Link nested parameter names #120
Description
Is your feature request related to a problem? Please describe.
I have an OpenAPI spec with a nested parameter that I'd like to have linked to a parameter of another QualifiedOperation. In this concrete case I have an object-type parameter named auth in the request body that has an id field. This id occurs in many other requests without the auth object wrapping it. I reckon that nesting parameters is a really common practice, and WuppieFuzz is missing many links by not considering this.
Describe the solution you'd like
A simple API that demonstrates the problem is here: api_nested_minimal.json.
In the case of the request parameters, the inout_params function in initial_corpus/dependency_graph/mod.rs only outputs ParameterNormalizations for req_outer_var and req_nester. I'd like to also get a normalization for req_inner_var so that it can be linked to other parameters.
Proposed changes
- Revamp the
ParameterNormalizationapproach for link matching.find_linkscurrently compares thenormalizedparameter name, which only matches if both the stemmed context (the path of the endpoint) and the stemmed parameter name are the same. This makes no sense to me, isn't it a major benefit to link parameters with the same name between different endpoints? I propose comparing just the stemmed parameter names. This may lead to too many links for large APIs, so it should be configurable/automated how links are pruned if this becomes too much. - Make nested parameters addressable - for the purposes of linking, parameters are currently identified purely by their name (for a given
QualiedOperation). A new addressing method is needed, as well as a textual representation for the corpus files.
Describe alternatives you've considered
None
Additional context
The allOf-limitation in #87 may be related - this is another kind of "nesting" schemas.