microsoft
diff --git a/‎src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj
Lines changed: 2 additions & 2 deletions b/‎src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Microsoft.OpenApi.Readers/ParseNodes/ValueNode.cs
Lines changed: 1 addition & 0 deletions b/‎src/Microsoft.OpenApi.Readers/ParseNodes/ValueNode.cs
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Microsoft.OpenApi.Readers/Services/OpenApiReferenceResolver.cs
Lines changed: 8 additions & 5 deletions b/‎src/Microsoft.OpenApi.Readers/Services/OpenApiReferenceResolver.cs
Lines changed: 8 additions & 5 deletions
diff --git a/‎src/Microsoft.OpenApi.Readers/V2/OpenApiDocumentDeserializer.cs
Lines changed: 27 additions & 5 deletions b/‎src/Microsoft.OpenApi.Readers/V2/OpenApiDocumentDeserializer.cs
Lines changed: 27 additions & 5 deletions
diff --git a/‎src/Microsoft.OpenApi.Readers/V2/OpenApiParameterDeserializer.cs
Lines changed: 18 additions & 8 deletions b/‎src/Microsoft.OpenApi.Readers/V2/OpenApiParameterDeserializer.cs
Lines changed: 18 additions & 8 deletions
diff --git a/‎src/Microsoft.OpenApi.Readers/V3/OpenApiParameterDeserializer.cs
Lines changed: 13 additions & 3 deletions b/‎src/Microsoft.OpenApi.Readers/V3/OpenApiParameterDeserializer.cs
Lines changed: 13 additions & 3 deletions
diff --git a/‎src/Microsoft.OpenApi/Microsoft.OpenApi.csproj
Lines changed: 1 addition & 1 deletion b/‎src/Microsoft.OpenApi/Microsoft.OpenApi.csproj
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Microsoft.OpenApi/Models/OpenApiParameter.cs
Lines changed: 2 additions & 2 deletions b/‎src/Microsoft.OpenApi/Models/OpenApiParameter.cs
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Microsoft.OpenApi/Validations/OpenApiValidator.cs
Lines changed: 6 additions & 0 deletions b/‎src/Microsoft.OpenApi/Validations/OpenApiValidator.cs
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/Microsoft.OpenApi/Validations/Rules/OpenApiParameterRules.cs
Lines changed: 63 additions & 0 deletions b/‎src/Microsoft.OpenApi/Validations/Rules/OpenApiParameterRules.cs
Lines changed: 63 additions & 0 deletions
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
     <PropertyGroup>
         <TargetFrameworks>net46; netstandard2.0</TargetFrameworks>
         <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
@@ -10,7 +10,7 @@
         <Company>Microsoft</Company>
         <Title>Microsoft.OpenApi.Readers</Title>
         <PackageId>Microsoft.OpenApi.Readers</PackageId>
-        <Version>1.1.0</Version>
+        <Version>1.1.1</Version>
         <Description>OpenAPI.NET Readers for JSON and YAML documents</Description>
         <Copyright>© Microsoft Corporation. All rights reserved.</Copyright>
         <PackageTags>OpenAPI .NET</PackageTags>
 
@@ -2,6 +2,7 @@
 // Licensed under the MIT license. 
 
 using System;
+using System.Globalization;
 using Microsoft.OpenApi.Any;
 using Microsoft.OpenApi.Readers.Exceptions;
 using SharpYaml.Serialization;
 
@@ -108,11 +108,14 @@ public override void Visit(OpenApiSecurityRequirement securityRequirement)
             {
                 ResolveObject(scheme, (resolvedScheme) =>
                 {
-                    // If scheme was unresolved
-                    // copy Scopes and remove old unresolved scheme
-                    var scopes = securityRequirement[scheme];
-                    securityRequirement.Remove(scheme);
-                    securityRequirement.Add(resolvedScheme, scopes);
+                    if (resolvedScheme != null)
+                    {
+                        // If scheme was unresolved
+                        // copy Scopes and remove old unresolved scheme
+                        var scopes = securityRequirement[scheme];
+                        securityRequirement.Remove(scheme);
+                        securityRequirement.Add(resolvedScheme, scopes);
+                    }
                 });
             }
         }
 
