resolve the webhook/pathItems issue

Author: tatomyr

packages/core/src/rules/oas3/__tests__/no-unused-components.test.ts

@@ -321,6 +321,49 @@ describe('Oas3 no-unused-components', () => {
     `);
   });
 
+  it('should not report securitySchemes referenced via SecurityRequirement from webhooks or components.pathItems', async () => {
+    const document = parseYamlToDocument(
+      outdent`
+        openapi: 3.1.0
+        components:
+          securitySchemes:
+            webhook_key:
+              type: apiKey
+              name: webhook-key
+              in: header
+            shared_key:
+              type: apiKey
+              name: shared-key
+              in: header
+          pathItems:
+            shared:
+              get:
+                security:
+                  - shared_key: []
+                responses:
+                  '200':
+                    description: ok
+        webhooks:
+          newPet:
+            post:
+              security:
+                - webhook_key: []
+              responses:
+                '200':
+                  description: ok
+        `,
+      'foobar.yaml'
+    );
+
+    const results = await lintDocument({
+      externalRefResolver: new BaseResolver(),
+      document,
+      config: await createConfig({ rules: { 'no-unused-components': 'error' } }),
+    });
+
+    expect(results).toEqual([]);
+  });
+
   it('should not report securitySchemes referenced via SecurityRequirement', async () => {
     const document = parseYamlToDocument(
       outdent`

packages/core/src/rules/oas3/no-unused-components.ts

@@ -11,6 +11,7 @@ type ComponentInfo = {
 
 export const NoUnusedComponents: Oas3Rule = () => {
   const components = new Map<string, ComponentInfo>();
+  const securitySchemeLocations = new Map<string, Location>();
   const usedSecuritySchemeComponents = new Set<string>();
 
   function registerComponent(
@@ -59,6 +60,15 @@ export const NoUnusedComponents: Oas3Rule = () => {
             });
           }
         });
+        securitySchemeLocations.forEach((location, name) => {
+          if (!usedSecuritySchemeComponents.has(name)) {
+            report({
+              message: `Security scheme: "${name}" is never used.`,
+              location: location.key(),
+              reference: 'https://redocly.com/docs/cli/rules/oas/no-unused-components',
+            });
+          }
+        });
       },
     },
     NamedSchemas: {
@@ -100,15 +110,8 @@ export const NoUnusedComponents: Oas3Rule = () => {
       },
     },
     NamedSecuritySchemes: {
-      SecurityScheme(_securityScheme, { location, key, report }) {
-        const name = key.toString();
-        if (!usedSecuritySchemeComponents.has(name)) {
-          report({
-            message: `Security scheme: "${name}" is never used.`,
-            location: location.key(),
-            reference: 'https://redocly.com/docs/cli/rules/oas/no-unused-components',
-          });
-        }
+      SecurityScheme(_securityScheme, { location, key }) {
+        securitySchemeLocations.set(key.toString(), location);
       },
     },
     SecurityRequirement(requirements) {

tests/e2e/lint/oas3.1/snapshot.txt

@@ -19,32 +19,32 @@ referenced from openapi.yaml:180:7 at #/components/schemas/Problem
 Warning was generated by the no-invalid-schema-examples rule.
 
 
-[2] openapi.yaml:175:5 at #/components/securitySchemes/mtls
+[2] openapi.yaml:179:5 at #/components/schemas/Problem
 
-Security scheme: "mtls" is never used.
+Component: "Problem" is never used.
 
-173 | components:
-174 |   securitySchemes:
-175 |     mtls:
-    |     ^^^^
-176 |       type: mutualTLS
-177 |   pathItems: {}
+177 | pathItems: {}
+178 | schemas:
+179 |   Problem:
+    |   ^^^^^^^
+180 |     id: https://tools.ietf.org/rfc/rfc7807.txt
+181 |     $schema: 'http://json-schema.org/draft-06/schema#'
 
 Warning was generated by the no-unused-components rule.
 
 Reference: https://redocly.com/docs/cli/rules/oas/no-unused-components
 
 
-[3] openapi.yaml:179:5 at #/components/schemas/Problem
+[3] openapi.yaml:175:5 at #/components/securitySchemes/mtls
 
-Component: "Problem" is never used.
+Security scheme: "mtls" is never used.
 
-177 | pathItems: {}
-178 | schemas:
-179 |   Problem:
-    |   ^^^^^^^
-180 |     id: https://tools.ietf.org/rfc/rfc7807.txt
-181 |     $schema: 'http://json-schema.org/draft-06/schema#'
+173 | components:
+174 |   securitySchemes:
+175 |     mtls:
+    |     ^^^^
+176 |       type: mutualTLS
+177 |   pathItems: {}
 
 Warning was generated by the no-unused-components rule.
 

tests/e2e/lint/oas3.2/snapshot.txt

@@ -277,7 +277,23 @@ Operation must have at least one `4XX` response.
 Warning was generated by the operation-4xx-response rule.
 
 
-[21] openapi.yaml:125:5 at #/components/securitySchemes/petstore_auth
+[21] openapi.yaml:149:5 at #/components/schemas/MyResponseType
+
+Component: "MyResponseType" is never used.
+
+147 |         tokenUrl: http://localhost
+148 | schemas:
+149 |   MyResponseType:
+    |   ^^^^^^^^^^^^^^
+150 |     oneOf:
+151 |       - $ref: '#/components/schemas/Lizard'
+
+Warning was generated by the no-unused-components rule.
+
+Reference: https://redocly.com/docs/cli/rules/oas/no-unused-components
+
+
+[22] openapi.yaml:125:5 at #/components/securitySchemes/petstore_auth
 
 Security scheme: "petstore_auth" is never used.
 
@@ -293,7 +309,7 @@ Warning was generated by the no-unused-components rule.
 Reference: https://redocly.com/docs/cli/rules/oas/no-unused-components
 
 
-[22] openapi.yaml:136:5 at #/components/securitySchemes/api_key
+[23] openapi.yaml:136:5 at #/components/securitySchemes/api_key
 
 Security scheme: "api_key" is never used.
 
@@ -309,22 +325,6 @@ Warning was generated by the no-unused-components rule.
 Reference: https://redocly.com/docs/cli/rules/oas/no-unused-components
 
 
-[23] openapi.yaml:149:5 at #/components/schemas/MyResponseType
-
-Component: "MyResponseType" is never used.
-
-147 |         tokenUrl: http://localhost
-148 | schemas:
-149 |   MyResponseType:
-    |   ^^^^^^^^^^^^^^
-150 |     oneOf:
-151 |       - $ref: '#/components/schemas/Lizard'
-
-Warning was generated by the no-unused-components rule.
-
-Reference: https://redocly.com/docs/cli/rules/oas/no-unused-components
-
-
 
 validating openapi.yaml using lint rules for api 'main'...
 openapi.yaml: validated in <test>ms