Merge branch 'master' into issue1086

Author: gracekarina

README.md

@@ -103,6 +103,9 @@ You can include this library from Sonatype OSS for SNAPSHOTS, or Maven central f
 </dependency>
 ```
 
+## Security contact
+
+Please disclose any security-related issues or vulnerabilities by emailing [[email protected]](mailto:[email protected]), instead of using the public issue tracker.
 
 License
 -------

modules/swagger-parser-v2-converter/src/main/java/io/swagger/v3/parser/converter/SwaggerConverter.java

@@ -420,7 +420,7 @@ private List<Server> convert(List<Scheme> schemes, String host, String basePath)
                 servers.add(server);
             }
         } else {
-            if (!"/".equals(baseUrl)) {
+            if (!StringUtils.startsWith(baseUrl, "/") && !"/".equals(baseUrl)) {
                 baseUrl = "//" + baseUrl;
             }
             Server server = new Server();

modules/swagger-parser-v2-converter/src/test/java/io/swagger/parser/test/V2ConverterTest.java

@@ -90,6 +90,7 @@ public class V2ConverterTest {
     private static final String ISSUE_768_JSON = "issue-786.json";
     private static final String ISSUE_820_YAML = "issue-820.yaml";
     private static final String ISSUE_1032_YAML = "issue-1032.yaml";
+    private static final String ISSUE_1113_YAML = "issue-1113.yaml";
 
     private static final String API_BATCH_PATH = "/api/batch/";
     private static final String PETS_PATH = "/pets";
@@ -779,6 +780,16 @@ public void testIssue1032() throws Exception {
         assertEquals(INTEGER_TYPE, integerSchema.getType());
         assertEquals(INT64_FORMAT, integerSchema.getFormat());
     }
+
+    @Test(description = "OpenAPI v2 converter - converts URL correctly when it begins with forward slash")
+    public void testIssue1113() throws Exception {
+        final OpenAPI oas = getConvertedOpenAPIFromJsonFile(ISSUE_1113_YAML);
+        assertNotNull(oas);
+        assertNotNull(oas.getServers());
+        assertFalse(oas.getServers().isEmpty());
+        assertNotNull(oas.getServers().get(0));
+        assertEquals(oas.getServers().get(0).getUrl(), "/test");
+    }
 
     private OpenAPI getConvertedOpenAPIFromJsonFile(String file) throws IOException, URISyntaxException {
         SwaggerConverter converter = new SwaggerConverter();

modules/swagger-parser-v2-converter/src/test/resources/issue-1113.yaml

@@ -0,0 +1,14 @@
+swagger: '2.0'
+info:
+  title: Test for Issue 1113
+  version: 1.0.0
+basePath: /test
+paths:
+  /ping:
+    get:
+      summary: test
+      description: 'test'
+      operationId: pingOp
+      responses:
+        '200':
+          description: OK

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/processors/ComponentsProcessor.java

@@ -221,13 +221,13 @@ public void processSchemas(Set<String> schemaKeys, Map<String, Schema> schemas)
 
             schemaProcessor.processSchema(model);
 
-            //if we process a RefModel here, in the #/definitions table, we want to overwrite it with the referenced value
+            //if we process a RefModel here, in the #/components/schemas table, we want to overwrite it with the referenced value
             if (model.get$ref() != null) {
                 final String renamedRef = cache.getRenamedRef(originalRef);
 
                 if (renamedRef != null) {
-                    //we definitely resolved the referenced and shoved it in the definitions map
-                    // because the referenced model may be in the definitions map, we need to remove old instances
+                    //we definitely resolved the referenced and shoved it in the components map
+                    // because the referenced model may be in the components map, we need to remove old instances
                     final Schema resolvedModel = schemas.get(renamedRef);
 
                     // ensure the reference isn't still in use

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/processors/ExternalRefProcessor.java

@@ -182,7 +182,7 @@ public String processRefToExternalSchema(String $ref, RefFormat refFormat) {
         return newRef;
     }
 
-    private void processProperty(Schema property, String file) {
+    private void processSchema(Schema property, String file) {
         if (property != null) {
             if (StringUtils.isNotBlank(property.get$ref())) {
                 processRefSchema(property, file);
@@ -191,10 +191,10 @@ private void processProperty(Schema property, String file) {
                 processProperties(property.getProperties(), file);
             }
             if (property instanceof ArraySchema) {
-                processProperty(((ArraySchema) property).getItems(), file);
+                processSchema(((ArraySchema) property).getItems(), file);
             }
             if (property.getAdditionalProperties() instanceof Schema) {
