(Issue: #842) Added a check to prevent deeper traversal (#847)

ammokhov · web-flow · commit 9462cdb75bdb · 2021-11-16T10:39:34.000-08:00
diff --git a/src/rpdk/core/contract/resource_client.py b/src/rpdk/core/contract/resource_client.py
@@ -414,6 +414,7 @@ def compare(self, inputs, outputs, path=()):
                         is_ordered = traverse_raw_schema(self._schema, new_path).get(
                             "insertionOrder", True
                         )
+
                         self.compare_collection(
                             inputs[key], outputs[key], is_ordered, new_path
                         )
diff --git a/src/rpdk/core/jsonutils/utils.py b/src/rpdk/core/jsonutils/utils.py
@@ -132,9 +132,18 @@ def traverse(document, path_parts):
     return document, tuple(path), parent
 
 
-def _resolve_ref(sub_schema, definitions):
+def _resolve_ref(sub_schema: dict, definitions: dict, last_step: bool = False):
     # resolve $ref
-    ref = nested_lookup(REF, sub_schema)
+    ref = nested_lookup(REF, sub_schema)  # should be safe (always single value)
+    # bc sub_schema is always per paranet property
+    # (taken from definitions)
+
+    if last_step and REF not in sub_schema:  # dont traverse deeper than requested
+        # check if $ref is used directly ->
+        # means that we need to check definition
+        # otherwise it's an array and return subschema
+        return sub_schema
+
     if ref:
         # [0] should be a single $ref in subschema on the top level
         # [-1] $ref must follow #/definitions/object
@@ -178,8 +187,15 @@ def traverse_raw_schema(schema: dict, path: tuple):
         properties = schema["properties"]
         definitions = schema.get("definitions", {})
         sub_properties = properties
+        last_step = (
+            len(path) - 1
+        )  # get amount of steps to prevent deeper traversal than requested
         for step in path:
-            sub_properties = _resolve_ref(sub_properties[step], definitions)
+            sub_properties = _resolve_ref(
+                sub_properties[step],
+                definitions,
+                last_step=path.index(step) == last_step,
+            )
         return sub_properties
     except KeyError as e:
         LOG.debug("Malformed Schema or incorrect path provided\n%s\n%s", path, e)
diff --git a/tests/contract/test_resource_client.py b/tests/contract/test_resource_client.py
@@ -1710,6 +1710,57 @@ def test_compare_should_throw_exception(resource_client):
                 },
             },
         ),
+        (
+            {
+                "OptionConfigurations": [
+                    {
+                        "OptionSettings": [
+                            {"Name": "BACKLOG_QUEUE_LIMIT", "Value": "1024"},
+                            {"Name": "CHUNK_SIZE", "Value": "32"},
+                        ]
+                    }
+                ]
+            },
+            {
+                "OptionConfigurations": [
+                    {
+                        "OptionSettings": [
+                            {"Name": "CHUNK_SIZE", "Value": "32"},
+                            {"Name": "BACKLOG_QUEUE_LIMIT", "Value": "1024"},
+                        ]
+                    }
+                ]
+            },
+            {
+                "definitions": {
+                    "OptionConfiguration": {
+                        "type": "object",
+                        "properties": {
+                            "OptionSettings": {
+                                "type": "array",
+                                "insertionOrder": False,
+                                "items": {"$ref": "#/definitions/OptionSetting"},
+                            }
+                        },
+                    },
+                    "OptionSetting": {
+                        "type": "object",
+                        "properties": {
+                            "Name": {"type": "string"},
+                            "Value": {"type": "string"},
+                        },
+                        "additionalProperties": False,
+                    },
+                },
+                "properties": {
+                    "OptionConfigurations": {
+                        "type": "array",
+                        "insertionOrder": False,
+                        "items": {"$ref": "#/definitions/OptionConfiguration"},
+                    },
+                },
+            },
+        ),
     ],
 )
 def test_compare_collection(resource_client, inputs, outputs, schema_fragment):

Original file line number	Diff line number	Diff line change
`@@ -414,6 +414,7 @@ def compare(self, inputs, outputs, path=()):`
`414`	`414`	`is_ordered = traverse_raw_schema(self._schema, new_path).get(`
`415`	`415`	`"insertionOrder", True`
`416`	`416`	`)`
	`417`	`+`
`417`	`418`	`self.compare_collection(`
`418`	`419`	`inputs[key], outputs[key], is_ordered, new_path`
`419`	`420`	`)`