@@ -73,11 +73,12 @@ internal static partial class OpenApiV2Deserializer
 
                     o.Components.RequestBodies = n.CreateMapWithReference(ReferenceType.RequestBody, p => 
                             {
-                                var parameter = LoadParameter(p, evenBody: true);
-                                if (parameter.In == null)
+                                var parameter = LoadParameter(p, loadRequestBody: true);
+                                if (parameter != null)
                                 {
-                                    return CreateRequestBody(n.Context,parameter); 
+                                    return CreateRequestBody(n.Context, parameter); 
                                 }
+
                                 return null;
                             }
                       );
@@ -121,18 +122,26 @@ internal static partial class OpenApiV2Deserializer
             {s => s.StartsWith("x-"), (o, p, n) => o.AddExtension(p, LoadExtension(p, n))}
         };
 
-        private static void MakeServers(IList<OpenApiServer> servers, ParsingContext context, Uri defaultUrl)
+        private static void MakeServers(IList<OpenApiServer> servers, ParsingContext context, RootNode rootNode)
         {
             var host = context.GetFromTempStorage<string>("host");
             var basePath = context.GetFromTempStorage<string>("basePath");
             var schemes = context.GetFromTempStorage<List<string>>("schemes");
+            Uri defaultUrl = rootNode.Context.BaseUrl;
 
             // If nothing is provided, don't create a server
             if (host == null && basePath == null && schemes == null)
             {
                 return;
             }
 
+            //Validate host
+            if (host != null && !IsHostValid(host))
+            {
+                rootNode.Diagnostic.Errors.Add(new OpenApiError(rootNode.Context.GetLocation(), "Invalid host"));
+                return;
+            }
+            
             // Fill in missing information based on the defaultUrl
             if (defaultUrl != null)
             {
@@ -225,7 +234,7 @@ public static OpenApiDocument LoadOpenApi(RootNode rootNode)
                 openApidoc.Servers = new List<OpenApiServer>();
             }
 
-            MakeServers(openApidoc.Servers, openApiNode.Context, rootNode.Context.BaseUrl);
+            MakeServers(openApidoc.Servers, openApiNode.Context, rootNode);
 
             FixRequestBodyReferences(openApidoc);
             return openApidoc;
@@ -242,6 +251,19 @@ private static void FixRequestBodyReferences(OpenApiDocument doc)
                 walker.Walk(doc);
             }
         }
+
+        private static bool IsHostValid(string host)
+        {
+            //Check if the host contains :// 
+            if (host.Contains(Uri.SchemeDelimiter))
+            {
+                return false;
+            }
+                
+            //Check if the host (excluding port number) is a valid dns/ip address.
+            var hostPart = host.Split(':').First();
+            return Uri.CheckHostName(hostPart) != UriHostNameType.Unknown;
+        }
     }
 
     internal class RequestBodyReferenceFixer : OpenApiVisitorBase
 
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.Globalization;
-using Microsoft.OpenApi.Any;
 using Microsoft.OpenApi.Extensions;
 using Microsoft.OpenApi.Models;
 using Microsoft.OpenApi.Readers.ParseNodes;
@@ -17,7 +16,7 @@ namespace Microsoft.OpenApi.Readers.V2
     /// </summary>
     internal static partial class OpenApiV2Deserializer
     {
-        private static ParameterLocation? _in;
+        private static bool _isBodyOrFormData;
 
         private static readonly FixedFieldMap<OpenApiParameter> _parameterFixedFields =
             new FixedFieldMap<OpenApiParameter>
@@ -223,9 +222,11 @@ private static void ProcessIn(OpenApiParameter o, ParseNode n)
             switch (value)
             {
                 case "body":
+                    _isBodyOrFormData = true;
                     n.Context.SetTempStorage(TempStorageKeys.BodyParameter, o);
                     break;
                 case "formData":
+                    _isBodyOrFormData = true;
                     var formParameters = n.Context.GetFromTempStorage<List<OpenApiParameter>>("formParameters");
                     if (formParameters == null)
                     {
@@ -235,9 +236,13 @@ private static void ProcessIn(OpenApiParameter o, ParseNode n)
 
                     formParameters.Add(o);
                     break;
+                case "query":
+                case "header":
+                case "path":
+                    o.In = value.GetEnumFromDisplayName<ParameterLocation>();
+                    break;
                 default:
-                    _in = value.GetEnumFromDisplayName<ParameterLocation>();
-                    o.In = _in;
+                    o.In = null;
                     break;
             }
         }
@@ -247,10 +252,10 @@ public static OpenApiParameter LoadParameter(ParseNode node)
             return LoadParameter(node, false);
         }
 