-                processProperty(((Schema) property.getAdditionalProperties()), file);
+                processSchema(((Schema) property.getAdditionalProperties()), file);
             }
             if (property instanceof ComposedSchema) {
                 ComposedSchema composed = (ComposedSchema) property;
@@ -208,7 +208,7 @@ private void processProperty(Schema property, String file) {
     private void processProperties(Collection<Schema> properties, String file) {
         if (properties != null) {
             for (Schema property : properties) {
-                processProperty(property, file);
+                processSchema(property, file);
             }
         }
     }
@@ -269,6 +269,8 @@ public String processRefToExternalResponse(String $ref, RefFormat refFormat) {
                             } else {
                                 processRefToExternalSchema(file + schema.get$ref(), RefFormat.RELATIVE);
                             }
+                        }else{
+                            processSchema(schema,file);
                         }
                     }
                 }

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/processors/ParameterProcessor.java

@@ -2,6 +2,7 @@
 
 
 import io.swagger.v3.oas.models.examples.Example;
+import io.swagger.v3.oas.models.media.Content;
 import io.swagger.v3.oas.models.media.MediaType;
 import io.swagger.v3.oas.models.media.Schema;
 import io.swagger.v3.oas.models.parameters.Parameter;
@@ -142,6 +143,23 @@ public List<Parameter> processParameters(List<Parameter> parameters) {
             Schema schema = parameter.getSchema();
             if(schema != null){
                 schemaProcessor.processSchema(schema);
+            }else if(parameter.getContent() != null){
+                Map<String,MediaType> content = parameter.getContent();
+                for( String mediaName : content.keySet()) {
+                    MediaType mediaType = content.get(mediaName);
+                    if(mediaType.getSchema()!= null) {
+                        schema = mediaType.getSchema();
+                        if (schema != null) {
+                            schemaProcessor.processSchema(schema);
+                        }
+                    }
+                    if(mediaType.getExamples() != null) {
+                        for(Example ex: mediaType.getExamples().values()){
+                            exampleProcessor.processExample(ex);
+                        }
+                    }
+                }
+
             }
         }
 

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/processors/PathsProcessor.java

@@ -75,7 +75,6 @@ public void processPaths() {
             final List<Parameter> processedPathParameters = parameterProcessor.processParameters(pathItem.getParameters());
             pathItem.setParameters(processedPathParameters);
 
-            //addParametersToEachOperation(pathItem);
 
             final Map<PathItem.HttpMethod, Operation> operationMap = pathItem.readOperationsMap();
 
@@ -162,6 +161,11 @@ protected void updateLocalRefs(PathItem path, String pathRef) {
     }
 
     protected void updateLocalRefs(ApiResponse response, String pathRef) {
+        if (response.get$ref() != null){
+            if(isLocalRef(response.get$ref())) {
+                response.set$ref(computeLocalRef(response.get$ref(), pathRef));
+            }
+        }
         if(response.getContent() != null) {
             Map<String, MediaType> content = response.getContent();
             for (String key: content.keySet()) {
@@ -188,6 +192,11 @@ protected void updateLocalRefs(Example example, String pathRef) {
     }
 
     protected void updateLocalRefs(Parameter param, String pathRef) {
+        if (param.get$ref() != null){
+            if(isLocalRef(param.get$ref())) {
+                param.set$ref(computeLocalRef(param.get$ref(), pathRef));
+            }
+        }
         if(param.getSchema() != null) {
             updateLocalRefs(param.getSchema(), pathRef);
         }
@@ -204,6 +213,11 @@ protected void updateLocalRefs(Parameter param, String pathRef) {
     }
 
     protected void updateLocalRefs(RequestBody body, String pathRef) {
+        if (body.get$ref() != null){
+            if(isLocalRef(body.get$ref())) {
+                body.set$ref(computeLocalRef(body.get$ref(), pathRef));
+            }
+        }
         if(body.getContent() != null) {
             Map<String, MediaType> content = body.getContent();
             for (String key: content.keySet()) {

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/util/DeserializationUtils.java

@@ -3,6 +3,7 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import io.swagger.v3.core.util.Yaml;
 import io.swagger.v3.core.util.Json;
+import org.yaml.snakeyaml.constructor.SafeConstructor;
 
 import java.io.IOException;
 
