading "oss-parent-5.pom" directly with curl, but it fails with HTTP status 404 (but is actually "forbidden"):

404 - Retrieval of /org/sonatype/oss/oss-parent/5/oss-parent-5.pom from M2Repository(id=snapshots) is forbidden by repository policy SNAPSHOT.

I tried on separate networks too, and I get the same message.

So -- apologies for being new to maven -- is there any additional configuration I'm supposed to do, or is this repository just no longer available?

Thank you!

Swagger validator throwing error with well-formed JSON

From @Dundonian on October 22, 2015 6:46

In the Swagger-UI editor, I downloaded the Instagram example JSON and it seems to be well-formed. However, in my hosted site, the validator is producing the following error.

[
{
level: "error",
domain: "validation",
keyword: "type",
message: "instance type (string) does not match any allowed primitive type (allowed: ["object"])",
schema: {
loadingURI: "#",
pointer: ""
},
instance: {
pointer: ""
}
}
]

Here's my URL: http://online.swagger.io/validator/debug?url=http://swagger-ui.aerobatic.io/swagger.json

Copied from original issue: swagger-api/swagger-ui#1695

create a POST mode

To allow posting for offline specs

Editor generated YAML is invalid but JSON is valid

From @zenexius on August 6, 2015 10:38

OK so I generated YAML and JSON using the online editor at http://editor.swagger.io/ with no errors.
But when I use these files with swagger-ui deployed on my server , YAML file validation fails while JSON file loads without any problem.
A live example if you would like to check
json that is valid
http://54.169.44.104/swagger-ui/?url=/chirashi/fr-chirashi-api-spec.json
yaml that is invalid
http://54.169.44.104/swagger-ui/?url=/chirashi/fr-chirashi-api-spec.yaml
any hint?

Copied from original issue: swagger-api/swagger-ui#1518

Image served without a content-type header is breaking github's cache

You can see the effect of this in the project's own README.

See https://help.github.com/articles/why-do-my-images-have-strange-urls/ for further information.

Invalid YAML produces ERROR: 500 Internal Server Error

Feeding the validator a non-valid YAML source produces a ERROR 500: Internal Server Error without any indications of the error.

Running locally I see a stacktrace. If would be nice if using the /debug option that this was returned as content.

in 'reader', line 73, column 3:
      cluster-id:
      ^
expected <block end>, but found BlockMappingStart
 in 'reader', line 89, column 4:
       session-id:
       ^

        at com.fasterxml.jackson.dataformat.yaml.snakeyaml.parser.ParserImpl$ParseBlockMappingKey.produce(ParserImpl.java:570)
        at com.fasterxml.jackson.dataformat.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:158)
        at com.fasterxml.jackson.dataformat.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:168)
        at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:342)
        at com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeObject(JsonNodeDeserializer.java:212)
        at com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeObject(JsonNodeDeserializer.java:218)
        at com.fasterxml.jackson.databind.deser.std.JsonNodeDeserializer.deserialize(JsonNodeDeserializer.java:62)
        at com.fasterxml.jackson.databind.deser.std.JsonNodeDeserializer.deserialize(JsonNodeDeserializer.java:14)

License?

Is the license file intentionally missing on this project? This is a fairly new project, so i'm thinking this might just be an oversight. Everything else for this org seems to be apache 2.0 licensed.

500 error when file not found, etc

Need to make the parsing more resilient. using ?url=foo/bar will throw a 500.

