42crunch / vscode-openapi Goto Github PK

VisualStudio Code OpenAPI tools

License: GNU Affero General Public License v3.0

JavaScript 1.18% TypeScript 95.40% CSS 2.40% Shell 0.02% HTML 0.08% MDX 0.92%

vscode-openapi's Introduction

OpenAPI Tools for Visual Studio Code

This Visual Studio Code (VS Code) extension adds rich support for the OpenAPI Specification (OAS) (formerly known as the Swagger specification). The plugin supports code navigation, linting, SwaggerUI or ReDoc preview, IntelliSense, schema enforcement and generation, schema definition links, snippets as well as static and dynamic security analysis.

The extension integrates with 42Crunch Audit and 42Crunch Scan, so that you can check the quality and the security of your APIs directly in VS Code.

If you are a 42Crunch customer or have an account of a 42Crunch platform, you can also directly access API collections and security reports through the integrated platform navigator.

Both OAS v2 and v3.0.x are supported, in JSON or YAML format.

Quick start

After installing the plugin, open any JSON or YAML file that contains an OpenAPI definition. The plugin automatically detects that this is an OpenAPI file, and the /API button is shown in the left-hand panel.

We also encourage you to watch this video that gives you a full tour of the editor and its different features.

Editor features

This extension makes it easier and faster to navigate your OpenAPI definitions, especially when they get longer.

You can home in on elements in the OpenAPI explorer view, or jump directly to the target of a reference in the API. You can also add new elements to your API directly in the OpenAPI explorer directly where they are needed. Filling in the details is quicker with IntelliSense support for OpenAPI elements.

Creating OpenAPI files

Press Ctrl+Shift+P on Windows or Linux, or Cmd+Shift+P on a Mac.
In the command prompt, start typing new openapi, and click the corresponding command to create either an OAS v2 or v3 template file.
Use the OpenAPI explorer to populate the template with new paths and other elements as needed.
Save the file to your disk to fully enable IntelliSense.

Watch this video on editor basics.

Navigating an API definition

Open an OpenAPI file.
Click the OpenAPI button to switch to the OpenAPI explorer view.
Expand the sections and elements in the file as needed, and click the ones you want to jump to in the editor.

Add new elements in the OpenAPI explorer

In OpenAPI explorer pane, go to the section where you want to add a new element and right on the relevant node to open a context menu.
Click the item you want to add from the dropdown list.

Use IntelliSense

As you start typing OpenAPI elements or their values, the context-sensitive list of available options is displayed in the IntelliSense menu. In JSON OpenAPI files, just type double-quote (") to show the menu, and type further to filter the list. In YAML OpenAPI files, start typing the property name.

You can also use the corresponding VS Code hotkey (Ctrl+Space on Windows, Cmd+Space on Mac) to open the IntelliSense menu.

Jump to a reference

Use Go to Definition to locate the targets of references easily. To jump to view the definition from a reference in your API, either Ctrl+click a reference, or right-click a reference and click Go to Definition in the shortcut menu.

Sort entries in the navigation pane

By default, entries in the OpenAPI Explorer pane are sorted alphabetically. If you want to instead have them sorted in the order they are in the OpenAPI file, change the corresponding setting:

On the File menu, click Preferences > Settings.
Expand the Extensions section and click OpenAPI.
Clear the checkbox Alphabetically sort contents of OpenAPI explorer outlines.

Preview OpenAPI documentation

You can get a documentation-style preview of the API you are editing by clicking the Preview button at the top right:

The extension supports two popular OpenAPI documentation generators: SwaggerUI and ReDoc.

To change the default OpenAPI Preview rendering engine:

On the File menu, click Preferences > Settings.
Expand the Extensions section and click OpenAPI.
Pick the option of your choice from the Default Preview Rendered dropdown list.

Execute operations with "Try it"

With "Try it", you can invoke operations defined in your OpenAPI directly from VS Code:

Click on "Try it" in the code lens which is displayed right below the HTTP verb (e.g. "get", "post") of your operation and in the examples section.
The payload data will be generated based on the request JSON Schema, or the first example available. You can edit this information before sending the request.

