You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[TT-11975] Lack of clear error message during failed import when API definition is not valid (#7077)
### **User description**
<details open>
<summary><a href="https://tyktech.atlassian.net/browse/TT-11975"
title="TT-11975" target="_blank">TT-11975</a></summary>
<br />
<table>
<tr>
<th>Summary</th>
<td>Lack of clear error message during failed import when API definition
is not valid</td>
</tr>
<tr>
<th>Type</th>
<td>
<img alt="Bug"
src="https://tyktech.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium"
/>
Bug
</td>
</tr>
<tr>
<th>Status</th>
<td>In Dev</td>
</tr>
<tr>
<th>Points</th>
<td>N/A</td>
</tr>
<tr>
<th>Labels</th>
<td><a
href="https://tyktech.atlassian.net/issues?jql=project%20%3D%20TT%20AND%20labels%20%3D%20codilime_refined%20ORDER%20BY%20created%20DESC"
title="codilime_refined">codilime_refined</a>, <a
href="https://tyktech.atlassian.net/issues?jql=project%20%3D%20TT%20AND%20labels%20%3D%20customer_bug%20ORDER%20BY%20created%20DESC"
title="customer_bug">customer_bug</a>, <a
href="https://tyktech.atlassian.net/issues?jql=project%20%3D%20TT%20AND%20labels%20%3D%20jira_escalated%20ORDER%20BY%20created%20DESC"
title="jira_escalated">jira_escalated</a></td>
</tr>
</table>
</details>
<!--
do not remove this marker as it will break jira-lint's functionality.
added_by_jira_lint
-->
---
<!-- Provide a general summary of your changes in the Title above -->
## Description
The system fails to properly validate and provide clear feedback when
there's a mismatch between security schemes and security requirements in
an OpenAPI description. Instead of returning a helpful validation error,
the application crashes with a nil pointer dereference in the security
extraction process, resulting in a generic 500 error.
## Related Issue
<!-- This project only accepts pull requests related to open issues. -->
<!-- If suggesting a new feature or change, please discuss it in an
issue first. -->
<!-- If fixing a bug, there should be an issue describing it with steps
to reproduce. -->
<!-- OSS: Please link to the issue here. Tyk: please create/link the
JIRA ticket. -->
## Motivation and Context
<!-- Why is this change required? What problem does it solve? -->
## How This Has Been Tested
<!-- Please describe in detail how you tested your changes -->
<!-- Include details of your testing environment, and the tests -->
<!-- you ran to see how your change affects other areas of the code,
etc. -->
<!-- This information is helpful for reviewers and QA. -->
## Screenshots (if appropriate)
## Types of changes
<!-- What types of changes does your code introduce? Put an `x` in all
the boxes that apply: -->
- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] Refactoring or add test (improvements in base code or adds test
coverage to functionality)
## Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply -->
<!-- If there are no documentation updates required, mark the item as
checked. -->
<!-- Raise up any additional concerns not covered by the checklist. -->
- [ ] I ensured that the documentation is up to date
- [ ] I explained why this PR updates go.mod in detail with reasoning
why it's required
- [ ] I would like a code coverage CI quality gate exception and have
explained why
___
### **PR Type**
Bug fix, Tests
___
### **Description**
- Added explicit validation for OAS security requirements.
- Improved error messages for missing security schemes.
- Prevented nil pointer dereference during OAS import.
- Introduced comprehensive unit tests for security validation.
___
### **Changes walkthrough** 📝
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Bug
fix</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>oas.go</strong><dd><code>Add OAS security requirements
validation and error handling</code></dd></summary>
<hr>
apidef/oas/oas.go
<li>Added <code>Validate</code> method to OAS for enhanced
validation.<br> <li> Implemented <code>validateSecurity</code> to check
security requirements.<br> <li> Improved error messages for missing
security schemes.<br> <li> Prevented application crash on invalid
security configuration.
</details>
</td>
<td><a
href="https://github.com/TykTechnologies/tyk/pull/7077/files#diff-80279b1d59499a41a77ff7a16a6e2c9b9b785a4fd1326c351da6884c867658d7">+35/-0</a>
</td>
</tr>
</table></td></tr><tr><td><strong>Tests</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>oas_test.go</strong><dd><code>Add tests for OAS
security validation and error reporting</code></dd></summary>
<hr>
apidef/oas/oas_test.go
<li>Added unit tests for OAS security validation logic.<br> <li> Covered
scenarios for missing, incomplete, and valid security schemes.<br> <li>
Ensured error messages are tested for clarity and accuracy.
</details>
</td>
<td><a
href="https://github.com/TykTechnologies/tyk/pull/7077/files#diff-74029ee88132d30d6478c96a35f8bb2200e0c8e6f42f2c9b147dc6bb7ce74644">+164/-0</a>
</td>
</tr>
</table></td></tr></tr></tbody></table>
___
> <details> <summary> Need help?</summary><li>Type <code>/help how to
...</code> in the comments thread for any questions about PR-Agent
usage.</li><li>Check out the <a
href="https://qodo-merge-docs.qodo.ai/usage-guide/">documentation</a>
for more information.</li></details>
0 commit comments