fix: validate price_id field rejects non-Stripe formats #15
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -7320,7 +7320,8 @@ | |||||
| "price_id": { | ||||||
| "type": "string", | ||||||
| "nullable": true, | ||||||
| "description": "Stripe price ID for billing purposes.", | ||||||
| "pattern": "^price_[a-zA-Z0-9_]+$" | ||||||
| }, | ||||||
| "status": { | ||||||
| "$ref": "#/components/schemas/DeviceStatus" | ||||||
|
|
@@ -7479,7 +7480,8 @@ | |||||
| }, | ||||||
| "price_id": { | ||||||
| "type": "string", | ||||||
| "nullable": true, | ||||||
| "pattern": "^price_[a-zA-Z0-9_]+$" | ||||||
|
There was a problem hiding this comment. The regex pattern
Suggested change
|
||||||
| }, | ||||||
| "status": { | ||||||
| "$ref": "#/components/schemas/DeviceStatus" | ||||||
|
|
@@ -8255,4 +8257,4 @@ | |||||
| } | ||||||
| } | ||||||
| } | ||||||
| } | ||||||
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -5787,6 +5787,7 @@ components: | |||||
| type: string | ||||||
| nullable: true | ||||||
| description: Stripe price ID for billing purposes. | ||||||
| pattern: ^price_[a-zA-Z0-9_]+$ | ||||||
|
There was a problem hiding this comment. The regex pattern
Suggested change
|
||||||
| status: | ||||||
| $ref: '#/components/schemas/DeviceStatus' | ||||||
| metadata: | ||||||
|
|
@@ -5970,6 +5971,7 @@ components: | |||||
| price_id: | ||||||
| type: string | ||||||
| nullable: true | ||||||
| pattern: ^price_[a-zA-Z0-9_]+$ | ||||||
|
Comment on lines
5972
to
+5974
There was a problem hiding this comment. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
set -euo pipefail
# Locate openapi.json
json_file=$(fd -a '^openapi\.json$' . || true)
if [[ -z "${json_file}" ]]; then
echo "openapi.json not found"
exit 1
fi
echo "=== Found openapi.json at: $json_file ==="
echo ""
# Show price_id entries and patterns for DeviceUpdate in openapi.json
echo "=== Searching for DeviceUpdate in openapi.json ==="
rg -n '"DeviceUpdate"' "$json_file" -C3 || echo "No DeviceUpdate found"
echo ""
echo "=== Searching for price_id in openapi.json ==="
rg -n '"price_id"' "$json_file" -C3 || echo "No price_id found"
echo ""
echo "=== Searching for price_ pattern in openapi.json ==="
rg -n 'price_[a-zA-Z0-9_]+' "$json_file" -C2 || echo "No price_ pattern found"Repository: stayforge/Stayforge-API Length of output: 8884 🏁 Script executed: #!/bin/bash
# Check if openapi.yaml exists
if [[ ! -f openapi.yaml ]]; then
echo "openapi.yaml not found in root"
fd -a '^openapi\.yaml$' . || true
exit 1
fi
# Show lines around 5972-5974 to see DeviceUpdate context
echo "=== Lines 5970-5980 of openapi.yaml ==="
sed -n '5970,5980p' openapi.yaml
# Search for DeviceUpdate schema definition
echo ""
echo "=== Searching for DeviceUpdate in openapi.yaml ==="
rg -n 'DeviceUpdate' openapi.yaml -B2 -A10 | head -50
# Confirm no price_id elsewhere in the JSON
echo ""
echo "=== File size and basic stats ==="
wc -l openapi.yaml
wc -l /home/jailuser/git/openapi.json || trueRepository: stayforge/Stayforge-API Length of output: 1543 Regenerate The YAML spec at lines 5972-5974 defines 🤖 Prompt for AI AgentsThere was a problem hiding this comment. The regex pattern
Suggested change
|
||||||
| status: | ||||||
| $ref: '#/components/schemas/DeviceStatus' | ||||||
| metadata: | ||||||
|
|
||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The regex pattern
^price_[a-zA-Z0-9_]+$is overly permissive. Stripe price IDs follow the formatprice_followed by alphanumeric characters only, without additional underscores. The pattern should be^price_[a-zA-Z0-9]+$(removing the underscore from the character class). This would correctly reject IDs likeprice_abc_defwhile still accepting valid IDs likeprice_1abc2def3.