Composition with circular reference causes infinite loop

daveshanley / vacuum

vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rulesets and generates compatible reports.

https://quobix.com/vacuum

MIT License

489 stars 39 forks source link

Composition with circular reference causes infinite loop #459

Closed philschleier closed 4 months ago

philschleier commented 4 months ago

The following spec causes vacuum to spin infinitely and consume all available memory:

openapi: "3.0.1"

info:
  title: Test
  version: 1.0.0

paths: {}

components:
  schemas:
    A:
      type: object
      properties: {}

    B:
      type: object
      allOf:
        - $ref: '#/components/schemas/A'
      properties:
        children:
          type: array
          items:
            $ref: '#/components/schemas/B'

Not sure what to call it, not even sure if it's valid, but probably shouldn't break vacuum...

daveshanley commented 4 months ago

which version of vacuum did you test against?

philschleier commented 4 months ago

v0.9.7

daveshanley commented 4 months ago

ok, this is nuts. I will fix.

daveshanley commented 4 months ago

This problem was in libopenapi. In v0.15.12 it was fixed, the resolver was not continuing down a path correctly once finding a sibling node that uses a reference.

I added a test to make sure this loop is closed permanently.

https://github.com/pb33f/libopenapi/blob/main/index/resolver_test.go#L1339

The upstream fix is available in v0.9.8 of vacuum.