fixes#319 - V2Deserializer should handle invalid host value gracefully

Author: senthilkumarmohan

src/Microsoft.OpenApi.Readers/V2/OpenApiDocumentDeserializer.cs

@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
+using Microsoft.OpenApi.Exceptions;
 using Microsoft.OpenApi.Extensions;
 using Microsoft.OpenApi.Interfaces;
 using Microsoft.OpenApi.Models;
@@ -122,18 +123,26 @@ internal static partial class OpenApiV2Deserializer
             {s => s.StartsWith("x-"), (o, p, n) => o.AddExtension(p, LoadExtension(p, n))}
         };
 
-        private static void MakeServers(IList<OpenApiServer> servers, ParsingContext context, Uri defaultUrl)
+        private static void MakeServers(IList<OpenApiServer> servers, ParsingContext context, RootNode rootNode)
         {
             var host = context.GetFromTempStorage<string>("host");
             var basePath = context.GetFromTempStorage<string>("basePath");
             var schemes = context.GetFromTempStorage<List<string>>("schemes");
+            Uri defaultUrl = rootNode.Context.BaseUrl;
 
             // If nothing is provided, don't create a server
             if (host == null && basePath == null && schemes == null)
             {
                 return;
             }
 
+            //Validate host
+            if (host != null && !IsHostValid(host))
+            {
+                rootNode.Diagnostic.Errors.Add(new OpenApiError(new OpenApiException("Invalid host")));
+                return;
+            }
+            
             // Fill in missing information based on the defaultUrl
             if (defaultUrl != null)
             {
@@ -226,7 +235,7 @@ public static OpenApiDocument LoadOpenApi(RootNode rootNode)
                 openApidoc.Servers = new List<OpenApiServer>();
             }
 
-            MakeServers(openApidoc.Servers, openApiNode.Context, rootNode.Context.BaseUrl);
+            MakeServers(openApidoc.Servers, openApiNode.Context, rootNode);
 
             FixRequestBodyReferences(openApidoc);
             return openApidoc;
@@ -243,6 +252,26 @@ private static void FixRequestBodyReferences(OpenApiDocument doc)
                 walker.Walk(doc);
             }
         }
+
+        private static bool IsHostValid(string host)
+        {
+            try
+            {
+                //Check if the host contains ://
+                if (host.Contains(Uri.SchemeDelimiter))
+                {
+                    return false;
+                }
+                
+                //Check if the host (excluding port number) is a valid dns/ip address.
+                var hostPart = host.Split(':').First();
+                return Uri.CheckHostName(hostPart) != UriHostNameType.Unknown;
+            }
+            catch (Exception)
+            {
+                return false;
+            }
+        }
     }
 
     internal class RequestBodyReferenceFixer : OpenApiVisitorBase

test/Microsoft.OpenApi.Readers.Tests/V2Tests/OpenApiServerTests.cs

@@ -1,4 +1,7 @@
-using System;
+using FluentAssertions;
+using Microsoft.OpenApi.Exceptions;
+using Microsoft.OpenApi.Models;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
@@ -257,5 +260,35 @@ public void LocalHostWithCustomHost()
             Assert.Equal(1, doc.Servers.Count);
             Assert.Equal("https://localhost:23232", server.Url);
         }
+
+        [Fact]
+        public void InvalidHostShouldYieldDiagnostic()
+        {
+            var input = @"
+swagger: 2.0
+info: 
+  title: test
+  version: 1.0.0
+host: http://test.microsoft.com
+paths: {}
+";
+            var reader = new OpenApiStringReader(new OpenApiReaderSettings()
+            {
+BaseUrl = new Uri("https://bing.com")
+            });
+
+            var doc = reader.Read(input, out var diagnostic);
+            Assert.Equal(0, doc.Servers.Count);
+            diagnostic.ShouldBeEquivalentTo(
+                new OpenApiDiagnostic
+                {
+                    Errors =
+                    {
+                        new OpenApiError(new OpenApiException("Invalid host"))
+                    },
+                    SpecificationVersion = OpenApiSpecVersion.OpenApi2_0
+                });
+        }
+
     }
 }