HTML Version

Is this do-able with html or js? Or atleast a much more common back end like PHP? I need an https version but don't want to use java :/

swagger ui validation errors with security definitions

I posted this issue on swagger-tools:
apigee-127/swagger-tools#329

When I run the swagger-tools UI and I browse to the /docs There is an ERROR at the bottom of the page,

When I click on it brings me to:

https://online.swagger.io/validator/debug?url=https://cloud.openmoney.cc/api-docs

The errors I'm getting are:

{"schemaValidationMessages":[{"level":"error","domain":"validation","keyword":"oneOf","message":"instance failed to match exactly one schema (matched 0 out of 6)","schema":{"loadingURI":"http://swagger.io/v2/schema.json#","pointer":"/definitions/securityDefinitions/additionalProperties"},"instance":{"pointer":"/securityDefinitions/oauth2AccessCodeSecurity"}},{"level":"error","domain":"validation","keyword":"oneOf","message":"instance failed to match exactly one schema (matched 0 out of 6)","schema":{"loadingURI":"http://swagger.io/v2/schema.json#","pointer":"/definitions/securityDefinitions/additionalProperties"},"instance":{"pointer":"/securityDefinitions/oauth2ApplicationSecurity"}},{"level":"error","domain":"validation","keyword":"oneOf","message":"instance failed to match exactly one schema (matched 0 out of 6)","schema":{"loadingURI":"http://swagger.io/v2/schema.json#","pointer":"/definitions/securityDefinitions/additionalProperties"},"instance":{"pointer":"/securityDefinitions/oauth2ImplicitSecurity"}},{"level":"error","domain":"validation","keyword":"oneOf","message":"instance failed to match exactly one schema (matched 0 out of 6)","schema":{"loadingURI":"http://swagger.io/v2/schema.json#","pointer":"/definitions/securityDefinitions/additionalProperties"},"instance":{"pointer":"/securityDefinitions/oauth2PasswordSecurity"}}]}

My swagger.json file has no errors on http://editor.swagger.io/

basePath has changed in the online version!?

@fehguy the readme says to use...
online.swagger.io/validator?url...
but its actually served from...
online.swagger.io/?url...

examples..
http://online.swagger.io/validator?url=http://petstore.swagger.io/v2/swagger.json
http://online.swagger.io/?url=http://petstore.swagger.io/v2/swagger.json

Validator should not accept files with duplicate operationIds

Hi,
The spec says that operationId values must be unique per API. But duplicate operationIds are accepted by the validator.

This short example passes validation, but shouldn't:
http://online.swagger.io/validator/debug?url=http://assetsdp.arx.com/larry/swagger/swagger_dup_ids.json

{"swagger": "2.0",
"x-foo" : "woof",
"info": { "version": "0.0.0", "title": "Simple API" },
"paths": { "/": { 
    "get": {"operationId": "duplicateID", "responses": { "200": { "description": "OK" }}},
    "put": {"operationId": "duplicateID", "responses": { "200": { "description": "OK" }}}
}}}

Check version when 1.2 spec submitted

If a spec is submitted, but the version is not supported, then the debug information might explain that. (Even better, validating 1.2 would be great!)

Similarly, since submitting a valid 1.2 spec will always show an "Invalid" badge, that can be misleading. One design workaround might be to always show the version being validated, such as "Valid 2.0" or "Invalid 2.0". (Another approach could be to put the version number in the URL, though it might be ambiguous whether that's the version of the spec or the validator.)

Supporting YAML files

Hi, it seems that most people prefer YAML for writing specs manually. Can you please add support for the badge and debug service?

Validator is returning HTTP 500 errors

I've been using the validator as part of my CI environment and recently the online.swagger.io endpoint is throwing 500 errors.

The following schema is invalid, and online.swagger.io correctly returns a validation error saying object has missing required properties (["responses"])

{
  "swagger": "2.0",
  "info": {
    "version": "2.0.0",
    "title": "Beanhunter API",
    "description": "Description of the api goes here."
  },
  "host": "local.xxx.com",
  "schemes": [
    "http"
  ],
  "consumes": [
    "application/json"
  ],
  "produces": [
    "application/json"
  ],
  "paths": {
    "/city": {
      "get": {
        "description": "test description"
      }
    }
  },
  "definitions": {
    "Endpoints": {
      "title": "Endpoints object",
      "properties": {
        "links": {}
      }
    }
  }
}

