An invalid schema will cause the validation proxy to always pass

[aleung]

Context

Provide an OpenAPI file which contains error in the schema.
Run prism as validation proxy, it is unable to report the error in the schema, and request/response validation always pass.

Current Behavior

No error reported. No matter the request/response violates the schema or not. All errors are silently hidden.

Expected Behavior

It should report that the OpenAPI schema is invalid.

Steps to Reproduce

1. Save the below OpenAPI which contains typo into file openapi.yaml
2. Start a local server to serve the API (see code below). The server response violates the schema.
3. Run Prism: prism proxy openapi.yaml http://localhost:8023
4. Use any HTTP client to send a request: GET http://127.0.0.1:4010/car/1
5. No error reported. Actually there are two mistakes:
   • OpenAPI schema invalid
   • Response message violates schema

openapi: 3.0.0
info:
  version: 1.0.0
  title: Test API
servers:
  - url: /test/v1
paths:
  /car/{id}:
    get:
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Car'
components:
  schemas:
    Car:
      type: obj     # <-- typo, should be "object"
      required:
        - wheels
      properties:
        wheels:
          type: number

import express from 'express';

const server = express();
server.use(express.json({ type: ['application/json', 'application/*+json'] }));
server.use(express.text());
server.use(express.urlencoded({ extended: false }));

server.get('/car/:id', (_req, res) => {
  res.setHeader('content-type', 'application/json');
  res.status(200).send({
    // missing required property 'wheels'
    "color": "black"
  });
});

server.listen(8023);

Environment

• Version used: 5.5.2
• Environment name and version (e.g. Chrome 39, node.js 5.4): docker

Analysis

prism/packages/http/src/validator/validators/utils.ts

Line 140 in a1360b3

O.tryCatch(() => getValidationFunction(assignAjvInstance(String(schema.$schema), coerce), schema, bundle)),

In the validation function Avj throw an error about invalid schema. But tryCatch just ignore it and not being converted to an error.

[chohmann]

@aleung Thank you for reporting this! We agree that not swallowing this error for AJV would be ideal.

Here's the solution we propose:

1. instead of catching the error, log out a warning message about the invalid schema but proceed as it does today

We would gladly accept a PR that implements the proposed solution above.

In the meantime, you could use Spectral to validate your spec before starting up Prism with it. That would tell you if your entire spec is valid before using it.