@@ -57,12 +58,12 @@ private static boolean isJson(String contents) {
     }
 
     public static JsonNode readYamlTree(String contents) {
-        org.yaml.snakeyaml.Yaml yaml = new org.yaml.snakeyaml.Yaml();
+        org.yaml.snakeyaml.Yaml yaml = new org.yaml.snakeyaml.Yaml(new SafeConstructor());
         return Json.mapper().convertValue(yaml.load(contents), JsonNode.class);
     }
 
     public static <T> T readYamlValue(String contents, Class<T> expectedType) {
-        org.yaml.snakeyaml.Yaml yaml = new org.yaml.snakeyaml.Yaml();
+        org.yaml.snakeyaml.Yaml yaml = new org.yaml.snakeyaml.Yaml(new SafeConstructor());
         return Json.mapper().convertValue(yaml.load(contents), expectedType);
     }
 }

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/util/OpenAPIDeserializer.java

@@ -1568,6 +1568,11 @@ public Parameter getParameter(ObjectNode obj, String location, ParseResult resul
             parameter.setExample(example);
         }
 
+        Boolean allowReserved = getBoolean("allowReserved", obj, false, location, result);
+        if (allowReserved != null) {
+            parameter.setAllowReserved(allowReserved);
+        }
+
         ObjectNode contentNode = getObject("content",obj,false,location,result);
         if(contentNode!= null) {
             parameter.setContent(getContent(contentNode, String.format("%s.%s", location, "content"), result));
@@ -2032,9 +2037,6 @@ public Schema getSchema(ObjectNode node, String location, ParseResult result){
         ArrayNode allOfArray = getArray("allOf", node, false, location, result);
         ArrayNode anyOfArray = getArray("anyOf", node, false, location, result);
         ObjectNode itemsNode = getObject("items", node, false, location, result);
-        ObjectNode additionalPropertiesNode = getObject("additionalProperties", node, false, location, result);
-        Boolean additionalPropertiesBoolean = getBoolean("additionalProperties", node, false, location, result);
-
 
         if((allOfArray != null )||(anyOfArray != null)|| (oneOfArray != null)) {
             ComposedSchema composedSchema = new ComposedSchema();
@@ -2085,31 +2087,25 @@ public Schema getSchema(ObjectNode node, String location, ParseResult result){
             schema = items;
         }
 
-        if(additionalPropertiesNode != null) {
-            MapSchema mapSchema = new MapSchema();
-            if (additionalPropertiesNode.getNodeType().equals(JsonNodeType.OBJECT)) {
-                ObjectNode additionalPropertiesObj = getObject("additionalProperties", node, false, location, result);
-                if (additionalPropertiesObj != null) {
-                    Schema additionalProperties = getSchema(additionalPropertiesObj, location, result);
-                    if (additionalProperties != null) {
-                        mapSchema.setAdditionalProperties(additionalProperties);
-                        schema = mapSchema;
-                    }
-                }
-            }
-        } else if(additionalPropertiesBoolean != null){
-            MapSchema mapSchema = new MapSchema();
-            if (additionalPropertiesBoolean) {
-                mapSchema.setAdditionalProperties(additionalPropertiesBoolean);
-                schema = mapSchema;
-            }else{
-                ObjectSchema objectSchema = new ObjectSchema();
-                objectSchema.setAdditionalProperties(additionalPropertiesBoolean);
-                schema = objectSchema;
-            }
-        }
+        Boolean additionalPropertiesBoolean = getBoolean("additionalProperties", node, false, location, result);
 
+        ObjectNode additionalPropertiesObject =
+            additionalPropertiesBoolean == null
+            ? getObject("additionalProperties", node, false, location, result)
+            : null;
 
+        Object additionalProperties =
+            additionalPropertiesObject != null
+            ? getSchema(additionalPropertiesObject, location, result)
+            : additionalPropertiesBoolean;
+
+        if(additionalProperties != null) {
+            schema =
+                additionalProperties.equals( Boolean.FALSE)
+                ? new ObjectSchema()
+                : new MapSchema();
+            schema.setAdditionalProperties( additionalProperties);
+        }
 
         if (schema == null){
             schema = SchemaTypeUtil.createSchemaByType(node);
@@ -2271,6 +2267,9 @@ public Schema getSchema(ObjectNode node, String location, ParseResult result){
                     schema.setType(type);
                 }
             }
+            if("array".equals( schema.getType()) && !(schema instanceof ArraySchema && ((ArraySchema) schema).getItems() != null)) {
+                result.missing(location, "items");
+            }
         }
 
         ObjectNode notObj = getObject("not", node, false, location, result);