curl -X "POST" "http://online.swagger.io/validator/debug" \
    -H "Content-Type: application/json" \
    -H "Accept: application/json" \
    -d "{\"swagger\":\"2.0\",\"info\":{\"version\":\"2.0.0\",\"title\":\"Beanhunter API\",\"description\":\"Description of the api goes here.\"},\"host\":\"local.xxx.com\",\"schemes\":[\"http\"],\"consumes\":[\"application/json\"],\"produces\":[\"application/json\"],\"paths\":{\"/city\":{\"get\":{\"description\":\"test description\"}}},\"definitions\":{\"Endpoints\":{\"title\":\"Endpoints object\",\"properties\":{\"links\":{}}}}}"

The error returned is what I expect:

[
  {
    "level": "error",
    "domain": "validation",
    "keyword": "required",
    "message": "object has missing required properties ([\"responses\"])",
    "schema": {
      "loadingURI": "http://swagger.io/v2/schema.json#",
      "pointer": "/definitions/operation"
    },
    "instance": {
      "pointer": "/paths/~1city/get"
    }
  }
]

The following request attempts to fix the validation error by providing the missing responses key but the validator returns a 500 error.

{
  "swagger": "2.0",
  "info": {
    "version": "2.0.0",
    "title": "Beanhunter API",
    "description": "Description of the api goes here."
  },
  "host": "local.xxx.com",
  "schemes": [
    "http"
  ],
  "consumes": [
    "application/json"
  ],
  "produces": [
    "application/json"
  ],
  "paths": {
    "/city": {
      "get": {
        "description": "test description",
        "responses": {}
      }
    }
  },
  "definitions": {
    "Endpoints": {
      "title": "Endpoints object",
      "properties": {
        "links": {}
      }
    }
  }
}

curl -X "POST" "http://online.swagger.io/validator/debug" \
    -H "Content-Type: application/json" \
    -H "Accept: application/json" \
    -d "{\"swagger\":\"2.0\",\"info\":{\"version\":\"2.0.0\",\"title\":\"Beanhunter API\",\"description\":\"Description of the api goes here.\"},\"host\":\"local.xxx.com\",\"schemes\":[\"http\"],\"consumes\":[\"application/json\"],\"produces\":[\"application/json\"],\"paths\":{\"/city\":{\"get\":{\"description\":\"test description\",\"responses\":{}}}},\"definitions\":{\"Endpoints\":{\"title\":\"Endpoints object\",\"properties\":{\"links\":{}}}}}"

The response

HTTP ERROR 500

Problem accessing /validator/debug. Reason:

Internal Server Error

Validator fails when definitions don't have "properties" attribute

Here's the json: http://devdocs.magento.com/swagger/schemas/2.0.0-rc-api-schema.json

Here is an example of the section that is causing the validator badge to fail (nested under the "definitions" object):

"store-data-store-extension-interface" : {
  "type" : "object",
  "description" : "ExtensionInterface class for @see \\Magento\\Store\\Api\\Data\\StoreInterface"
}

I'm getting a lot of messages in the response of the form:

["attribute definitions.store-data-store-extension-interface.properties is missing"

But when I use the schema found here, https://github.com/OAI/OpenAPI-Specification/blob/master/schemas/v2.0/schema.json, and validate locally using https://github.com/justinrainbow/json-schema, the validation is successful. And from doing my best to read the swagger schema myself, I cannot see anything which requires a definition
object to have a properties attribute.

So here's my question - is the validator badge producing results that disagree with the schema? If not, does that mean the schema requires all definition objects to have a properties object? If so, then why when using the same schema I find that my json is valid, in disagreement with the validator badge?

Thanks!

