search

pb33f / libopenapi

libopenapi is a fully featured, high performance OpenAPI 3.1, 3.0 and Swagger parser, library, validator and toolkit for golang applications.
https://pb33f.io/libopenapi/
Other
433 stars 56 forks source link

Resolver searches the index for reference out of scope #93

Closed hugoboos closed 10 months ago

hugoboos commented 1 year ago

When building a document with the following spec:

openapi: 3.0.2
paths:
  /tileMatrixSets:
    get:
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: https://api.swaggerhub.com/domains/UAB-CREAF/ogc-api-tiles/1.0.0#/components/schemas/tileMatrixSets

The ogc-api-tiles file (reduced to show only the relevant parts):

{
  "components": {
    "schemas": {
      ...
      "tileMatrixSets": {
        ...
        "properties": {
          "tileMatrixSets": {
            "type": "array",
            "items": {
              "$ref": "#/components/schemas/TileMatrixSetIdLink"
            },
            ...
          }
        }
      },
      "TileMatrixSetIdLink": {
        ...
      },
      ...
    }
  }
}

With 0.5.2 the resolver couldn't find TileMatrixSetIdLink component when resolving the tileMatrixSets schema. With 0.6.0 this is fixed. But I found that the resolver is searching out of scope for a reference. It is searching in all the child indicies.

So when the resolver is searching the (root) index for #/components/schemas/TileMatrixSetIdLink (https://github.com/pb33f/libopenapi/blob/1ac5fbe9fca9a80b80bf484c5784e776425a3d58/resolver/resolver.go#L347) it won't find it in allMappedRefs or externalSpecIndex because the keys of those maps are prefixed with https://api.swaggerhub.com/domains/UAB-CREAF/ogc-api-tiles/1.0.0. Eventually it will find it in one of the children.

When TileMatrixSetIdLink is unique across all the external specifications this is not a problem. But when it is not, you can get a reference from another external spec.

The resolver should only use the index of the external spec to search for references and not search out of scope.

daveshanley commented 1 year ago

I will look into fixing the search scope; thanks for finding this.

daveshanley commented 10 months ago

This has been resolved in v0.13.0 with the release of the rolodex. All indexes are now kept correctly against virtual filesystems. No more scope mixing for searches