-        public static OpenApiParameter LoadParameter(ParseNode node, bool evenBody)
+        public static OpenApiParameter LoadParameter(ParseNode node, bool loadRequestBody)
         {
             // Reset the local variables every time this method is called.
-            _in = null;
+            _isBodyOrFormData = false;
 
             var mapNode = node.CheckMapNode("parameter");
 
@@ -275,9 +280,14 @@ public static OpenApiParameter LoadParameter(ParseNode node, bool evenBody)
                 node.Context.SetTempStorage("schema", null);
             }
 
-            if (_in == null && !evenBody)
+            if (_isBodyOrFormData && !loadRequestBody)
+            {
+                return null; // Don't include Form or Body parameters when normal parameters are loaded.
+            }
+
+            if ( loadRequestBody && !_isBodyOrFormData )
             {
-                return null; // Don't include Form or Body parameters in OpenApiOperation.Parameters list
+                return null; // Don't include non-Body or non-Form parameters when request bodies are loaded.
             }
 
             return parameter;
 
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT license. 
 
-using System.Collections.Generic;
+using System;
 using System.Linq;
 using Microsoft.OpenApi.Extensions;
 using Microsoft.OpenApi.Models;
@@ -27,7 +27,18 @@ internal static partial class OpenApiV3Deserializer
                 {
                     "in", (o, n) =>
                     {
-                        o.In = n.GetScalarValue().GetEnumFromDisplayName<ParameterLocation>();
+                        var inString = n.GetScalarValue();
+
+                        if ( Enum.GetValues(typeof(ParameterLocation)).Cast<ParameterLocation>()
+                            .Select( e => e.GetDisplayName() )
+                            .Contains(inString) )
+                        {
+                            o.In = n.GetScalarValue().GetEnumFromDisplayName<ParameterLocation>();
+                        }
+                        else
+                        {
+                            o.In = null;
+                        }
                     }
                 },
                 {
@@ -115,7 +126,6 @@ public static OpenApiParameter LoadParameter(ParseNode node)
             }
 
             var parameter = new OpenApiParameter();
-            var required = new List<string> {"name", "in"};
 
             ParseMap(mapNode, parameter, _parameterFixedFields, _parameterPatternFields);
 
 
@@ -10,7 +10,7 @@
         <Company>Microsoft</Company>
         <Title>Microsoft.OpenApi</Title>
         <PackageId>Microsoft.OpenApi</PackageId>
-        <Version>1.1.0</Version>
+        <Version>1.1.1</Version>
         <Description>.NET models with JSON and YAML writers for OpenAPI specification</Description>
         <Copyright>© Microsoft Corporation. All rights reserved.</Copyright>
         <PackageTags>OpenAPI .NET</PackageTags>
 
@@ -159,7 +159,7 @@ public void SerializeAsV3WithoutReference(IOpenApiWriter writer)
             writer.WriteProperty(OpenApiConstants.Name, Name);
 
             // in
-            writer.WriteProperty(OpenApiConstants.In, In.GetDisplayName());
+            writer.WriteProperty(OpenApiConstants.In, In?.GetDisplayName());
 
             // description
             writer.WriteProperty(OpenApiConstants.Description, Description);
@@ -237,7 +237,7 @@ public void SerializeAsV2WithoutReference(IOpenApiWriter writer)
             }
             else
             {
-                writer.WriteProperty(OpenApiConstants.In, In.GetDisplayName());
+                writer.WriteProperty(OpenApiConstants.In, In?.GetDisplayName());
             }
 
             // name
 
@@ -113,6 +113,12 @@ public void AddError(OpenApiValidatorError error)
         /// <param name="item">The object to be validated</param>
         public override void Visit(OpenApiTag item) => Validate(item);
 
+        /// <summary>
+        /// Execute validation rules against an <see cref="OpenApiParameter"/>
+        /// </summary>
+        /// <param name="item">The object to be validated</param>
+        public override void Visit(OpenApiParameter item) => Validate(item);
+
         /// <summary>
         /// Execute validation rules against an <see cref="OpenApiSchema"/>
         /// </summary>
 