Validator doesn't resolve all $refs properly

From swagger-api/swagger-editor#388

The spec reported there is perfectly valid.

swagger: "2.0"
info:
  version: 0.0.0
  title: Simple API
paths:
  /:
    get:
      responses:
        "200":
          description: OK
          schema:
            $ref: "#/definitions/InternshipResultModel"
definitions:
  InternshipResultModel:
    properties:
      Review:
        schema:
          $ref: "#/definitions/ReviewModel"
  ReviewModel:
    properties:
      Rating:
        type: integer

Validator giving 500 errors when validating a definition on Azure via HTTPS

Within the UI the validation image is coming up with an error in red. Investigating it I go to this page in the browser http://online.swagger.io/validator/debug?url=https://microsoft-apiapp1c74ef90d4ec4d5f8dd8b4d1fbc3504c.azurewebsites.net:443/swagger/docs/v1 and get a 500 error. However if I download the json and host it on another site it does work. http://online.swagger.io/validator/debug?url=http://soccerweekend.com/swagger.txt <<<< .txt as I couldnt quickly change MIME types.

Therefore the JSON is valid so it's a permission/hosting issue. https://microsoft-apiapp1c74ef90d4ec4d5f8dd8b4d1fbc3504c.azurewebsites.net:443/swagger/docs/v1 is accessible though.... Very weird.

enum fails validation

definitions:
  imageType:
    type: string
    enum:
      - "AVATAR"
      - "PROFILE"

fails validation with message

{
    "messages": 
    [
        "attribute definitions.imageType.properties is missing"
    ]
}

replace temporary badges

They're terrible on purpose, need to replace them with something nicer

Operation parameters array with minItems can cause a 500 Internal Error

Hi,

according to the swagger specification the parameter object can have defined minItems but when I'm using it, the swagger editor, through the swaggerhub at least, badge turns to red (ERROR) while the swagger validate says that the document contains no errors.

Of course this is a minor issue but it can cause a headache at someone as it gave at me.

Remote Address:52.0.196.189:443
Request URL:https://validator.swaggerhub.com/debug
Request Method:POST
Status Code:500 Internal Server Error
Response Headers
view source
Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:GET, POST, DELETE, PUT
Access-Control-Allow-Origin:*
Cache-Control:must-revalidate,no-cache,no-store
Connection:keep-alive
Content-Length:323
Content-Type:text/html; charset=ISO-8859-1

{
    "swagger": "2.0",
    "info": {
        "version": "throwable",
        "title": "TavaPay",
        "description": "TavaPay Draft"
    },
    "paths": {
        "/test/{id}": {
            "post": {
                "description": "Success",
                "parameters": [
                    {
                        "name": "id",
                        "type": "string",
                        "in": "path",
                        "required": true
                    },
                    {
                        "name": "foo",
                        "type": "array",
                        "items": {
                            "type": "string"
                        },
                        "required": true,
                        "minItems": 0,
                        "in": "formData"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "ok"
                    }
                }
            }
        }
    }
}

This is the document to reproduce that error in swaggerhub

swagger: '2.0'
info:
  version: throwable
  title: TavaPay
  description: TavaPay Draft
paths:
  '/test/{id}':
    post:
      description: Success
      parameters:
        - name: id
          type: string
          in: path
          required: true
        - name: foo
          type: array
          items:
            type: string
          required: true
          minItems: 0
          in: formData
      responses:
        '200':
          description: ok

create debug mode

Would like to return the information from the JSON schema validator when requested. I'd suggest having something like this:

<a href="http://petstore.swagger.wordnik.com/validator?debug=true&url={YOUR_URL}">
  <img src="http://petstore.swagger.wordnik.com/validator?url={YOUR_URL}">
</a>

publish docker image

Empty parameter list

The Swagger validator badge in http://petstore.swagger.io/ shows that http://petstore.swagger.io/v2/swagger.json is invalid.

[
{
level: "error",
domain: "validation",
keyword: "minItems",
message: "array is too short: must have at least 1 elements but instance has 0 elements",
schema: {
loadingURI: "http://swagger.io/v2/schema.json#",
pointer: "/definitions/parametersList"
},
instance: {
pointer: "/paths/~1store~1inventory/get/parameters"
}
}
]

Seems like it's due to /store/inventory with empty parameter list

parameters: [ ],

Does it mean Swagger Spec 2.0 does not allow empty "parameters"? If a method (endpoint) does not need any parameters in the request, should it completely omit "parameters" in the specification (json) ?

