Skip to content

False positive: Rule incorrectly expects array collections property for binary PDF files #786

New issue
New issue
Open
Open
False positive: Rule incorrectly expects array collections property for binary PDF files#786
@kbabu105

Description

@kbabu105
kbabu105
opened on Mar 4, 2026

FALSE POSITIVE: These return binary PDF files, not collections. Rule incorrectly expects array property ibm-collection-array-property.

Summary

The IBM OpenAPI Validator reports an error for ibm-collection-array-property on two endpoints that return PDF files. The rule incorrectly flags these responses as missing an array property, but the endpoints intentionally return binary PDF content, not collections. Therefore, the findings are false positives.

Details

When validating the following API responses, the IBM OpenAPI Validator incorrectly reports errors:
Validator Errors:
Message: Array property expected for collection response
Rule: ibm-collection-array-property
Paths:

  • GET /gateways/{id}/completion_notice
  • GET /gateways/{id}/letter_of_authorization
    Lines: 208–211

Explanation

These endpoints return binary PDF documents as direct file downloads. They are not collection‑type responses and are not intended to contain arrays. The validator’s rule for collection responses does not apply to binary media types, resulting in a false positive.

OpenAPI Document:

paths:
  /gateways/{id}/letter_of_authorization:
    parameters:
      - $ref: "#/components/parameters/path_gateway_dedicated_only_id"
      - $ref: '#/components/parameters/version'
    get:
      tags:
      - "Gateways"
      summary: "Get letter of authorization"
      description: Retrieve a Direct Link Dedicated gateway's Letter of Authorization.
      operationId: list_gateway_letter_of_authorization
      responses:
        '200':
          description: "Letter of Authorization retrieved successfully."
          content:
            application/pdf:
              schema:
                description: Letter of Authorization
                type: string
                format: binary

paths:
  /gateways/{id}/completion_notice:
    parameters:
      - $ref: "#/components/parameters/path_gateway_dedicated_only_id"
      - $ref: '#/components/parameters/version'
    get:
      tags:
      - "Gateways"
      summary: "Get completion notice"
      description: |-
        Retrieve a Direct Link Dedicated gateway's completion notice.
      operationId: list_gateway_completion_notice
      responses:
        '200':
          description: "Completion notice retrieved successfully."
          content:
            application/pdf:
              schema:
                description: Completion Notice
                type: string
                format: binary

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions