Merge branch 'master' of https://github.com/swagger-api/swagger-parser into parser-resolving-duplicated-path

Author: gracekarina

.github/dependabot.yml

@@ -5,14 +5,14 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
-    allow: 
-      - dependency-name: "io.swagger.core.v3:*"
-      - dependency-name: "io.swagger:*"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
   - package-ecosystem: "maven"
     target-branch: "v1"
     directory: "/"
     schedule:
       interval: "daily"
-    allow: 
-      - dependency-name: "io.swagger.core.v3:*"
-      - dependency-name: "io.swagger:*"      
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]

.github/workflows/dependency-review.yml

@@ -0,0 +1,16 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+    - name: 'Checkout Repository'
+      uses: actions/checkout@v4
+    - name: Dependency Review
+      uses: actions/dependency-review-action@v3
+      with:
+        fail-on-severity: high

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/util/OpenAPIDeserializer.java

@@ -4155,10 +4155,9 @@ public Schema getJsonSchema(JsonNode jsonNode, String location, ParseResult resu
 			schema.setPatternProperties(patternProperties);
 		}
 
-		//const is a String
-		value = getString("const", node, false, location, result);
-		if (value != null) {
-			schema.setConst(value);
+		Object constValue = getAnyType("const", node, location, result);
+		if (constValue != null) {
+			schema.setConst(constValue);
 		}
 
 		value = getString("contentEncoding", node, false, location, result);

modules/swagger-parser-v3/src/test/java/io/swagger/v3/parser/test/OAI31DeserializationTest.java

@@ -1,5 +1,9 @@
 package io.swagger.v3.parser.test;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.NullNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.media.Schema;
 import io.swagger.v3.oas.models.security.SecurityRequirement;
@@ -8,6 +12,7 @@
 import io.swagger.v3.parser.core.models.SwaggerParseResult;
 import org.testng.annotations.Test;
 
+import java.math.BigDecimal;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
@@ -56,6 +61,46 @@ public void testSchemaKeysOAS31() {
         assertTrue(patternProperties.getTypes().contains("string"));
     }
 
+    @Test(description = "Test OAS31 Schema const deserialization")
+    public void testSchemaConstOAS31() {
+        SwaggerParseResult result = new OpenAPIV3Parser().readLocation( "3.1.0/issue-1975.yaml", null, null);
+        assertNotNull(result.getOpenAPI());
+        OpenAPI openAPI = result.getOpenAPI();
+
+        assertTrue(result.getMessages().size() == 0);
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstValidation").getConst(), 2);
+        ObjectMapper mapper = new ObjectMapper();
+        ObjectNode objNode = mapper.createObjectNode();
+        objNode.put("foo", "bar");
+        objNode.put("baz", "bax");
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstWithObject").getConst(), objNode);
+        ArrayNode arrayNode = mapper.createArrayNode();
+        ObjectNode arrayItem = mapper.createObjectNode();
+        arrayItem.put("foo", "bar");
+        arrayNode.add(arrayItem);
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstWithArray").getConst(), arrayNode);
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstWithNull").getConst(), NullNode.getInstance());
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstWithFalseDoesNotMatch0").getConst(), false);
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstWithTrueDoesNotMatch1").getConst(), true);
+        arrayNode = mapper.createArrayNode();
+        arrayNode.add(false);
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstWithArrayFalseDoesNotMatch0").getConst(), arrayNode);
+        arrayNode = mapper.createArrayNode();
+        arrayNode.add(true);
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstWithArrayTrueDoesNotMatch1").getConst(), arrayNode);
+        objNode = mapper.createObjectNode();
+        objNode.put("a", false);
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstWithAFalseDoesNotMatchA0").getConst(), objNode);
+        objNode = mapper.createObjectNode();
+        objNode.put("a", true);
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstWithATrueDoesNotMatchA1").getConst(), objNode);
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstWith0DoesNotMatchOtherZeroLikeTypes").getConst(), 0);
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstWith1DoesNotMatchTrue").getConst(), 1);
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstWith20MatchesIntegerAndFloatTypes").getConst(), new BigDecimal("-2.0"));
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstFloatAndIntegersAreEqualUpTo64BitRepresentationLimits").getConst(), new BigDecimal(9007199254740992L));
+        assertEquals(openAPI.getComponents().getSchemas().get("ConstNulCharactersInStrings").getConst(), "hello\0there");
+    }
+
     @Test(description = "Test basic OAS31 deserialization/validation")
     public void testBasicOAS31() {
         SwaggerParseResult result = new OpenAPIV3Parser().readLocation( "3.1.0/test/basicOAS31.yaml", null, null);
@@ -1001,8 +1046,11 @@ public void test31SafeURLResolving() {
         parseOptions.setRemoteRefBlockList(blockList);
 
         SwaggerParseResult result = new OpenAPIV3Parser().readLocation("3.1.0/resolve/safeResolving/safeUrlResolvingWithPetstore.yaml", null, parseOptions);
-
-        assertTrue(result.getMessages().isEmpty());
+        if (result.getMessages() != null) {
+            for (String message : result.getMessages()) {
+                assertTrue(message.contains("Server returned HTTP response code: 403"));
+            }
+        }
     }
 
     @Test(description = "Test safe resolving with blocked URL")
@@ -1015,11 +1063,15 @@ public void test31SafeURLResolvingWithBlockedURL() {
         parseOptions.setRemoteRefAllowList(allowList);
         parseOptions.setRemoteRefBlockList(blockList);
 
-        List<String> errorList = Arrays.asList("URL is part of the explicit denylist. URL [https://petstore3.swagger.io/api/v3/openapi.json]");
         SwaggerParseResult result = new OpenAPIV3Parser().readLocation("3.1.0/resolve/safeResolving/safeUrlResolvingWithPetstore.yaml", null, parseOptions);
 
-        assertEquals(result.getMessages(), errorList);
-        assertEquals(result.getMessages().size(), 1);
+        if (result.getMessages() != null) {
+            for (String message : result.getMessages()) {
+                assertTrue(
+                        message.contains("Server returned HTTP response code: 403") ||
+                        message.contains("URL is part of the explicit denylist. URL [https://petstore3.swagger.io/api/v3/openapi.json]"));
+            }
+        }
     }
 
     @Test(description = "Test safe resolving with turned off safelyResolveURL option")
@@ -1033,8 +1085,11 @@ public void test31SafeURLResolvingWithTurnedOffSafeResolving() {
         parseOptions.setRemoteRefBlockList(blockList);
 
         SwaggerParseResult result = new OpenAPIV3Parser().readLocation("3.1.0/resolve/safeResolving/safeUrlResolvingWithPetstore.yaml", null, parseOptions);
-
-        assertTrue(result.getMessages().isEmpty());
+        if (result.getMessages() != null) {
+            for (String message : result.getMessages()) {
+                assertTrue(message.contains("Server returned HTTP response code: 403"));
+            }
+        }
     }
 
     @Test(description = "Test safe resolving with localhost and blocked url")
@@ -1044,9 +1099,13 @@ public void test31SafeURLResolvingWithLocalhostAndBlockedURL() {
         parseOptions.setSafelyResolveURL(true);
 
         SwaggerParseResult result = new OpenAPIV3Parser().readLocation("3.1.0/resolve/safeResolving/safeUrlResolvingWithLocalhost.yaml", null, parseOptions);
-
-        assertTrue(result.getMessages().get(0).contains("IP is restricted"));
-        assertEquals(result.getMessages().size(), 1);
+        if (result.getMessages() != null) {
+            for (String message : result.getMessages()) {
+                assertTrue(
+                        message.contains("Server returned HTTP response code: 403") ||
+                                message.contains("IP is restricted"));
+            }
+        }
     }
 
     @Test(description = "Test safe resolving with localhost url")
@@ -1060,8 +1119,14 @@ public void test31SafeURLResolvingWithLocalhost() {
         String error = "URL is part of the explicit denylist. URL [https://petstore.swagger.io/v2/swagger.json]";
         SwaggerParseResult result = new OpenAPIV3Parser().readLocation("3.1.0/resolve/safeResolving/safeUrlResolvingWithLocalhost.yaml", null, parseOptions);
 
-        assertTrue(result.getMessages().get(0).contains("IP is restricted"));
-        assertEquals(result.getMessages().get(1), error);
-        assertEquals(result.getMessages().size(), 2);
+        if (result.getMessages() != null) {
+            for (String message : result.getMessages()) {
+                assertTrue(
+                        message.contains("Server returned HTTP response code: 403") ||
+                                message.contains("IP is restricted") ||
+                                message.contains(error)
+                        );
+            }
+        }
     }
 }

modules/swagger-parser-v3/src/test/resources/3.1.0/issue-1975.yaml

@@ -0,0 +1,64 @@
+openapi: 3.1.0
+servers:
+  - url: https://someserver.com/v1
+info:
+  title: openapi 3.1.0 sample spec
+  version: 0.0.1
+  description: sample spec for testing openapi functionality, built from json schema
+    tests for draft2020-12
+tags: []
+paths: {}
+components:
+  schemas:
+    ConstValidation:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const: 2
+    ConstWithObject:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const:
+        foo: bar
+        baz: bax
+    ConstWithArray:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const:
+        - foo: bar
+    ConstWithNull:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const: null
+    ConstWithFalseDoesNotMatch0:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const: false
+    ConstWithTrueDoesNotMatch1:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const: true
+    ConstWithArrayFalseDoesNotMatch0:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const:
+        - false
+    ConstWithArrayTrueDoesNotMatch1:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const:
+        - true
+    ConstWithAFalseDoesNotMatchA0:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const:
+        a: false
+    ConstWithATrueDoesNotMatchA1:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const:
+        a: true
+    ConstWith0DoesNotMatchOtherZeroLikeTypes:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const: 0
+    ConstWith1DoesNotMatchTrue:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const: 1
+    ConstWith20MatchesIntegerAndFloatTypes:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const: -2.0
+    ConstFloatAndIntegersAreEqualUpTo64BitRepresentationLimits:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const: 9007199254740992
+    ConstNulCharactersInStrings:
+      $schema: https://json-schema.org/draft/2020-12/schema
+      const: "hello\0there"

pom.xml

@@ -137,12 +137,12 @@
             </plugin>
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.10.1</version>
+                <version>3.11.0</version>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.5.0</version>
+                <version>3.6.2</version>
                 <configuration>
                     <aggregate>true</aggregate>
                     <source>1.8</source>
@@ -165,7 +165,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-source-plugin</artifactId>
-                <version>3.2.1</version>
+                <version>3.3.0</version>
                 <executions>
                     <execution>
                         <id>attach-sources</id>
@@ -421,8 +421,8 @@
         <junit-version>4.13.2</junit-version>
         <testng-version>7.8.0</testng-version>
         <jmockit-version>1.49</jmockit-version>
-        <wiremock-version>2.35.0</wiremock-version>
-        <surefire-version>3.0.0</surefire-version>
+        <wiremock-version>2.35.1</wiremock-version>
+        <surefire-version>3.2.2</surefire-version>
         <commons-lang-version>3.13.0</commons-lang-version>
         <jackson-version>2.15.3</jackson-version>
         <jackson-databind-version>2.15.3</jackson-databind-version>