Validator "unable to parse" if top level vendor addition

Thanks for the Validator!

But if the JSON includes a top level vendor addition (eg x-foo), then you receive the error message "unable to parse swagger from http://xxxx"

Test case--
Swagger file: http://widgetsign.com/swagger/minimal_swagger.json
Validator fail:
http://online.swagger.io/validator/debug?url=http://widgetsign.com/swagger/minimal_swagger.json

Example Swagger file which fails, but is valid:
{
"swagger": "2.0",
"x-foo" : "woof",
"info": { "version": "0.0.0", "title": "Simple API" },
"paths": { "/": { "get": { "responses": { "200": { "description": "OK" }}}}}
}

The Swagger file is ok according to the spec, the schema and the JSON schema checker -- http://json-schema-validator.herokuapp.com/index.jsp
Spec: https://github.com/swagger-api/swagger-spec/blob/master/versions/2.0.md#patterned-objects

Thanks!
Larry

Validator throws exception on non-string default values for model properties

This will cause an error in the validator
http://online.swagger.io/validator/debug?url=

{
  "properties" : {
    "success" : {
      "type" : "boolean",
      "default" : false
    }
  }
}

But this is ok:

{
  "properties" : {
    "success" : {
      "type" : "boolean",
      "default" : true
    }
  }
}

And so is this:

{
  "properties" : {
    "success" : {
      "type" : "boolean",
      "default" : "false"
    }
  }
}

Enable validation of contents and not only via URL

It would be nice if the tool would allow the user to invoke the validator tool and pass the contents of the yaml/json (even if only the /debug).

For example (some other method of achieving it would be just as good):
curl -X POST /validator/debug --data-binary @{fileName}

This would simplify the integration of the tool in to build automation processes for example, where the API definition may not be available online.

Today a workaround would be to start the tool locally, and then start a local webserver just for the validation, which is a bit heavy.

More helpful errors for people, who as a species can be quite fallible

Throwing a 500 error is never a good thing. Ideally, there would be more help offered when people do things like…

Forget the http://:
http://online.swagger.io/validator/debug?url=petstore.swagger.io

(Suggest checking that the string begins with http.)

And:
http://online.swagger.io/validator/debug?url=http://dev-marksandspencer.devportal.apigee.com/sites/default/files/geocoder.swagger

… which turns out to have a (for shame!) multi-line string in JSON. Testing for valid YAML/JSON might be good.

Validator can cache the schema

https://github.com/swagger-api/validator-badge/blob/master/src/main/java/com/wordnik/swagger/services/ValidatorService.java

        String schemaText = getSchema();
        JsonNode schemaObject = MAPPER.readTree(schemaText);
        JsonSchemaFactory factory = JsonSchemaFactory.byDefault();
        JsonSchema schema = factory.getJsonSchema(schemaObject);

The schema can be cached to avoid being downloaded, parsed and built for every request.

private JsonSchema schema;

if (schema == null) {
        String schemaText = getSchema();
        JsonNode schemaObject = MAPPER.readTree(schemaText);
        JsonSchemaFactory factory = JsonSchemaFactory.byDefault();
        schema = factory.getJsonSchema(schemaObject);
}

Internal server error

Apologies if this is the wrong place to report. I'm trying to validate a spec but it crashes.

http://online.swagger.io/validator/debug?url=https://test-api.sling.is/spec.json

I realise that there must be something horribly wrong with my spec.json but I'm assuming you don't want the validator to crash regardless.

better handle timeouts

if a host is unreachable, the timeout period is 30 seconds, which is very bad.

Mixed content error: HTTPS usage of a swagger-ui with validator redirects to a HTTP resource

Chrome reports a mixed content error as the validator redirects to an insecure resource:

Mixed Content: The page at 'https://...' was loaded over HTTPS, but requested an insecure image 'http://online.swagger.io/validator?...'. This content should also be served over HTTPS.

