change desription and fix issue for 2.0

SB-rohandhiman · SB-rohandhiman · commit 8d02d02af442 · 2025-12-12T16:17:48.000+05:30
diff --git a/docs/reference/openapi-rules.md b/docs/reference/openapi-rules.md
@@ -479,6 +479,65 @@ TheBadModel:
         type: array
 ```
 
+### security-scheme-name
+
+Security scheme name must not contain whitespace.
+
+Security scheme names are used as identifiers in OpenAPI documents and should follow a consistent naming pattern. This rule ensures that the `name` property within security scheme definitions only contains alphanumeric characters, dots (.), underscores (_), and hyphens (-), preventing issues with whitespace or special characters.
+
+This rule applies to OpenAPI v2.0, v3.0, and v3.1.
+
+**Recommended:** Yes
+
+**Good Example**
+
+For OpenAPI v3.0 and v3.1:
+
+```yaml
+components:
+  securitySchemes:
+    api_key:
+      type: apiKey
+      name: api-key.v1
+      in: header
+    bearer_auth:
+      type: http
+      scheme: bearer
+```
+
+For OpenAPI v2.0:
+
+```yaml
+securityDefinitions:
+  api_key:
+    type: apiKey
+    name: X-API-Key
+    in: header
+```
+
+**Bad Example**
+
+For OpenAPI v3.0 and v3.1:
+
+```yaml
+components:
+  securitySchemes:
+    api_key:
+      type: apiKey
+      name: api key with spaces
+      in: header
+```
+
+For OpenAPI v2.0:
+
+```yaml
+securityDefinitions:
+  api_key:
+    type: apiKey
+    name: X-API Key
+    in: header
+```
+
 ## OpenAPI v2.0-only
 
 These rules will only apply to OpenAPI v2.0 documents.
diff --git a/packages/rulesets/src/oas/__tests__/security-scheme-name.test.ts b/packages/rulesets/src/oas/__tests__/security-scheme-name.test.ts
@@ -4,7 +4,7 @@ testRule('security-scheme-name', [
   {
     name: 'valid case - simple alphanumeric name',
     document: {
-      openapi: '3.0.2',
+      openapi: '3.0.0',
       components: {
         securitySchemes: {
           apikey: {
@@ -21,7 +21,7 @@ testRule('security-scheme-name', [
   {
     name: 'valid case - name with allowed special characters',
     document: {
-      openapi: '3.0.2',
+      openapi: '3.0.0',
       components: {
         securitySchemes: {
           oauth2: {
@@ -64,10 +64,27 @@ testRule('security-scheme-name', [
     errors: [],
   },
 
+  {
+    name: 'valid case - OAS 3.1 security scheme',
+    document: {
+      openapi: '3.1.0',
+      components: {
+        securitySchemes: {
+          bearer_token: {
+            type: 'http',
+            scheme: 'bearer',
+            name: 'Bearer-Token_v1',
+          },
+        },
+      },
+    },
+    errors: [],
+  },
+
   {
     name: 'invalid case - name with spaces',
     document: {
-      openapi: '3.0.2',
+      openapi: '3.0.0',
       components: {
         securitySchemes: {
           apikey: {
@@ -88,7 +105,7 @@ testRule('security-scheme-name', [
   {
     name: 'invalid case - name with special characters',
     document: {
-      openapi: '3.0.2',
+      openapi: '3.0.0',
       components: {
         securitySchemes: {
           oauth2: {
@@ -115,7 +132,7 @@ testRule('security-scheme-name', [
   {
     name: 'invalid case - name with parentheses and brackets',
     document: {
-      openapi: '3.0.2',
+      openapi: '3.0.0',
       components: {
         securitySchemes: {
           basic: {
@@ -136,7 +153,7 @@ testRule('security-scheme-name', [
   {
     name: 'mixed case - valid and invalid names',
     document: {
-      openapi: '3.0.2',
+      openapi: '3.0.0',
       components: {
         securitySchemes: {
           validApiKey: {
@@ -167,7 +184,7 @@ testRule('security-scheme-name', [
   {
     name: 'edge case - empty name',
     document: {
-      openapi: '3.0.2',
+      openapi: '3.0.0',
       components: {
         securitySchemes: {
           apikey: {
@@ -188,7 +205,7 @@ testRule('security-scheme-name', [
   {
     name: 'valid case - numeric only name',
     document: {
-      openapi: '3.0.2',
+      openapi: '3.0.0',
       components: {
         securitySchemes: {
           apikey: {
@@ -201,4 +218,23 @@ testRule('security-scheme-name', [
     },
     errors: [],
   },
+
+  {
+    name: 'invalid case - OAS 2.0 name with spaces',
+    document: {
+      swagger: '2.0',
+      securityDefinitions: {
+        api_key: {
+          type: 'apiKey',
+          name: 'X-API Key',
+          in: 'header',
+        },
+      },
+    },
+    errors: [
+      {
+        message: '"X-API Key" must match the pattern "^[a-zA-Z0-9._-]+$"',
+      },
+    ],
+  },
 ]);
diff --git a/packages/rulesets/src/oas/index.ts b/packages/rulesets/src/oas/index.ts
@@ -769,13 +769,13 @@ const ruleset = {
       },
     },
     'security-scheme-name': {
-      description: 'Ensure that security scheme should have valid name',
+      description: 'Security scheme name must not contain whitespace.',
       message: '{{error}}',
       severity: 0,
       formats: [oas2, oas3],
       recommended: true,
       resolved: false,
-      given: '$.components.securitySchemes[*].name',
+      given: ['$.components.securitySchemes[*].name', '$.securityDefinitions[*].name'],
       then: {
         function: pattern,
         functionOptions: {
