[Bugfix] Ignore violation operation not allowed with status code 404 (#45)

Author: pboos

openapi-validation-core/src/main/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusions.java

@@ -29,10 +29,13 @@ private static boolean oneOfMatchesMoreThanOneSchema(OpenApiViolation violation)
     }
 
     private boolean falsePositive404(OpenApiViolation violation) {
-        return Rules.Request.PATH_MISSING.equals(violation.getRule())
-            && (
-                violation.getDirection() == Direction.REQUEST
-                || (violation.getDirection() == Direction.RESPONSE && violation.getResponseStatus().orElse(0) == 404)
+        return
+            (
+                Rules.Request.PATH_MISSING.equals(violation.getRule())
+                || Rules.Request.OPERATION_NOT_ALLOWED.equals(violation.getRule())
+            ) && (
+                (violation.getDirection() == Direction.REQUEST && violation.getResponseStatus().isEmpty())
+                || violation.getResponseStatus().orElse(0) == 404
             );
     }
 

openapi-validation-core/src/test/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusionsTest.java

@@ -80,6 +80,29 @@ public void when404ResponseWithApiPathNotSpecifiedThenViolationExcluded() {
             .build());
     }
 
+    @Test
+    public void when404ResponseWithOperationNotAllowedThenViolationExcluded() {
+        when(customViolationExclusions.isExcluded(any())).thenReturn(false);
+
+        checkViolationExcluded(OpenApiViolation.builder()
+            .direction(Direction.RESPONSE)
+            .rule("validation.request.operation.notAllowed")
+            .responseStatus(404)
+            .message("GET operation not allowed on path '/users'")
+            .build());
+    }
+
+    @Test
+    public void when404RequestWithOperationNotAllowedThenViolationExcluded() {
+        when(customViolationExclusions.isExcluded(any())).thenReturn(false);
+
+        checkViolationExcluded(OpenApiViolation.builder()
+            .direction(Direction.REQUEST)
+            .rule("validation.request.operation.notAllowed")
+            .message("GET operation not allowed on path '/users'")
+            .build());
+    }
+
     @Test
     public void whenRequestWithApiPathNotSpecifiedThenViolationExcluded() {
         when(customViolationExclusions.isExcluded(any())).thenReturn(false);