Merge branch 'master' into fix-triple-slash-url

Author: gracekarina

README.md

@@ -103,6 +103,9 @@ You can include this library from Sonatype OSS for SNAPSHOTS, or Maven central f
 </dependency>
 ```
 
+## Security contact
+
+Please disclose any security-related issues or vulnerabilities by emailing [[email protected]](mailto:[email protected]), instead of using the public issue tracker.
 
 License
 -------

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/util/DeserializationUtils.java

@@ -3,6 +3,7 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import io.swagger.v3.core.util.Yaml;
 import io.swagger.v3.core.util.Json;
+import org.yaml.snakeyaml.constructor.SafeConstructor;
 
 import java.io.IOException;
 
@@ -57,12 +58,12 @@ private static boolean isJson(String contents) {
     }
 
     public static JsonNode readYamlTree(String contents) {
-        org.yaml.snakeyaml.Yaml yaml = new org.yaml.snakeyaml.Yaml();
+        org.yaml.snakeyaml.Yaml yaml = new org.yaml.snakeyaml.Yaml(new SafeConstructor());
         return Json.mapper().convertValue(yaml.load(contents), JsonNode.class);
     }
 
     public static <T> T readYamlValue(String contents, Class<T> expectedType) {
-        org.yaml.snakeyaml.Yaml yaml = new org.yaml.snakeyaml.Yaml();
+        org.yaml.snakeyaml.Yaml yaml = new org.yaml.snakeyaml.Yaml(new SafeConstructor());
         return Json.mapper().convertValue(yaml.load(contents), expectedType);
     }
 }

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/util/ResolverFully.java

@@ -11,6 +11,7 @@
 import io.swagger.v3.oas.models.links.Link;
 import io.swagger.v3.oas.models.media.ArraySchema;
 import io.swagger.v3.oas.models.media.ComposedSchema;
+import io.swagger.v3.oas.models.media.MapSchema;
 import io.swagger.v3.oas.models.media.MediaType;
 import io.swagger.v3.oas.models.media.ObjectSchema;
 import io.swagger.v3.oas.models.media.Schema;
@@ -307,6 +308,15 @@ public Schema resolveSchema(Schema schema) {
 
             return arrayModel;
         }
+
+        if (schema instanceof MapSchema) {
+            MapSchema mapSchema = (MapSchema) schema;
+            if (mapSchema.getAdditionalProperties() instanceof Schema) {
+                Schema additionalPropertiesSchema = (Schema) mapSchema.getAdditionalProperties();
+                mapSchema.setAdditionalProperties(resolveSchema(additionalPropertiesSchema));
+            }
+        }
+
         if (schema instanceof ObjectSchema) {
             ObjectSchema obj = (ObjectSchema) schema;
             if(obj.getProperties() != null) {

modules/swagger-parser-v3/src/test/java/io/swagger/v3/parser/test/OpenAPIV3ParserTest.java

@@ -1931,6 +1931,21 @@ public void testIssue1063() {
 
     }
 
+    @Test
+    public void testResolveFullyMap() {
+        ParseOptions options = new ParseOptions();
+        options.setResolveFully(false);
+        OpenAPI openAPI = new OpenAPIV3Parser().readLocation("resolve-fully-map.yaml", null, options).getOpenAPI();
+        String yaml = Yaml.pretty(openAPI);
+        assertTrue(yaml.contains("$ref"));
+
+        options = new ParseOptions();
+        options.setResolveFully(true);
+        openAPI = new OpenAPIV3Parser().readLocation("resolve-fully-map.yaml", null, options).getOpenAPI();
+        yaml = Yaml.pretty(openAPI);
+        assertFalse(yaml.contains("$ref"));
+    }
+
     private static int getDynamicPort() {
         return new Random().ints(10000, 20000).findFirst().getAsInt();
     }

modules/swagger-parser-v3/src/test/resources/resolve-fully-map.yaml

@@ -0,0 +1,31 @@
+openapi: 3.0.0
+servers:
+  - url: 'http://localhost:8080/sample'
+info:
+  description: A simple API to learn how to write OpenAPI Specification
+  version: 1.0.1
+  title: Simple API
+paths:
+  /sample:
+    get:
+      tags:
+        - Sample
+      operationId: getSample
+      responses:
+        '200':
+          description: Sample
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/MyModelMap'
+components:
+  schemas:
+    MyModel:
+      type: object
+      properties:
+        name:
+          type: string
+    MyModelMap:
+      type: object
+      additionalProperties:
+        $ref: "#/components/schemas/MyModel"