From dd7c1e5650f10d71339706b2fdf3cc2c2718cb14 Mon Sep 17 00:00:00 2001
From: Voon Wong <voon.wong@smartbear.com>
Date: Fri, 14 Mar 2025 12:30:17 +1100
Subject: [PATCH 1/2] fix: handle empty authorization schemes

---
 src/compare/requestHeader.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/compare/requestHeader.ts b/src/compare/requestHeader.ts
index 359ad63..008af5d 100644
--- a/src/compare/requestHeader.ts
+++ b/src/compare/requestHeader.ts
@@ -182,6 +182,10 @@ export function* compareReqHeader(
     let isSecured = false;
     const maybeResults: Result[] = [];
     for (const scheme of operation.security || []) {
+      if (Object.keys(scheme).length === 0) {
+        isSecured = true;
+        break;
+      }
       for (const schemeName of Object.keys(scheme)) {
         const scheme = securitySchemes[schemeName];
         switch (scheme?.type) {

From 6897344f49005e842518c1e22d0b86ee64dc3628 Mon Sep 17 00:00:00 2001
From: Voon Wong <voon.wong@smartbear.com>
Date: Fri, 14 Mar 2025 12:39:29 +1100
Subject: [PATCH 2/2] chore: update tests

---
 src/__tests__/fixtures/request-security/oas.yaml  | 14 ++++++++++++++
 src/__tests__/fixtures/request-security/pact.json | 10 ++++++++++
 2 files changed, 24 insertions(+)

diff --git a/src/__tests__/fixtures/request-security/oas.yaml b/src/__tests__/fixtures/request-security/oas.yaml
index 2314ebb..8dc6531 100644
--- a/src/__tests__/fixtures/request-security/oas.yaml
+++ b/src/__tests__/fixtures/request-security/oas.yaml
@@ -146,6 +146,20 @@ paths:
           description: unauthenticated
         "403":
           description: unauthorized
+  /empty:
+    get:
+      summary: Default authenticated endpoint
+      description: Empty securit requirement
+      responses:
+        "200":
+          description: successful operation
+        "401":
+          description: unauthenticated
+        "403":
+          description: unauthorized
+      security:
+        - {}
+
 security:
   - BasicAuth: [Admin]
 components:
diff --git a/src/__tests__/fixtures/request-security/pact.json b/src/__tests__/fixtures/request-security/pact.json
index 999ce80..f1833cc 100644
--- a/src/__tests__/fixtures/request-security/pact.json
+++ b/src/__tests__/fixtures/request-security/pact.json
@@ -248,6 +248,16 @@
       "response": {
         "status": 200
       }
+    },
+    {
+      "description": "should pass on successful request using empty security",
+      "request": {
+        "method": "GET",
+        "path": "/empty"
+      },
+      "response": {
+        "status": 200
+      }
     }
   ]
 }