Try it comes with a number of limitations:

Sending files is not supported
It works best with text-based responses, such as JSON
Binary/image responses will be shown as text

Generate JSON schemas based on the response content

"Try it" can be used to generate JSON Schema based on the body of the response.

Select "Tools" tab in the TryIt response
Click "Generate schema" button.

Configure authentication for external references in OpenAPI files

If you use references to schemas served by an authenticated HTTP service (such as an Schema Registry service or a repository), you'll need to configure the list of approved hosts in the extension settings. To do this:

On the File menu, click Preferences > Settings.
Expand the Extensions section and click OpenAPI.
Locate the Openapi: Approved Hostnames setting, click on Add item, and write the hostname you need for resolving external references.

In case some of the approved hosts requires authentication, you can configure it in the OpenAPI > External References section of the 42Crunch: Open Settings command view:

To open this view, go to View > Command Palette... in VSCode menu and type in 42Crunch, you'll see the Open Settings command listed below: You can also use keyboard shortcuts for the Command Palette Ctrl+Shift+P, or Cmd+Shift+P for Mac users.

After configuring all hosts you need to refer to, all OpenAPI references to any of the approved hosts will be dynamically resolved when linting or previewing your API.

Static API Security Testing

You can use this OpenAPI extension to check the quality and security of your API definition as you work on it. This feature is powered by 42Crunch Audit. 42Crunch Audit performs a static analysis of the API definition that includes more than 300 checks on best practices and potential vulnerabilities related to authentication, authorization as well as data constraints.

Watch this video to learn more about 42Crunch Audit.

You can run the audit service in freemium or platform mode:

Using our freemium centralized service: this service is a fully featured version of the audit, but with usage limits. In this mode, OAS files are sent to the service, audited and a report is returned. This is a stateless service: we do not keep the OpenAPI file, nor the report.
New! Using the 42Crunch CLI: in this mode, audits are performed locally (on the user's machine). This is only available to freemium users for now. Support for local audit/scans using a platform API token will be available soon. In this mode, OpenAPI files and reports are kept locally.
Using 42Crunch SaaS platform: this requires an account on a 42Crunch platform, which is available to customers and to prospects evaluating our product. In this case, you need to supply your platform URL and an IDE token (which can be created from the platform home page). You can specify those settings by invoking 42Crunch: Update platform credentials from the command palette.

Getting a Freemium Token

To run Security Audit from VS Code, you need a token. The first time you try to audit or scan an API, you are asked to provide your email address or an API token from the platform.

Once you supply the address, the extension requests the token to be sent to your mailbox. Paste the token you received in the prompt in VS Code, and you are all set.

Watch this short video which takes you through those steps.

Running an audit

You can use OpenAPI extension to check the quality of your API as you work on it. You can run the audit directly from VS Code by clicking the 42C button in the upper right corner. Alternatively, you can run an audit for an individual endpoint.

Navigating the issues in the audit report

After the audit finishes, you get the audit report directly in the VS Code view, side by side with your code. The report viewer provides handy ways to navigate the found issues, even if the report is quite long.

Priority issues

Look here for issues that require the most attention.

Most Common issues: this list contains issues that are occuring the most, and how many times they are repeated.
Opportunities: this list contains issues that, if fixed, will most contribute to raise the audit score.

Those two lists will often overlap and in certain cases be identical, but this is totally normal.

Full issue list

The full issue list contains all issues found. The list can be filtered in two ways:

Using the security gate (SQG) toggle: an SQG enforces enterprise compliance and hightlights issues that are offending the requirements established, such as a minimal score, issues severity or specific issues (e.g. an API key is used when only OAuth is allowed across the enterprise). When the toggle is on, only the issues affecting the SQG status are shown.

SQG results are not visible yet to all Freemium users.

Using the filtering options: you can also use filtering options to drill-down into the list such as severity, category or even a specific issue type.

Issues details

For each issue, you have access to full information about the issue, why it is relevant and recommendations on how to address the issue.