@@ -0,0 +1,63 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license. 
+
+using System;
+using Microsoft.OpenApi.Models;
+using Microsoft.OpenApi.Properties;
+
+namespace Microsoft.OpenApi.Validations.Rules
+{
+    /// <summary>
+    /// The validation rules for <see cref="OpenApiParameter"/>.
+    /// </summary>
+    [OpenApiRule]
+    public static class OpenApiParameterRules
+    {
+        /// <summary>
+        /// Validate the field is required.
+        /// </summary>
+        public static ValidationRule<OpenApiParameter> ParameterRequiredFields =>
+            new ValidationRule<OpenApiParameter>(
+                (context, item) =>
+                {
+                    // name
+                    context.Enter("name");
+                    if (item.Name == null)
+                    {
+                        context.CreateError(nameof(ParameterRequiredFields),
+                            String.Format(SRResource.Validation_FieldIsRequired, "name", "parameter"));
+                    }
+                    context.Exit();
+
+                    // in
+                    context.Enter("in");
+                    if (item.In == null)
+                    {
+                        context.CreateError(nameof(ParameterRequiredFields), 
+                            String.Format(SRResource.Validation_FieldIsRequired, "in", "parameter"));
+                    }
+                    context.Exit();
+                });
+
+        /// <summary>
+        /// Validate the "required" field is true when "in" is path.
+        /// </summary>
+        public static ValidationRule<OpenApiParameter> RequiredMustBeTrueWhenInIsPath =>
+            new ValidationRule<OpenApiParameter>(
+                (context, item) =>
+                {
+                    // required
+                    context.Enter("required");
+                    if ( item.In == ParameterLocation.Path && !item.Required )
+                    {
+                        context.CreateError(
+                            nameof(RequiredMustBeTrueWhenInIsPath),
+                            "\"required\" must be true when parameter location is \"path\"");
+                    }
+
+                    context.Exit();
+                });
+
+        // add more rule.
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -108,11 +108,14 @@ public override void Visit(OpenApiSecurityRequirement securityRequirement)`
`108`	`108`	`{`
`109`	`109`	`ResolveObject(scheme, (resolvedScheme) =>`
`110`	`110`	`{`
`111`		`- // If scheme was unresolved`
`112`		`- // copy Scopes and remove old unresolved scheme`
`113`		`- var scopes = securityRequirement[scheme];`
`114`		`- securityRequirement.Remove(scheme);`
`115`		`- securityRequirement.Add(resolvedScheme, scopes);`
	`111`	`+ if (resolvedScheme != null)`
	`112`	`+ {`
	`113`	`+ // If scheme was unresolved`
	`114`	`+ // copy Scopes and remove old unresolved scheme`
	`115`	`+ var scopes = securityRequirement[scheme];`
	`116`	`+ securityRequirement.Remove(scheme);`
	`117`	`+ securityRequirement.Add(resolvedScheme, scopes);`
	`118`	`+ }`
`116`	`119`	`});`
`117`	`120`	`}`
`118`	`121`	`}`
Original file line number	Diff line number	Diff line change
`@@ -73,11 +73,12 @@ internal static partial class OpenApiV2Deserializer`
`73`	`73`
`74`	`74`	`o.Components.RequestBodies = n.CreateMapWithReference(ReferenceType.RequestBody, p =>`
`75`	`75`	`{`
`76`		`- var parameter = LoadParameter(p, evenBody: true);`
`77`		`- if (parameter.In == null)`
	`76`	`+ var parameter = LoadParameter(p, loadRequestBody: true);`
