fix(security): add back oasOpSecurityDefined

src/rulesets/oas/functions/oasOpSecurityDefined/__tests__/index.ts

@@ -1,15 +1,16 @@
 import { Spectral } from '../../../../../index';
-import { commonOasFunctions, commonOasRules } from '../../../index';
+import { oas2Functions, oas2Rules } from '../../../../oas2/index';
+import { oas3Functions, oas3Rules } from '../../../../oas3/index';
 
-const ruleset = { functions: commonOasFunctions(), rules: commonOasRules() };
+const oas2Ruleset = { functions: oas2Functions(), rules: oas2Rules() };
+const oas3Ruleset = { functions: oas3Functions(), rules: oas3Rules() };
 
-// TODO: did usage of this custom function go away? where is it?
-describe.skip('oasOpSecurityDefined', () => {
+describe('oasOpSecurityDefined', () => {
   describe('oas2', () => {
     const s = new Spectral();
-    s.addFunctions(ruleset.functions || {});
+    s.addFunctions(oas2Ruleset.functions || {});
     s.addRules({
-      'operation-security-defined': Object.assign(ruleset.rules['operation-security-defined'], {
+      'operation-security-defined': Object.assign(oas2Ruleset.rules['operation-security-defined'], {
         enabled: true,
       }),
     });
@@ -56,9 +57,9 @@ describe.skip('oasOpSecurityDefined', () => {
 
   describe('oas3', () => {
     const s = new Spectral();
-    s.addFunctions(ruleset.functions || {});
+    s.addFunctions(oas3Ruleset.functions || {});
     s.addRules({
-      'operation-security-defined': Object.assign(ruleset.rules['operation-security-defined'], {
+      'operation-security-defined': Object.assign(oas3Ruleset.rules['operation-security-defined'], {
         enabled: true,
       }),
     });

src/rulesets/oas/index.ts

@@ -7,7 +7,7 @@ export const commonOasFunctions = (): FunctionCollection => {
   return {
     oasPathParam: require('./functions/oasPathParam').oasPathParam,
     oasOp2xxResponse: require('./functions/oasOp2xxResponse').oasOp2xxResponse,
-    // oasOpSecurityDefined: require('./functions/oasOpSecurityDefined').oasOpSecurityDefined,
+    oasOpSecurityDefined: require('./functions/oasOpSecurityDefined').oasOpSecurityDefined, // used in oas2/oas3 differently see their rulesets for details
     oasOpIdUnique: require('./functions/oasOpIdUnique').oasOpIdUnique,
     oasOpFormDataConsumeCheck: require('./functions/oasOpFormDataConsumeCheck').oasOpFormDataConsumeCheck,
     oasOpParams: require('./functions/oasOpParams').oasOpParams,

src/rulesets/oas2/index.ts

@@ -88,5 +88,18 @@ export const oas2Rules = () => {
         function: RuleFunction.TRUTHY,
       },
     },
+    'operation-security-defined': {
+      enabled: true,
+      summary: 'Operation `security` values must match a scheme defined in the `securityDefinitions` object.',
+      type: RuleType.VALIDATION,
+      given: '$',
+      then: {
+        function: 'oasOpSecurityDefined',
+        functionOptions: {
+          schemesPath: ['securityDefinitions'],
+        },
+      },
+      tags: ['operation'],
+    },
   });
 };

src/rulesets/oas3/index.ts

@@ -53,6 +53,19 @@ export const oas3Rules = () => {
         function: RuleFunction.TRUTHY,
       },
     },
+    'operation-security-defined': {
+      enabled: true,
+      summary: 'Operation `security` values must match a scheme defined in the `components.securitySchemes` object.',
+      type: RuleType.VALIDATION,
+      given: '$',
+      then: {
+        function: 'oasOpSecurityDefined',
+        functionOptions: {
+          schemesPath: ['components', 'securitySchemes'],
+        },
+      },
+      tags: ['operation'],
+    },
     'server-not-example.com': {
       enabled: false,
       summary: 'Server URL should not point at `example.com`.',