Watch this video to learn more about audit and how to navigate issues.

Fixing issues

Many of the issues reported by 42Crunch Audit have fixes associated with them. These are code snippets that you can insert into the OpenAPI file and then customize with the appropriate value.

Cick some of the error lines in your OpenAPI file to bring up the QuickFix blue icon on the left of the line.
Click the Quickfix icon and select the fix to apply.
Tweak the values in the inserted code snippet as you see fit.

(New!) Dynamic API Security testing

42Crunch Audit performs a security analysis that does not require any live API, just the definition itself. 42Crunch Scan leverages the OpenAPI definition to:

Test the resilience and behavior of APIs by automatically generating security tests from the APIs' OpenAPI definition. Scan reproduces the typical behavior of a hacker by injecting bad payloads, bad tokens, and using invalid HTTP verbs and paths. This helps detect vulnerabilities early in the API life cycle, especially those associated with the OWASP API Security Top 10.
Validate that the implementation of the API conforms to its established contract: Scan checks all responses against the OpenAPI definition and detects unexpected responses and data leaks.

Watch this video to learn more about 42Crunch Scan.

APIs which thoroughly enforce compliance to an established contract are far more resilient to all types of attacks.

You must only use 42Crunch Scan against APIs that you own, not those of third parties.

Launching 42Crunch Scan

Scans are run at the operation level only. We recommend you use the 42Crunch API Security Testing Binary to run scans. The alternative is to run a docker image locally. 42Crunch customers can also leverage our scand manager, by deploying an API-driven scan engine on Kubernetes.

In order to run a scan, you will need :

A credential : most likely, your API is using some form of authentication, like an API Key or token. You need a valid credential to provide to the scan engine.
The URL when the API is deployed.

We strongly recommend that you do not target a production system. While the tool does not try to inject malicious payloads, it is possible that the API implementation is not resilient enough to handle the tests and may crash or behave unexpectedly.

When you first launch a scan, you are presented with the scan configuration viewer. The scan configuration is generated automatically from the OpenAPI file you chose to scan.

For each operation in the OpenAPI file, a request is created. You can test individual requests using the Try button top-right.
Requests can be arranged into testing scenarios: a scenario combines one or multiple requests, for example you need to create a resource before you can view it. The editor allows you to extract data as variables from a request execution to inject it into the next step.

Similarly to requests, you can test an individual scenario to ensure it is built correctly before starting a scan: the scan engine will execute the scenario and if successful, launch automatically dozens of tests using the data provided in the OpenAPI file. The scan will send bad verbs, bad data types, bad data formats as well as authentication tests.

Once the scan has run, you are presented with a results page. The summary shows if the scan got a testing baseline by running the HappyPath test. Additional testing results are visible from the tests list. For each issue, you can easily reproduce the problem using a curl request.

Miscellaneous commands

You can load results of Security Audit from a file for a currently open OpenAPI file by running command 42Crunch: Load Security Audit report from file from the command palette

Network requirements

To execute the 42Crunch Freemium services, you need access to the following URL: https://stateless.42crunch.com. You may need to ask your administrators to add a firewall rule to allow the connection.

Known issues

For new files, IntelliSense does not work until you save the file. File extension must be .json or .yaml.
When running 42Crunch Scan on a host with incorrect clock, the scan can fail with the message cannot send the scan report : rpc error: code = InvalidArgument desc = invalid input, to resolve the issue make sure your clock is correctly set.

Feedback

Submit your bug reports at GitHub project Issues.

And, needless to say, your reviews at VS Code marketplace mean the world to us!

vscode-openapi's People

Contributors

Stargazers

Watchers

vscode-openapi's Issues

$ref flagged as error when (apparently) valid

I have several $refs that are being flagged as in error in my schema:

But, based on my understanding from the Array's documentation (https://swagger.io/docs/specification/data-models/data-types/#array) this should be valid. Additionally, if I copy/paste my complete schema into https://editor.swagger.io/ I get no errors.

YAML dependency update 5.0 breaks extension.

