From d3fbcd0809aeffd41c67a8e9df4fea2952a0ccdf Mon Sep 17 00:00:00 2001
From: Patrick Boos <patrick.boos@getyourguide.com>
Date: Thu, 19 Oct 2023 13:48:25 +0200
Subject: [PATCH 1/2] bugfix: Ignore violations on 404 with
 "validation.request.operation.notAllowed"

---
 .../InternalViolationExclusions.java          |  7 ++++--
 .../InternalViolationExclusionsTest.java      | 23 +++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/openapi-validation-core/src/main/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusions.java b/openapi-validation-core/src/main/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusions.java
index 3bacb7c..d858632 100644
--- a/openapi-validation-core/src/main/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusions.java
+++ b/openapi-validation-core/src/main/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusions.java
@@ -29,8 +29,11 @@ private static boolean oneOfMatchesMoreThanOneSchema(OpenApiViolation violation)
     }
 
     private boolean falsePositive404(OpenApiViolation violation) {
-        return Rules.Request.PATH_MISSING.equals(violation.getRule())
-            && (
+        return
+            (
+                Rules.Request.PATH_MISSING.equals(violation.getRule())
+                || Rules.Request.OPERATION_NOT_ALLOWED.equals(violation.getRule())
+            ) && (
                 violation.getDirection() == Direction.REQUEST
                 || (violation.getDirection() == Direction.RESPONSE && violation.getResponseStatus().orElse(0) == 404)
             );
diff --git a/openapi-validation-core/src/test/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusionsTest.java b/openapi-validation-core/src/test/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusionsTest.java
index 343a1b5..5ad91cd 100644
--- a/openapi-validation-core/src/test/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusionsTest.java
+++ b/openapi-validation-core/src/test/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusionsTest.java
@@ -80,6 +80,29 @@ public void when404ResponseWithApiPathNotSpecifiedThenViolationExcluded() {
             .build());
     }
 
+    @Test
+    public void when404ResponseWithOperationNotAllowedThenViolationExcluded() {
+        when(customViolationExclusions.isExcluded(any())).thenReturn(false);
+
+        checkViolationExcluded(OpenApiViolation.builder()
+            .direction(Direction.RESPONSE)
+            .rule("validation.request.operation.notAllowed")
+            .responseStatus(404)
+            .message("GET operation not allowed on path '/users'")
+            .build());
+    }
+
+    @Test
+    public void when404RequestWithOperationNotAllowedThenViolationExcluded() {
+        when(customViolationExclusions.isExcluded(any())).thenReturn(false);
+
+        checkViolationExcluded(OpenApiViolation.builder()
+            .direction(Direction.REQUEST)
+            .rule("validation.request.operation.notAllowed")
+            .message("GET operation not allowed on path '/users'")
+            .build());
+    }
+
     @Test
     public void whenRequestWithApiPathNotSpecifiedThenViolationExcluded() {
         when(customViolationExclusions.isExcluded(any())).thenReturn(false);

From 3a44c6c5b56bc9a7a387cc71de4e35dbbe00f18a Mon Sep 17 00:00:00 2001
From: Patrick Boos <patrick.boos@getyourguide.com>
Date: Thu, 19 Oct 2023 13:49:43 +0200
Subject: [PATCH 2/2] Improve check

---
 .../core/exclusions/InternalViolationExclusions.java          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/openapi-validation-core/src/main/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusions.java b/openapi-validation-core/src/main/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusions.java
index d858632..346ddf5 100644
--- a/openapi-validation-core/src/main/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusions.java
+++ b/openapi-validation-core/src/main/java/com/getyourguide/openapi/validation/core/exclusions/InternalViolationExclusions.java
@@ -34,8 +34,8 @@ private boolean falsePositive404(OpenApiViolation violation) {
                 Rules.Request.PATH_MISSING.equals(violation.getRule())
                 || Rules.Request.OPERATION_NOT_ALLOWED.equals(violation.getRule())
             ) && (
-                violation.getDirection() == Direction.REQUEST
-                || (violation.getDirection() == Direction.RESPONSE && violation.getResponseStatus().orElse(0) == 404)
+                (violation.getDirection() == Direction.REQUEST && violation.getResponseStatus().isEmpty())
+                || violation.getResponseStatus().orElse(0) == 404
             );
     }