Validator debug returns 500

I'm getting a nice red ERROR badge on my site:
http://co-delv-dev.trafficmanager.net/swagger/ui/index

When I click the badge to debug the swagger to see what's wrong, I get redirected to http://online.swagger.io/validator/debug?url=http://co-delv-dev.trafficmanager.net:80/swagger/docs/v1
Which renders:
HTTP ERROR 500

Problem accessing /validator/debug. Reason:

Internal Server Error

Validator result is error when query parameter has a maxLength property

My API description is at:
https://raw.githubusercontent.com/Mermade/filestore/master/nitro/swagger.json

It passes the bigstickcarpet.com validator, but the validator-badge results in an error, and the debug shows

"attribute paths.'/programmes'(get).[initial_letter_end].maxLength is unexpected"

for each parameter with a maxLength specified. The minLength property on the same parameters does not cause a problem.

Is my API spec wrong in some way?

Swagger-jaxrs and swagger-parser SNAPSHOTs missing

Hey all!
We're using this for a project, and it seems that when I pull down the latest version and attempt to run it, it looks for snapshots that don't exist. We're running this on CENTOS 7 with Maven 3.10 and jdk 1.7, if that's relevant. The error we get is:

[ERROR] Failed to execute goal on project swagger-validator: Could not resolve dependencies for project io.swagger:swagger-validator:war:1.0.2-SNAPSHOT: The following artifacts could not be resolved: io.swagger:swagger-jaxrs:jar:1.5.4-SNAPSHOT, io.swagger:swagger-parser:jar:1.0.11-SNAPSHOT: Failure to find io.swagger:swagger-jaxrs:jar:1.5.4-SNAPSHOT in https://oss.sonatype.org/content/repositories/snapshots was cached in the local repository, resolution will not be reattempted until the update interval of sonatype-snapshots has elapsed or updates are forced -> [Help 1]

It works fine if you update the pom.xml to ask for the snapshots that are found on the server. I don't know if this is just a small update that needs to happen or something on my end (I'm a little new to maven), but I wanted to let you know just in case.

-        <swagger-core-version>1.5.4-SNAPSHOT</swagger-core-version>
-        <swagger-parser-version>1.0.11-SNAPSHOT</swagger-parser-version>
+        <swagger-core-version>1.5.5-SNAPSHOT</swagger-core-version>
+        <swagger-parser-version>1.0.12-SNAPSHOT</swagger-parser-version>

Swagger online validator is not able to validate, even it's public URL

This is code being used on HTML page

<span>
 <a href="http://online.swagger.io/validator/debug?url=https://snapcx.io/api/swagger.json">
    <img id="validator" src="http://online.swagger.io/validator?url=https://snapcx.io/api/swagger.json">
 </a>
</span>

And I checked, "https://snapcx.io/api/swagger.json" is public.

No idea, why I am seeing this error,

[{"level":"error","message":"Can't read from file https://snapcx.io/api/swagger.json"}]

This valid JSON causes a 500 error

Hi, this valid JSON causes a 500 error in the validator. Thanks!