Updating the YAML extension by Red Hat from 0.4.1 to 0.5.0 breaks the functionality of this extension.

$ref is not resolved when path contains "~1" (escaped slash)

As per openapi specs https://swagger.io/docs/specification/using-ref/#escape $refs can contain ~1.
Latest version of extension doesn't support "go to definition" if path contains ~1.
Here is an example repository with perfectly valid spec (redoc compiles it) and "go to definition" in vscode doesn't work there (in api.yml file): https://github.com/kroleg/openapi-ref-bug

P.S. I would like to make a PR if/when source code will become public

[BUG] Relative Endpoint URLs not recognized

https://swagger.io/docs/specification/authentication/oauth2/

In OpenAPI 3.0, authorizationUrl, tokenUrl and refreshUrl can be specified relative to the API server URL. This is handy if these endpoints are on same server as the rest of the API operations.

The plugin treats those as Errors like:

String is not a URI: [UriError]: Scheme is missing: {scheme: "", authority: "", path: "/oauth/token", query: "", fragment: ""}

go to definition on yaml flow mapping $ref

I am not able to ctrl+click on a JSON Reference in a YAML flow-style mapping node, e.g.,

schema:
  type: array
  items: { $ref: '#/components/schemas/User' }

If I change to a normal indented mapping

schema:
  type: array
  items: 
    $ref: '#/components/schemas/User'

then the ctrl+click go-to-definition works.

I am using VS Code version 1.36.1 on macOS.

Thanks for the nice extension.

duplicate paths cause API viewer to go blank

If you enter the same path twice, the entire API viewer goes blank and you do not get an error in the editor.

openapi: '3.0.2'
info:
  title: Swagger Petstore
  version: '1.0.0'
servers:
  - url: https://auth2.clearcollateral.com/
paths:

  /v1/authentications:
    post:
      tags:
        - authenticate
      summary: 
        Authenticate a user.  ( Needs to be used as the SECaaS wrapper )
      responses:
        '200':
          description: asedf
        '400':
          description: asedf
        '500':
          description: asedf

  /v1/authentications:
    post:
      tags:
        - authenticate
      summary: 
        Authenticate a user.  ( Needs to be used as the SECaaS wrapper )
      responses:
        '200':
          description: asedf
        '400':
          description: asedf
        '500':
          description: asedf

This will not load in the viewer. But if you remove the second path, it will suddenly load.

This should be marked as an error in the editor, but not cause the viewer to go blank.

API Viewer goes blank after git add

Steps to reproduce:

Have an openapi yaml file open in an active git repository
Make a change to the file
git add the yaml file
The API previewer sidebar panel will go blank. Closing and re-opening the file will fix the issue.

Other installed extensions:

42crunch.vscode-openapi-1.8.13
alireza94.theme-gotham-0.4.0
arjun.swagger-viewer-2.2.2
derek-nextty.openapi-viewer-0.1.9
eamodio.gitlens-10.0.1
ms-python.python-2019.9.34911
philosowaffle.openapi-designer-0.3.0
redhat.vscode-yaml-0.5.3
vscodevim.vim-1.10.2
vscodevim.vim-1.11.0

I can test this on a blank install when I get a chance.

yaml support would be awesome ;)

Plugin allows you to create an already existing operation on a path

When using the plugin, if you want to add an operation on the path Item /foo, it will propose you all of the possible operations, even if an operation is already defined.

If I've got a post operation defined on /foo the plugin still proposes to create a new post operation.

Would be nice if you were only proposed with non already existing operations IMHO

yaml alias using `<<:` gives validation error

Security key not working

I've tried to uninstall the extension so I will get prompt for email, but still get error on authentication.

command 'openapi.createNewThree' not found

Hi!

Unfortunately, after installing the plugin, I receive this error when attempting to create a new OpenAPI v3 (or v2) file.

What I did

Install the plugin via Extensions sidebar (searched for openapi and selected your plugin)
Promptly crashed vscode because I hadn't restarted after vscode upgraded
Reinstalled the plugin via step 1
ctrl-shift-p new open, selected option to create new OpenAPI file

What I saw

Unable to install on VSCode zip extractor

Unable to install the plugin in VSCode on version 1.30.1 on zip extract.