	`77`	`+ if (parameter != null)`
`78`	`78`	`{`
`79`		`- return CreateRequestBody(n.Context,parameter);`
	`79`	`+ return CreateRequestBody(n.Context, parameter);`
`80`	`80`	`}`
	`81`	`+`
`81`	`82`	`return null;`
`82`	`83`	`}`
`83`	`84`	`);`
`@@ -121,18 +122,26 @@ internal static partial class OpenApiV2Deserializer`
`121`	`122`	`{s => s.StartsWith("x-"), (o, p, n) => o.AddExtension(p, LoadExtension(p, n))}`
`122`	`123`	`};`
`123`	`124`
`124`		`- private static void MakeServers(IList<OpenApiServer> servers, ParsingContext context, Uri defaultUrl)`
	`125`	`+ private static void MakeServers(IList<OpenApiServer> servers, ParsingContext context, RootNode rootNode)`
`125`	`126`	`{`
`126`	`127`	`var host = context.GetFromTempStorage<string>("host");`
`127`	`128`	`var basePath = context.GetFromTempStorage<string>("basePath");`
`128`	`129`	`var schemes = context.GetFromTempStorage<List<string>>("schemes");`
	`130`	`+ Uri defaultUrl = rootNode.Context.BaseUrl;`
`129`	`131`
`130`	`132`	`// If nothing is provided, don't create a server`
`131`	`133`	`if (host == null && basePath == null && schemes == null)`
`132`	`134`	`{`
`133`	`135`	`return;`
`134`	`136`	`}`
`135`	`137`
	`138`	`+ //Validate host`
	`139`	`+ if (host != null && !IsHostValid(host))`
	`140`	`+ {`
	`141`	`+ rootNode.Diagnostic.Errors.Add(new OpenApiError(rootNode.Context.GetLocation(), "Invalid host"));`
	`142`	`+ return;`
	`143`	`+ }`
	`144`	`+`
`136`	`145`	`// Fill in missing information based on the defaultUrl`
`137`	`146`	`if (defaultUrl != null)`
`138`	`147`	`{`
`@@ -225,7 +234,7 @@ public static OpenApiDocument LoadOpenApi(RootNode rootNode)`
`225`	`234`	`openApidoc.Servers = new List<OpenApiServer>();`
`226`	`235`	`}`
`227`	`236`
`228`		`- MakeServers(openApidoc.Servers, openApiNode.Context, rootNode.Context.BaseUrl);`
	`237`	`+ MakeServers(openApidoc.Servers, openApiNode.Context, rootNode);`
`229`	`238`
`230`	`239`	`FixRequestBodyReferences(openApidoc);`
`231`	`240`	`return openApidoc;`
`@@ -242,6 +251,19 @@ private static void FixRequestBodyReferences(OpenApiDocument doc)`
`242`	`251`	`walker.Walk(doc);`
`243`	`252`	`}`
`244`	`253`	`}`
	`254`	`+`
	`255`	`+ private static bool IsHostValid(string host)`
	`256`	`+ {`
	`257`	`+ //Check if the host contains ://`
	`258`	`+ if (host.Contains(Uri.SchemeDelimiter))`
	`259`	`+ {`
	`260`	`+ return false;`
	`261`	`+ }`
	`262`	`+`
	`263`	`+ //Check if the host (excluding port number) is a valid dns/ip address.`
	`264`	`+ var hostPart = host.Split(':').First();`
	`265`	`+ return Uri.CheckHostName(hostPart) != UriHostNameType.Unknown;`
	`266`	`+ }`
`245`	`267`	`}`
`246`	`268`
`247`	`269`	`internal class RequestBodyReferenceFixer : OpenApiVisitorBase`
Original file line number	Diff line number	Diff line change
`@@ -159,7 +159,7 @@ public void SerializeAsV3WithoutReference(IOpenApiWriter writer)`
`159`	`159`	`writer.WriteProperty(OpenApiConstants.Name, Name);`
`160`	`160`
`161`	`161`	`// in`
`162`		`- writer.WriteProperty(OpenApiConstants.In, In.GetDisplayName());`
	`162`	`+ writer.WriteProperty(OpenApiConstants.In, In?.GetDisplayName());`
`163`	`163`
`164`	`164`	`// description`
`165`	`165`	`writer.WriteProperty(OpenApiConstants.Description, Description);`
`@@ -237,7 +237,7 @@ public void SerializeAsV2WithoutReference(IOpenApiWriter writer)`
`237`	`237`	`}`
`238`	`238`	`else`
`239`	`239`	`{`
`240`		`- writer.WriteProperty(OpenApiConstants.In, In.GetDisplayName());`
	`240`	`+ writer.WriteProperty(OpenApiConstants.In, In?.GetDisplayName());`
`241`	`241`	`}`
`242`	`242`
`243`	`243`	`// name`