search

cebe / php-openapi

Read and write OpenAPI yaml/json files and make the content accessible in PHP objects.
MIT License
466 stars 88 forks source link

Validation crash when creating loops #44

Closed nemesis621 closed 4 years ago

nemesis621 commented 4 years ago

The validation should detect recursion and must not crash.

When building (unwanted) loops in a description file the validator results in a fatal error

Fatal error: Uncaught Error: Maximum function nesting level of '256' reached, aborting!

SomeResponse:
  type: object
  properties:
    type:
      type: string
      example: some string
    id:
      type: number
      description: "id"
      example: "1"
    attributes:
      type: object
    relationships:
      type: object
    include:
      type: array
      items:
        anyOf:
          - $ref: '#/components/schemas/SomeResponse'
cebe commented 4 years ago

Which version of the library are you using? With the latest version I can successfully validate the schema:

$ bin/php-openapi validate testschema.yaml 
The supplied API Description validates against the OpenAPI v3.0 schema.

testschema.yaml:

openapi: 3.0.2
info:
  title: My API
  version: "123"
components:
  schemas:
    SomeResponse:
      type: object
      properties:
        type:
          type: string
          example: some string
        id:
          type: number
          description: "id"
          example: "1"
        attributes:
          type: object
        relationships:
          type: object
        include:
          type: array
          items:
            anyOf:
             - $ref: '#/components/schemas/SomeResponse'
paths:
  '/':
    get:
      description: default
      responses:
        200:
          description: ok
pdscopes commented 4 years ago

I found another way to get a recursion crash, it involves using a recursive definition more than once. Here is my minimal definition to cause the issue:

openapi: 3.0.2
info:
  title: My API
  version: "123"
components:
  schemas:
    SomeResponse:
      type: object
      properties:
        name:
          type: string
          description: Name of SomeResponse
        recursive:
          $ref: '#/components/schemas/RecursiveItem'

    AnotherResponse:
      type: object
      properties:
        uuid:
          type: string
          format: uuid
          description: UUID of AnotherResponse
        recursive:
          $ref: '#/components/schemas/RecursiveItem'

    RecursiveItem:
      type: object
      properties:
        children:
          type: array
          items:
            oneOf:
              - $ref: '#/components/schemas/RecursiveItem'

paths:
  '/':
    get:
      description: default
      responses:
        200:
          description: ok
$ ./vendor/bin/php-openapi validate foo.yaml
PHP Fatal error:  Uncaught Error: Maximum function nesting level of '256' reached, aborting! in /Users/path/to/my/project/vendor/cebe/php-openapi/src/SpecBaseObject.php:405
#0 /Users/path/to/my/project/vendor/cebe/php-openapi/src/SpecBaseObject.php(405): is_array(1)
#1 /Users/path/to/my/project/vendor/cebe/php-openapi/src/SpecBaseObject.php(410): cebe\openapi\SpecBaseObject->setReferenceContext(Object(cebe\openapi\ReferenceContext))
#2 /Users/path/to/my/project/vendor/cebe/php-openapi/src/SpecBaseObject.php(410): cebe\openapi\SpecBaseObject->setReferenceContext(Object(cebe\openapi\ReferenceContext))
#3 /Users/path/to/my/projectvendor/cebe/php-openapi/src/SpecBaseObject.php(404): cebe\openapi\SpecBaseObject->setReferenceContext(Object(cebe\openapi\ReferenceContext))
#4 /Users/path/to/my/project/vendor/cebe/php-openapi/src/SpecBaseObject.php(410): cebe\openapi\SpecBaseObject->setReferenceContext(Object(cebe\openapi\ReferenceContext))
#5 /Users/pdscopes/Sit in /Users/path/to/my/project/vendor/cebe/php-openapi/src/SpecBaseObject.php on line 405
...
cebe commented 4 years ago

fixed, thanks for reporting!