Version: 1.30.1
Commit: dea8705087adb1b5e5ae1d9123278e178656186a
Date: 2018-12-18T18:12:07.165Z
Electron: 2.0.12
Chrome: 61.0.3163.100
Node.js: 8.9.3
V8: 6.1.534.41
OS: Windows_NT x64 10.0.16299

Wrong warning for pattern rule

I have a model:

User:
      type: object
      properties:
        firstName:
          type: string
          maxLength: 100
          pattern: /^[\w\s]+$/
          example: John
        lastName:
          type: string
          maxLength: 100
          pattern: /^[\w\s]+$/
          example: Doe
        fullName:
          type: string
          maxLength: 100
          pattern: /^[\w\s]+$/
          example: John Doe

The warnings are The value of the schema example '/components/schemas/User/properties/{firstName, lastName, fullName}/example' is not consistent with the schema.

"JS-YAML: expected a single document in the stream, but found more" on non-OpenAPI YAML files

With a random YAML file (happens to contain some kubernetes resource definitions) this extension causes a problem report

JS-YAML: expected a single document in the stream, but found more

Repro case: file named ed-ks1-test.yaml.

---
apiVersion: agones.dev/v1
kind: Fleet
spec:
  replicas: 1
  scheduling: Distributed
  template:
    spec:
      ports:
        - name: default
          containerPort: 7777
      template:
        spec:
          containers:
            - resources:
                limits:
                  cpu: "1"
                  memory: "1Gi"
---
apiVersion: autoscaling.agones.dev/v1
kind: FleetAutoscaler
spec:
  fleetName: demo-arena-v1
  policy:
    type: Buffer
    buffer:
      bufferSize: 1
      minReplicas: 0
      maxReplicas: 10

The error is triggered on the second --- instance.

I've confirmed that disabling only this extension causes the problem report to go away.

This is using 42crunch.vscode-openapi version 2.1.1, and redhat.vscode-yaml 0.7.2.

I'm not sure if the problem is the use of load instead of loadAll from yaml-ast-parser-custom-tags and js-yaml, or if the problem is that this error report is not being suppressed correctly when the file is identified as "not an OpenAPI definition" after loading.

`Missing Property "swagger"` on tsconfig.json

As of the latest Visual Studio update, it appears that vscode-openapi is attempting to validate my tsconfig.json against the swagger format. In the "Problems" pane for my workspace, I now have these messages:

{
	"resource": "/Users/craig/Sites/spoonsapp/spoons-api/src/tsconfig.json",
	"owner": "_generated_diagnostic_collection_name_#1",
	"severity": 4,
	"message": "Missing property \"swagger\".",
	"startLineNumber": 1,
	"startColumn": 1,
	"endLineNumber": 1,
	"endColumn": 2
}

I have similar messages for missing properties info and path, as well as Property {name} is not allowed for exclude and extends.

This wasn't happening before the update, and it disappears when I disable the extension. I'm also getting the same set of messages for /Applications/Visual Studio Code.app/Contents/Resources/app/extensions/typescript-basics/schemas/tsconfig.schema.json.

If you need more details and/or config files, let me know, and I'll supply them.

"null" type in schema should be included

Sample Schema:

"myField": {
            "anyOf": [
              {
                "type": "integer"
              },
              {
                "type": "null"
              }
            ]
          }

Expected: No validation error should be displayed

Actual: Below message displayed for "null" type

Value is not accepted. Valid values: "array", "boolean", "integer", "number", "object", "string".

Extension causes tsserver to throw invalid syntax errors

This extension makes tsserver throw invalid synax errors.
For the following environment:

Version: 1.38.1
Commit: b37e54c98e1a74ba89e03073e5a3761284e3ffb0
Date: 2019-09-11T13:30:08.229Z
Electron: 4.2.10
Chrome: 69.0.3497.128
Node.js: 10.11.0
V8: 6.9.427.31-electron.0
OS: Linux x64 4.15.0-55-generic

And extension version:

Version 1.8.18 (October 8, 2019)

When enabling it, even simplest .js file causes tsserver to throw syntax errors.

