Audit fails with $ref that points to another file and contains ~1

[stevenj]

I am getting the error

Unexpected error when trying to audit API: Error: Unable to locate node: #/paths/~1auth~1newcustomer/post/url

Trying to audit my file.

The path element in question is:

paths:
  /v1/auth/newcustomer: # Causes a new customer email to be sent
    $ref: "v1/auth/newcustomer.yml#/paths/~1auth~1newcustomer"

Which is a valid reference.

[ak1394]

Could you provide sample of your OpenAPI file?

[stevenj]

Where would you like me to send it? I can not post it online.

[ak1394]

Could you post it to [email protected] ? I tried to reproduce the issue using the paths with ~1s but it worked for me. Perhaps the problem is more specific to your OAS, so it would be very helpful to have it.

[stevenj]

Sent as requested

[ak1394]

Thanks for sharing the sample! I see the issue occurring now. I'll let you know once I have ETA for a fix.

[ak1394]

I have fixed issue in the VS Code extension, which was causing "Unable to locate node" errors.

However, unfortunately for your OAS file the audit functionality is still unusable.

The issue is that in a few places you're referring to some individual properties of your 'Custom' schema, for example:
#/components/schemas/inc-components.oas3.yml-Custom/properties/mac while the audit code on our side expects more typical use of schemas located in /components/schemas where the entire schema is referred.

This is something for us to fix, but for now audit functionality effectively can't be used with your API.

[stevenj]

Yes, i have since refactored my openapi files to remove those. It was unnecessary. Thank you, i am now able to perform security audit.