Jentic OpenAPI SpecLynx Validator Backend

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for TilmanSchaefer from gravatar.com TilmanSchaefer

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

jentic-openapi-validator-speclynx

A SpecLynx ApiDOM validator backend for the Jentic OpenAPI Tools ecosystem. This package provides OpenAPI document validation using SpecLynx ApiDOM with comprehensive error reporting and flexible configuration options.

Features

  • Multiple input formats: Validate OpenAPI documents from file URIs or Python dictionaries
  • Custom plugins: Use built-in plugins or provide your own validation plugins
  • Configurable timeouts: Control execution time limits for different use cases
  • Rich diagnostics: Detailed validation results with line/column information
  • Type-safe API: Full typing support with Literal types and comprehensive docstrings

Installation

pip install jentic-openapi-validator-speclynx

Prerequisites:

  • Node.js and npm (for SpecLynx CLI)
  • Python 3.11+

The SpecLynx dependencies will be automatically installed via npm on first use.

Quick Start

Basic Usage

from jentic.apitools.openapi.validator.backends.speclynx import SpeclynxValidatorBackend

# Create validator with defaults
validator = SpeclynxValidatorBackend()

# Validate from file URI
result = validator.validate("file:///path/to/openapi.yaml")
print(f"Valid: {result.valid}")

# Check for validation issues
if not result.valid:
    for diagnostic in result.diagnostics:
        print(f"Error: {diagnostic.message}")

Validate Dictionary Documents

# Validate from dictionary
openapi_doc = {
    "openapi": "3.0.0",
    "info": {"title": "My API", "version": "1.0.0"},
    "paths": {}
}

result = validator.validate(openapi_doc)
print(f"Document is valid: {result.valid}")

Configuration Options

Custom Plugins Directory

# Use additional plugins directory (merged with built-in plugins)
validator = SpeclynxValidatorBackend(plugins_dir="/path/to/custom-plugins")

# The validator loads all .mjs files from both:
# 1. Built-in plugins directory (always loaded)
# 2. Custom plugins directory (merged with built-in plugins)

Timeout Configuration

# Short timeout for CI/CD (10 seconds)
validator = SpeclynxValidatorBackend(timeout=10.0)

# Extended timeout for large documents (2 minutes)
validator = SpeclynxValidatorBackend(timeout=120.0)

# Combined configuration (45 seconds)
validator = SpeclynxValidatorBackend(
    plugins_dir="/path/to/custom-plugins",
    timeout=45.0
)

Custom SpecLynx Path

By default, the validator uses the bundled SpecLynx CLI via npx. You can override this to use a custom installation:

# Use custom speclynx installation
validator = SpeclynxValidatorBackend(speclynx_path="/usr/local/bin/speclynx")

# Install additional npm packages for custom plugins that have dependencies
# The -p flag installs packages before running the CLI
validator = SpeclynxValidatorBackend(
    speclynx_path="npx --yes -p lodash -p moment jentic-openapi-validator-speclynx-0.1.0.tgz"
)

Path Security

Use allowed_base_dir to restrict file access when processing untrusted input or running as a web service:

from jentic.apitools.openapi.common.path_security import (
    PathTraversalError,
    InvalidExtensionError,
)

# Restrict file access to /var/app/documents directory
validator = SpeclynxValidatorBackend(
    allowed_base_dir="/var/app/documents"
)

# Valid paths within allowed directory work normally
result = validator.validate("/var/app/documents/specs/openapi.yaml")

# Path traversal attempts are blocked
try:
    result = validator.validate("/var/app/documents/../../etc/passwd")
except PathTraversalError as e:
    print(f"Security violation: {e}")

# Invalid file extensions are rejected
try:
    result = validator.validate("/var/app/documents/malicious.exe")
except InvalidExtensionError as e:
    print(f"Invalid file type: {e}")

# HTTP(S) URLs bypass path validation (as expected)
result = validator.validate("https://example.com/openapi.yaml")

# Combined security configuration for web services
validator = SpeclynxValidatorBackend(
    allowed_base_dir="/var/app/uploads",
    plugins_dir="/var/app/config/custom-plugins",
    timeout=600.0
)

Security Benefits:

  • Prevents path traversal attacks (../../etc/passwd)
  • Restricts access to allowed directories only (when allowed_base_dir is set)
  • Validates file extensions (.yaml, .yml, .json) - always enforced, even when allowed_base_dir=None
  • Checks symlinks don't escape boundaries (when allowed_base_dir is set)

Note: File extension validation (.yaml, .yml, .json) is always performed for filesystem paths, regardless of whether allowed_base_dir is set. When allowed_base_dir=None, only the base directory containment check is skipped.

Advanced Usage

Error Handling

from jentic.apitools.openapi.common.subproc import SubprocessExecutionError

try:
    result = validator.validate("file:///path/to/openapi.yaml")

    if result.valid:
        print("Document is valid")
    else:
        print("Validation failed:")
        for diagnostic in result.diagnostics:
            severity = diagnostic.severity.name
            line = diagnostic.range.start.line + 1
            print(f"  {severity}: {diagnostic.message} (line {line})")

except SubprocessExecutionError as e:
    print(f"SpecLynx execution failed: {e}")
except TypeError as e:
    print(f"Invalid document type: {e}")

Supported Document Formats

# Check what formats the validator supports
formats = validator.accepts()
print(formats)  # ['uri', 'dict']

# Validate different input types
if "uri" in validator.accepts():
    result = validator.validate("file:///path/to/spec.yaml")

if "dict" in validator.accepts():
    result = validator.validate({"openapi": "3.0.0", ...})