On screenshot below, clean install of VS code, with only this extension enabled (and its dependency)

Disabling the extension and reloading window removes the invalid errors.

extension icon not visible in left toolbar

I installed the extension, opened a yaml file and begane working. At one point the icon disappeared from the left toolbar. VSCode says that the extension is installed and enabled, but no matter what yaml file I open...no icon... How do I ...relaunch it?

I used teh instructions to create a openAPI3 file and the extenion activated again. so... perhaps I managled my other file somehow.

Bug: Problems loading reference 'openapi-schemas:openapi-2.0.json'

When installing the extension and opening an OAS file, I get this error:

Problems loading reference 'openapi-schemas:openapi-2.0.json': Unable to load schema from 'openapi-schemas:openapi-2.0.json': Request vscode/content failed with message: cannot open openapi-schemas:openapi-2.0.json. Detail: resource is not available.(768)

Multiple examples for a parameter is not supported

External file $refs not supported by jump to definition

A ref like the following doesn't support jump to definition, though it seems like it should be supported by the spec:

"schema": {
  "$ref": "./common_schemas.json#/CustomType"
}

where common_schemas.json is in the same directory and contains:

{
  "CustomType": {
    "description": "A custom type.",
    "type": "string"
  }
}

False positive "has a required though undefined property" on "allOf"

{
    "openapi": "3.0.2",
    "info": {
        "title": "test",
        "version": "0.0.1"
    },
    "servers": [
        {
            "url": "https://api.server.test/v1"
        }
    ],
    "components": {
        "schemas": {
            "Param1": {
                "type": "object",
                "additionalProperties": false,
                "properties": {
                    "p1": {
                        "type": "string"
                    }
                }
            },
            "Param2": {
                "type": "object",
                "additionalProperties": false,
                "properties": {
                    "p2": {
                        "type": "integer"
                    }
                }
            }
        }
    },
    "paths": {
        "/test1": {
            "post": {
                "description": "description test 1",
                "requestBody": {
                    "description": "description body test 1",
                    "required": true,
                    "content": {
                        "application/json": {
                            "schema": {
                                "type": "object",
                                "additionalProperties": false,
                                "description": "description schema test 1",
                                "required": [
                                    "p1"
                                ],
                                "allOf": [
                                    {
                                        "$ref": "#/components/schemas/Param1"
                                    },
                                    {
                                        "$ref": "#/components/schemas/Param2"
                                    }
                                ]
                            }
                        }
                    }
                },
                "responses": {
                    "200": {}
                }
            }
        }
    }
}

Error

{
	"resource": "Untitled-1",
	"owner": "openapi-audit",
	"code": "",
	"severity": 8,
	"message": "Schema '/paths/~1test1/post/requestBody/content/application~1json/schema' has a required though undefined property 'p1' ",
	"startLineNumber": 43,
	"startColumn": 29,
	"endLineNumber": 43,
	"endColumn": 40
}

Intellisense not working

When I enable the extension I get the following message:

Problems loading reference 'openapi-schemas:openapi-2.0.json': Unable to load schema from 'openapi-schemas:openapi-2.0.json': Request vscode/content failed with message: cannot open openapi-schemas:openapi-2.0.json. Detail: resource is not available.

When I disable the extension, OOTB intellisense for swagger in vscode works just fine.

VSCode Version: 1.42.1
OpenAPI (Swagger) Editor Version: 2.1.1

Incomplete audits are provided sometimes

I've noticed the audit response sometimes includes guidance to fix non existent response codes, like missing 429, 403, etc but sometimes not.

For example right now I have some suggestions to remove "credentials sent over the network" but I don't receive any suggestions for adding missing codes, but when I manually added a 401, then suggestions to also include 429 and 403 appear.

it looks inconsistent to me or maybe I'm missing something? Are audits incremental or intended to be complete on each request?