{
  "swagger": "2.0",
  "info": {
    "title": "test API",
    "description": "test Swagger 2.0 API specification.  This API spec can be used for integrating your Form.io project into non-HTML5 programs like \"native\" phone apps, \"legacy\" and \"enterprise\" systems, embedded \"Internet of Things\" applications (IoT), and other programming languages.  Note: The URL's below are configured for your specific project and form.",
    "termsOfService": "http://form.io/terms/",
    "contact": {
      "name": "Form.io Support",
      "url": "http://help.form.io/",
      "email": "[email protected]"
    },
    "license": {
      "name": "MIT",
      "url": "http://opensource.org/licenses/MIT"
    },
    "version": "1.0.0"
  },
  "host": "api.localhost:3000",
  "basePath": "/project/55b09c8f111b3a0100ac8c20/form/55b0a219111b3a0100ac8c28",
  "schemes": [
    "http"
  ],
  "consumes": [
    "application/json"
  ],
  "produces": [
    "application/json"
  ],
  "paths": {
    "/project/55b09c8f111b3a0100ac8c20/form/55b0a219111b3a0100ac8c28/submission": {
      "get": {
        "tags": [
          "submission"
        ],
        "summary": "List multiple submission resources.",
        "description": "This operation allows you to list and search for submission resources provided query arguments.",
        "operationId": "getsubmissions",
        "produces": [
          "application/json"
        ],
        "responses": {
          "200": {
            "description": "Resource(s) found.  Returned as array.",
            "schema": {
              "$ref": "#/definitions/submissionList"
            }
          },
          "401": {
            "description": "Unauthorized."
          }
        },
        "parameters": [
          {
            "name": "skip",
            "in": "query",
            "description": "How many records to skip when listing. Used for pagination.",
            "required": false,
            "type": "integer",
            "default": 0
          },
          {
            "name": "limit",
            "in": "query",
            "description": "How many records to limit the output.",
            "required": false,
            "type": "integer",
            "default": 10
          },
          {
            "name": "count",
            "in": "query",
            "description": "Set to true to return the number of records instead of the documents.",
            "type": "boolean",
            "required": false,
            "default": false
          },
          {
            "name": "sort",
            "in": "query",
            "description": "Which fields to sort the records on.",
            "type": "string",
            "required": false,
            "default": ""
          },
          {
            "name": "select",
            "in": "query",
            "description": "Select which fields will be returned by the query.",
            "type": "string",
            "required": false,
            "default": ""
          },
          {
            "name": "populate",
            "in": "query",
            "description": "Select which fields will be fully populated with the reference.",
            "type": "string",
            "required": false,
            "default": ""
          }
        ]
      },
      "post": {
        "tags": [
          "submission"
        ],
        "summary": "Create a new submission",
        "description": "Create a new submission",
        "operationId": "createsubmission",
        "consumes": [
          "application/json"
        ],
        "produces": [
          "application/json"
        ],
        "security": [],
        "responses": {
          "201": {
            "description": "The resource has been created."
          },
          "400": {
            "description": "An error has occured trying to create the resource."
          },
          "401": {
            "description": "Unauthorized.  Note that anonymous submissions are *enabled* by default."
          }
        },
        "parameters": [
          {
            "in": "body",
            "name": "body",
            "description": "Data used to create a new submission",
            "required": true,
            "schema": {
              "$ref": "#/definitions/submission"
            }
          }
        ]
      }
    },
    "/project/55b09c8f111b3a0100ac8c20/form/55b0a219111b3a0100ac8c28/submission/{submissionId}": {
      "get": {
        "tags": [
          "submission"
        ],
        "summary": "Return a specific submission instance.",
        "description": "Return a specific submission instance.",
        "operationId": "getsubmission",
        "produces": [
          "application/json"
        ],
        "responses": {
          "200": {
            "description": "Resource found",
            "schema": {
              "$ref": "#/definitions/submission"
            }
          },
          "401": {
            "description": "Unauthorized."
          },
          "404": {
            "description": "Resource not found"
          },
          "500": {
            "description": "An error has occurred."
          }
        },
        "parameters": [
          {
            "name": "submissionId",
            "in": "path",
            "description": "The ID of the submission that will be retrieved.",
            "required": true,
            "type": "string"
          }
        ]
      },
      "put": {
        "tags": [
          "submission"
        ],
        "summary": "Update a specific submission instance.",
        "description": "Update a specific submission instance.",
        "operationId": "updatesubmission",
        "consumes": [
          "application/json"
        ],
        "produces": [
          "application/json"
        ],
        "responses": {
          "200": {