Custom Plugins

Create custom validation plugins as ES modules (.mjs files). Plugins use the ApiDOM visitor pattern:

// custom-plugin.mjs
import {toValue} from '@speclynx/apidom-core';
import {DiagnosticSeverity} from 'vscode-languageserver-types';

export default ({diagnostics}) => () => ({
    pre() {
    },
    visitor: {
        InfoElement(path) {
            const info = path.node;
            const version = info.get('version');

            if (version && typeof toValue(version) !== 'string') {
                diagnostics.push({
                    severity: DiagnosticSeverity.Error,
                    message: 'info.version must be a string',
                    code: 'invalid-info-version-type',
                    range: {
                        start: {line: 0, character: 0},
                        end: {line: 0, character: 0}
                    },
                    data: {path: ['info', 'version']}
                });
            }
        }
    },
    post() {
    },
});

Use it with the validator:

validator = SpeclynxValidatorBackend(plugins_dir="./custom-plugins")
result = validator.validate("file:///path/to/openapi.yaml")

Note: Custom plugins are merged with built-in plugins. Both the built-in plugins and your custom plugins will run during validation.

Testing

Integration Tests

The integration tests require Node.js to be available. They will be automatically skipped if Node.js is not installed.

Run the integration test:

uv run --package jentic-openapi-validator-speclynx pytest packages/jentic-openapi-validator-speclynx -v

API Reference

SpeclynxValidatorBackend

class SpeclynxValidatorBackend(BaseValidatorBackend):
    def __init__(
            self,
            speclynx_path: str = "npx --yes jentic-openapi-validator-speclynx-0.1.0.tgz",
            timeout: float = 600.0,
            allowed_base_dir: str | Path | None = None,
            plugins_dir: str | Path | None = None,
    ) -> None

Parameters:

  • speclynx_path: Path to the SpecLynx CLI executable. Default uses bundled npm tarball via npx. Can be a custom path like /usr/local/bin/speclynx or an npx command with additional packages (optional)
  • timeout: Maximum execution time in seconds (default: 600.0)
  • allowed_base_dir: Optional base directory for path security validation. When set, all document paths are validated to be within this directory, providing defense against path traversal attacks. When None (default), only file extension validation is performed (no base directory containment check). Recommended for web services or untrusted input (optional)
  • plugins_dir: Optional directory containing additional validation plugins (.mjs files). When specified, custom plugins are merged with built-in plugins (both are loaded). If None (default), only built-in plugins are used (optional)

Methods:

  • accepts() -> list[Literal["uri", "dict"]]: Returns supported document format identifiers
  • validate(document: str | dict, *, base_url: str | None = None, target: str | None = None) -> ValidationResult: Validates an OpenAPI document

Exceptions:

  • RuntimeError: SpecLynx execution fails
  • SubprocessExecutionError: SpecLynx times out or fails to start
  • TypeError: Unsupported document type
  • PathTraversalError: Document path attempts to escape allowed_base_dir (only when allowed_base_dir is set)
  • InvalidExtensionError: Document path has disallowed file extension (always checked for filesystem paths)

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for TilmanSchaefer from gravatar.com TilmanSchaefer

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

1.0.0a55 pre-release

1.0.0a54 pre-release

1.0.0a53 pre-release

1.0.0a52 pre-release

1.0.0a51 pre-release

1.0.0a50 pre-release

1.0.0a49 pre-release

1.0.0a48 pre-release

1.0.0a47 pre-release

1.0.0a46 pre-release

1.0.0a45 pre-release

1.0.0a44 pre-release

1.0.0a43 pre-release

1.0.0a42 pre-release

1.0.0a41 pre-release

1.0.0a40 pre-release

1.0.0a39 pre-release

1.0.0a38 pre-release

1.0.0a37 pre-release

This version

1.0.0a36 pre-release

1.0.0a35 pre-release

1.0.0a34 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

jentic_openapi_validator_speclynx-1.0.0a36.tar.gz (16.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

jentic_openapi_validator_speclynx-1.0.0a36-py3-none-any.whl (19.1 kB view details)

Uploaded Python 3

File details

Details for the file jentic_openapi_validator_speclynx-1.0.0a36.tar.gz.

File metadata

File hashes

Hashes for jentic_openapi_validator_speclynx-1.0.0a36.tar.gz
Algorithm Hash digest
SHA256 12544c43b4862d31fab1c2ab01b0f6926109e71d5367803a45845e6e1a28c8f0
MD5 f71d29e9acb350d45f54da0fa35e6001
BLAKE2b-256 64f773e7887e099c3d850aa053a3518c4cd1806b6f9d23abd418f171320b557e

See more details on using hashes here.

Provenance

The following attestation bundles were made for jentic_openapi_validator_speclynx-1.0.0a36.tar.gz:

Publisher: release.yml on jentic/jentic-openapi-tools

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file jentic_openapi_validator_speclynx-1.0.0a36-py3-none-any.whl.

File metadata

File hashes

Hashes for jentic_openapi_validator_speclynx-1.0.0a36-py3-none-any.whl
Algorithm Hash digest
SHA256 2a57a03be2ff5200dddda27f4dd024ac0aefe171545e1f822909d18412c4cdf8
MD5 5462b64d67f726e68be11e664a332871
BLAKE2b-256 c54ea7e52bc83df638d8f46f3c63db7b710ba9958e4a6c44af6a5fa7b093dfd7

See more details on using hashes here.

Provenance

The following attestation bundles were made for jentic_openapi_validator_speclynx-1.0.0a36-py3-none-any.whl:

Publisher: release.yml on jentic/jentic-openapi-tools

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page