feature: global setting to set additionalProperties as false

[MichaelAlexanderBanuelos]

Problem

Currently, Rswag does not provide a global setting to control the additionalProperties behavior in OpenAPI schemas. This means that additionalProperties is set to true by default, allowing any additional properties to be added to objects without validation. This can lead to unexpected data inconsistencies and potential security vulnerabilities.

This provides a solution for issues like #402

Solution

This pull request introduces a new global setting disallow_additional_properties in Rswag that allows users to set additionalProperties: false on all schemas by default, unless they have already been defined. This setting provides better control and enforces stricter validation on object properties throughout the API documentation.

Alternatively if we decide to not use this change or something similar, folks can still manually set additionalProperties: false but when working in a larger codebase its easy to forget these things.

This concerns these parts of the OpenAPI Specification:

• Data Types
• Schema Object

The changes I made are compatible with:

• OAS2
• OAS3
• OAS3.1

Related Issues

N/A

Checklist

• Added tests
• Changelog updated
• Added documentation to README.md
• Added example of using the enhancement into test-app

Steps to Test or Reproduce

1. Configure the new global setting for disallow_additional_properties: true.
2. Run the swagger tests and verify that responses with undocumented keys fail the test.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If the issue is still relevant to you, please leave a comment stating so to keep the issue from being closed. Thank you for your contributions.