Recommended

oas2-host-not-example


Formats: Severity:

JSON Path: $.host

Sometimes the host contains ‘example.com’, added during testing phases. Sometimes this is left in when the specification is pushed to production.

Unless the user is the owner of ‘example.com’, it’s probably a good idea to check for this and any other example-type domains used.

Why did this violation appear?

example.com’ was found in the host property of the specification.

Bad example

swagger: 2.0
host: "example.com"
schemes:
 - "https"
paths:
 /vacuum:
  ...

Good example

swagger: 2.0
host: "literally-anything-else.com"
schemes:
 - "https"
paths:
 /vacuum:
  ...

How do I fix this violation?

Remove ‘example.com’ and replace it with something, literally anything other than that.

Spectral Equivalent

The rule is equivalent to oas2-host-not-example