feat: Swagger api operation simple validation

samtranslator/swagger/swagger.py

@@ -93,6 +93,10 @@ def method_definition_has_integration(self, method_definition):
         :param dict method_definition: method definition dictionary
         :return: True if an integration exists
         """
+        if not isinstance(method_definition, dict):
+            raise InvalidDocumentException(
+                [InvalidTemplateException("Invalid swagger API operation definition: {}".format(method_definition))]
+            )
         if method_definition.get(self._X_APIGW_INTEGRATION):
             return True
         return False
@@ -523,13 +527,14 @@ def set_path_default_authorizer(
         :param bool add_default_auth_to_preflight: Bool of whether to add the default
             authorizer to OPTIONS preflight requests.
         """
-
+        valid_non_http_method_sections = ["parameters", "summary", "description", "$ref", "servers"]
         for method_name, method in self.get_path(path).items():
             normalized_method_name = self._normalize_method_name(method_name)
 
-            # Excluding parameters section
-            if normalized_method_name == "parameters":
+            # Excluding non-http-method sections https://swagger.io/specification/
+            if method_name in valid_non_http_method_sections:
                 continue
+
             if add_default_auth_to_preflight or normalized_method_name != "options":
                 normalized_method_name = self._normalize_method_name(method_name)
                 # It is possible that the method could have two definitions in a Fn::If block.
@@ -622,14 +627,14 @@ def set_path_default_apikey_required(self, path):
         :param string path: Path name
         """
 
+        valid_non_http_method_sections = ["parameters", "summary", "description", "$ref", "servers"]
         for method_name, method in self.get_path(path).items():
-            # Excluding parameters section
-            if method_name == "parameters":
+            # Excluding non-http-method sections https://swagger.io/specification/
+            if method_name in valid_non_http_method_sections:
                 continue
 
             # It is possible that the method could have two definitions in a Fn::If block.
             for method_definition in self.get_method_contents(method):
-
                 # If no integration given, then we don't need to process this definition (could be AWS::NoValue)
                 if not self.method_definition_has_integration(method_definition):
                     continue

tests/swagger/test_swagger.py

@@ -1,7 +1,7 @@
 import copy
 
 from unittest import TestCase
-from mock import Mock
+from mock import Mock, patch
 from parameterized import parameterized, param
 
 from samtranslator.swagger.swagger import SwaggerEditor
@@ -994,6 +994,66 @@ def test_add_default_apikey_to_all_paths_correctly_handles_method_level_settings
         self.assertEqual(api_key_exists, self.editor.swagger["paths"][path]["apikeytrue"]["security"])
         self.assertEqual(api_key_exists, self.editor.swagger["paths"][path]["apikeydefault"]["security"])
 
+    @patch("samtranslator.swagger.swagger.SwaggerEditor.get_method_contents")
+    def test_set_path_default_apikey_required_ignores_valid_non_http_method_properties(self, get_method_contents_mock):
+        get_method_contents_mock.return_value = []
+        self.original_swagger = {
+            "swagger": "2.0",
+            "paths": {
+                "/foo": {
+                    "parameters": "ANY_VALUE",
+                    "summary": "ANY_VALUE",
+                    "description": "ANY_VALUE",
+                    "$ref": "ANY_VALUE",
+                    "servers": "ANY_VALUE",
+                    "apikeyfalse": {_X_INTEGRATION: {"a": "b"}, "security": [{"api_key_false": []}]},
+                    "apikeytrue": {_X_INTEGRATION: {"a": "b"}, "security": [{"api_key": []}]},
+                    "apikeydefault": {_X_INTEGRATION: {"a": "b"}},
+                }
+            },
+        }
+
+        self.editor = SwaggerEditor(self.original_swagger)
+        self.editor.set_path_default_apikey_required("/foo")
+        # Assert not called for parameters, summary, description and $ref sections
+        self.assertEqual(get_method_contents_mock.call_count, 3)
+        get_method_contents_mock.has_call(self.original_swagger["paths"]["/foo"]["apikeyfalse"])
+        get_method_contents_mock.has_call(self.original_swagger["paths"]["/foo"]["apikeytrue"])
+        get_method_contents_mock.has_call(self.original_swagger["paths"]["/foo"]["apikeydefault"])
+
+    def test_method_definition_has_integration(self):
+        self.original_swagger = {
+            "swagger": "2.0",
+            "paths": {
+                "/foo": {
+                    "get": {
+                        "summary": "Valid Swagger API operation with amazon integration",
+                        "requestBody": {},
+                        _X_INTEGRATION: {"a": "b"},
+                        "security": [{"api_key_false": []}],
+                        "responses": {},
+                        "parameters": [],
+                    },
+                    "post": {
+                        "summary": "Valid Swagger API operation without amazon integration",
+                        _X_INTEGRATION: {},
+                        "requestBody": {},
+                        "responses": {},
+                        "parameters": [],
+                    },
+                    "put": "Invalid Value; String instead of swagger API operation",
+                }
+            },
+        }
+        self.editor = SwaggerEditor(self.original_swagger)
+        get_method_definition = self.original_swagger["paths"]["/foo"]["get"]
+        post_method_definition = self.original_swagger["paths"]["/foo"]["post"]
+        put_method_definition = self.original_swagger["paths"]["/foo"]["put"]
+        self.assertTrue(self.editor.method_definition_has_integration(get_method_definition))
+        self.assertFalse(self.editor.method_definition_has_integration(post_method_definition))
+        with self.assertRaises(InvalidDocumentException):
+            self.assertTrue(self.editor.method_definition_has_integration(put_method_definition))
+
     def test_set_method_apikey_handling_apikeyrequired_false(self):
         expected = [{"api_key_false": []}]
         path = "/bar"

tests/translator/input/error_api_with_usage_plan_invalid_path_method.yaml

@@ -0,0 +1,15 @@
+Resources:
+  ApiWithInvalidPathMethod:
+    Type: AWS::Serverless::Api
+    Properties:
+      Auth:
+        ApiKeyRequired: true
+        UsagePlan:
+          CreateUP: NONE
+      StageName: Prod
+      Cors: "'*'"
+      DefinitionBody:
+        swagger: 2.0
+        paths:
+          /foo:
+            get: "Any non dict value"

tests/translator/output/error_api_with_usage_plan_invalid_path_method.json

@@ -0,0 +1,3 @@
+{
+  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Structure of the SAM template is invalid. Invalid swagger API operation definition: Any non dict value"
+}

tests/translator/test_translator.py

@@ -770,6 +770,7 @@ def test_transform_success_no_side_effect(self, testcase, partition_with_region)
         "error_function_with_event_dest_type",
         "error_function_with_api_key_false",
         "error_api_with_usage_plan_invalid_parameter",
+        "error_api_with_usage_plan_invalid_path_method",
         "error_http_api_with_cors_def_uri",
         "error_http_api_invalid_lambda_auth",
         "error_api_mtls_configuration_invalid_field",