Support for splitted files definitions

I think (please correct me if I am wrong) that it would be useful to support definitions that are splitted across multiple files since Openapi 3 allows it by using $ref: .

I have been trying to work this way but I can't use features like 'Go to definition', etc...

Thanks in advance.

Validation fails for OAS3 headers that are $refs in encoding object

Given the following request body, this is disallowed:

      description: The URL body
      content:
        'text/plain':
          schema:
            $ref: '#/components/schemas/URL'
          examples:
            foo:
              $ref: '#/components/examples/foo'
            xml:
              $ref: '#/components/examples/xml'
          encoding:
            url:
              headers:
                id:
                  $ref: '#/components/headers/id'

The spec allows items in the headers map to be reference objects.
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#encoding-object

Not very responsive when fixing the issues

Unless I run the audit tool, I cannot be sure that the issue is fixed since the error is still highlighted until I press audit button.. maybe an improvement

No auto complete for "format"

No auto complete for "format". The expectation is to support the common formats which are define in swagger.

    beginTime:
        type: string
        format: '|'

Filtering Possibility

It would be great to filter the findings by Score Impact/ Type (Security/Data Validation).

Takes keybindings.json as OAS file

When opening VS Code keybindings.json, the extension complains about:

Incorrect type. Expected "object".

I have to disable the extension while editing my keybindings.

Thank you

Parameters are not recognize

using this tiny swagger
{ "swagger":"2.0", "info": { "title":"API Title", "version":"1.0" }, "host": "", "basePath": "/", "schemes": ["https"], "paths": { "/test": { "get": { "description":"", "parameters": [ { "name" : "tag", "in" : "query", "description" : "If at least one tag parameter is present, only apiVersions having at least one tag matching one of the queried tag will be returned", "required" : false, "type" : "array", "items" : { "type" : "string" }, "collectionFormat" : "multi" }, { "name" : "category", "in" : "query", "description" : "If at least one category parameter is present, only apiVersions having at least one category matching one of the queried category will be returned", "required" : false, "type" : "array", "items" : { "type" : "string" }, "collectionFormat" : "multi" }, { "name" : "subCategory", "in" : "query", "description" : "If at least one subCategory parameter is present, only apiVersions having at least one subCategory matching one of the queried subCategory will be returned", "required" : false, "type" : "array", "items" : { "type" : "string" }, "collectionFormat" : "multi" } ], "responses": { "200": { "description":"Success" } } } } } }

the parameters are not recognized (only path and operation is working

Incorrect Problems shown when file extension is "yaml"

Version 1.8.10
VS Code version: 1.37.1

OpenAPI 3.0 files, if extension is "yaml", it shows warnings / problems like "Property openapi is not allowed" etc. As soon as file extension is changed to "yml", these warnings go away.

Honor `yaml.customTags` setting

When this extension is enabled, other files such as cloud formation template.yaml files report errors for tags defined in the yaml.customTags setting. This does not happen with other extensions using the js-yaml engine such as redhat.vscode-yaml, ms-azuretools.vscode-docker, and ms-kubernetes-tools.vscode-kubernetes-tools.

Remove category "Language Packs" from extension package.json

The category "Language Packs" is for localized display languages such as German and Japanese. Please use the category "Programming Languages" for extensions that provide programming language features.

Feature Request: Definition never used warning

A nice addition to the linter would be to flag definitions that are defined, but never used. I've found this feature in the swagger.io editor useful on a few instances.

PLugin wrongly picks this json file as an OAS file

API icon disappears on Color Theme change and zoom in/out

Repro steps:

Open an OpenAPI file.
Observe that the left-hand pane gets the API icon.
Do one of the following:

File / Preferences / Color Theme - and change the theme.
View / Appearance / Zoom In
View / Appearance / Zoom Out

Observe that the API icon is now gone.

Closing and re-opening the OpenAPI file returns the icon.

False validation error `response has no schema defined` when using $ref

Intellisense not working for .yaml files

Intellisense does not work for swagger.yaml file. Even the hot key(ctrl + space) does not give any intellisense.