            "description": "Resource updated",
            "schema": {
              "$ref": "#/definitions/submission"
            }
          },
          "400": {
            "description": "Resource could not be updated."
          },
          "401": {
            "description": "Unauthorized."
          },
          "404": {
            "description": "Resource not found"
          },
          "500": {
            "description": "An error has occurred."
          }
        },
        "parameters": [
          {
            "name": "submissionId",
            "in": "path",
            "description": "The ID of the submission that will be updated.",
            "required": true,
            "type": "string"
          },
          {
            "in": "body",
            "name": "body",
            "description": "Data used to update submission",
            "required": true,
            "schema": {
              "$ref": "#/definitions/submission"
            }
          },
          {
            "type": "array",
            "items": {
              "type": "string"
            }
          },
          {
            "type": "array",
            "items": {
              "properties": {
                "type": {
                  "type": "string"
                },
                "id": {
                  "type": "string"
                },
                "created": {
                  "type": "string",
                  "format": "date",
                  "description": "The date this resource was created."
                },
                "modified": {
                  "type": "string",
                  "format": "date",
                  "description": "The date this resource was modified."
                }
              }
            }
          },
          {
            "type": "string",
            "format": "date",
            "description": "The date this resource was created."
          },
          {
            "type": "string",
            "format": "date",
            "description": "The date this resource was modified."
          }
        ]
      },
      "delete": {
        "tags": [
          "submission"
        ],
        "summary": "Delete a specific submission",
        "description": "Delete a specific submission",
        "operationId": "deletesubmission",
        "consumes": [
          "application/json"
        ],
        "produces": [
          "application/json"
        ],
        "responses": {
          "204": {
            "description": "Resource was deleted"
          },
          "400": {
            "description": "Resource could not be deleted."
          },
          "401": {
            "description": "Unauthorized."
          },
          "404": {
            "description": "Resource not found"
          },
          "500": {
            "description": "An error has occurred."
          }
        },
        "parameters": [
          {
            "name": "submissionId",
            "in": "path",
            "description": "The ID of the submission that will be deleted.",
            "required": true,
            "type": "string"
          }
        ]
      }
    }
  },
  "definitions": {
    "submission": {
      "properties": {
        "roles": {
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "externalIds": {
          "type": "array",
          "items": {
            "properties": {
              "type": {
                "type": "string"
              },
              "id": {
                "type": "string"
              },
              "created": {
                "type": "string",
                "format": "date",
                "description": "The date this resource was created."
              },
              "modified": {
                "type": "string",
                "format": "date",
                "description": "The date this resource was modified."
              }
            }
          }
        },
        "created": {
          "type": "string",
          "format": "date",
          "description": "The date this resource was created."
        },
        "modified": {
          "type": "string",
          "format": "date",
          "description": "The date this resource was modified."
        }
      }
    },
    "submissionList": {
      "type": "array",
      "items": {
        "$ref": "#/definitions/submission"
      }
    }
  },
  "securityDefinitions": {
    "bearer": {
      "type": "apiKey",
      "name": "Authorization",
      "in": "header"
    }
  }
}

Improve Error Message

My swagger.json is not accessible from the internet so I got a generic ERROR link on the swagger-ui with a message indicating that the file could not be read.
But nowhere did it indicate that this error came from the on-line validator so I had no idea what the problem was, especially since the file was in fact readable from my desktop.

HTTP 500: Problem accessing /validator/debug

Hi,
I have setup Swagger UI server instance which is to display the JSON spec in a more readable format. The page opens fine and the JSON file https://dox.cabforce.com/swagger_v2.json is available when entering this URL in a browser. However, the validator icon is red and the only thing that I can see by following the link http://online.swagger.io/validator/debug?url=https://dox.cabforce.com/swagger_v2.json is the following:

HTTP ERROR 500:
Problem accessing /validator/debug. Reason:
Internal Server Error

Note that the JSON file in question is parsed successfully when uploaded to editor.swagger.io. At the same time, I see that http://petstore.swagger.io/v2/swagger.json validates with a known issue of having empty array.

Would it be possible to get a bit more info what is going on on validator side and what exactly is making it to return me the red icon? Thank you!
Would it be possible to get