Parsing fails silently due to NullPointerException where component/schema is null/empty and a schema is referenced in a component/response definition

[icikle]

I have a scenario where the content of components/schema is generated and inserted into a templated OpenAPI spec.

In this example the ThingRequest in the request body and the NotYetAdded type referenced in components/responses do not yet exist in the spec. There is no components/schema yet at all. This is not at this point expected to be a valid spec. This is loaded in and schema is generated from another source and injected into the api spec to make it valid.

openapi: 3.0.1
paths:
  /thingy:
    post:
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ThingRequest'
      responses:
        "401":
          $ref: '#/components/responses/ErrorObj'
        default:
          description: Default response is just a string
          content:
            application/json:
              schema:
                type: string
components:
  responses:
    ErrorObj:
      description: My error type
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/NotAddedYet'

Due to need to upgrade snakeyaml for CVE vulnerability I have updated snakeyaml to version 2.0 and swagger-parser from 2.0.30 to 2.1.16. This has broken our implementation as the parsing now fails due to a null pointer exception being thrown in the OpenAPIDeserializer#parseRoot(JsonNode node, ParseResult result, String path) and suppressed by OpenAPIDeserializer#deserialize(JsonNode rootNode, String path, ParseOptions options, boolean isOaiAuthor) exception handling.

The parseRoot method should handle the case where there is no schema map on the components object and provide useful messages on the result. Currently this just throws a NullPointerException.

The deserialize exception handling adds the message from the exception into the result via result.setMessages(Arrays.asList(e.getMessage()));. The message on the NullPointerException is null however so this just adds a null entry into the list.

[icikle]

I have a fix for this issue including tests. I could push what I have - small change - but don't seem to have access to assign myself the issue or push a branch.

[icikle]

PR raised for review - https://github.com/swagger-api/swagger-parser/pull/1952

[thachs]

I encountered the same issue when upgrading the openapi-generator to version 6.6.0 which forces me to upgrate swagger-parser from 2.0.30 to 2.1.16. This caused all our Open API specs to be broken. We love to have this fix soon as I don't want to change heaps of our specs.