Typo in "Schema allows additional properties" warning

I've found a typo in the Schema allows additional properties warning:

Remediation
Clearly define the properties of both accepted inpust and outputs in your API.

See the inpust above?

Is there a repo where I could create a simple PR for this?

paths $ref are not working properly

$ cat openapi.yaml 
openapi: 3.0.0
info:
  title: Test API
  version: 1.0.0

paths:
  /foo:
    get:
      description: path 1
      responses:
        '200':
          description: OK

  /bar:
    $ref: 'paths/bar.yaml'

$ cat paths/bar.yaml 
get:
  description: path 2
  responses:
    '200':
      description: OK

"Go to Definition" opens the path file, but the "PATHS" widget does not show anything. No error checking in the path file either.

Parameter fields in the Swagger Preview are not editable

When the preview in VSCode is initially rendered, the parameter fields are editable but as soon as I switch to another view to, for instance, copy some text, the fields become read only. Maybe this is a problem with the VSCode web view implementation, everything does of course work when opening the preview in a we browser.

"Array schema has no maximum number of items defined" should not be applied to parameters

I had a get operation with the following list of responses

      responses:
        200:
          description: "successful operation"
          schema:
            type: "array"
            items:
              $ref: "#/definitions/VisitRequest"

And I got the "Array schema has no maximum number of items defined", even with severity High
I don't think anyone could exploit such unbound array since it's the response from the server

in paths show parameters and returns in a sub-tree

I'm really loving the use of this tool, but as I'm trying to make sure that things are correct, it would be helpful to see the parameters and responses under the verbs in the path area.

I can't find source code, but I'd be happy to submit a PR to add that feature if you're interested. Otherwise, I hope you'll consider the feature request.

Thank you!

GNU License - Source Code Access Request

Hello,

I would like to know if it could be possible to get access to the code source of this extension which seems like the best right now in term of fonctionnalities for Visual Studio Code.

I didn't see any way to contact you (even or your website) if it wasn't for a demo, so I am writing this issue.

I am asking this because the other big Swagger's extension for VS code (https://github.com/arjun-g/vs-swagger-viewer) didn't have any update since 6 months (with a bit of "TODO" remaining in their README.md) because only 1 person was keeping it alive.
So, I would like to know more about the possibility to keep this one alive before using it too much. If we know the number of people working on it and if the code is open source can be a decision-making factor, being sure it will remains free and usable in any company I would be working in :) (even though VS code itself is an MIT license and "This agreement only gives you some rights to use the software. Microsoft reserves all other rights").

I am writing this issue because the extension is registered under a GNU license on the Visual Studio Code Marketplace (source: https://marketplace.visualstudio.com/items/42Crunch.vscode-openapi/license) while the only repository registered is this one, with the documentation, so I am asking if it could be possible to access the code of this extension per the terms of your license:
"that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things"

Thank you for reading and for considering my request.

Sorry for doing this in a public issue if it is just a problem of license taken for the referencing on VScode Marketplace, but getting in touch with you privately is too difficult.

Have a nice day!

Feature Request: copy the component path

Edit component path is a tedious work
Hope to add a function to copy the path of a component in the explorer pane, or autocomplete when I use the $ref.
Thanks for the nice extension.

False negative - Credentials transported over the network

Check shows negative "Credentials transported over the network" when using client-id+client-secret or basic authentication over HTTPS
Description says that

The scheme is set to http...

, that is wrong

Doesn't install properly on closed network?

Hello.

Really excited to try this extension, but I am building in an offline environment. I downloaded the extension and loaded it into VS Code without any overt signs of issues. However, the extension's openAPI button does not load in the left-hand panel and upon trying to access any of the functionality, I receive errors like the following:

command 'openapi.createNewThreeYaml' not found

I suspect there is some internet dependency that I don't appreciate, but I thought I would raise it in case this was an easy fix.
Thanks in advance.

Token is cut in some email client

Dears,
in my email client, Airmail 4, the token is not wrapped to a new line so, impossible to copy&paste it

I tried a few times and then went on Gmail where it was properly in multiple lines and possible to copy.