openapi3: fix #796 infinite loop during document validation (#797)

radwaretaltr · web-flow · commit 5a6f97ed7fa1 · 2023-06-07T16:02:03.000+02:00
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -126,7 +126,7 @@ jobs:
     - if: runner.os == 'Linux'
       name: Missing validation of unknown fields in extensions
       run: |
-        [[ $(git grep -InF 'return validateExtensions' -- openapi3 | wc -l) -eq $(git grep -InE '^\s+Extensions.+`' -- openapi3 | wc -l) ]]
+        [[ $(git grep -InE 'return .*validateExtensions' -- openapi3 | wc -l) -eq $(git grep -InE '^\s+Extensions.+`' -- openapi3 | wc -l) ]]
 
     - if: runner.os == 'Linux'
       name: Style around Extensions embedding
diff --git a/openapi3/issue796_test.go b/openapi3/issue796_test.go
@@ -0,0 +1,21 @@
+package openapi3
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestIssue796(t *testing.T) {
+	var old int
+	// Need to set CircularReferenceCounter to > 10
+	old, CircularReferenceCounter = CircularReferenceCounter, 20
+	defer func() { CircularReferenceCounter = old }()
+
+	loader := NewLoader()
+	doc, err := loader.LoadFromFile("testdata/issue796.yml")
+	require.NoError(t, err)
+
+	err = doc.Validate(loader.Context)
+	require.NoError(t, err)
+}
diff --git a/openapi3/schema.go b/openapi3/schema.go
@@ -847,60 +847,70 @@ func (schema *Schema) IsEmpty() bool {
 // Validate returns an error if Schema does not comply with the OpenAPI spec.
 func (schema *Schema) Validate(ctx context.Context, opts ...ValidationOption) error {
 	ctx = WithValidationOptions(ctx, opts...)
-	return schema.validate(ctx, []*Schema{})
+	_, err := schema.validate(ctx, []*Schema{})
+	return err
 }
 
-func (schema *Schema) validate(ctx context.Context, stack []*Schema) error {
+// returns the updated stack and an error if Schema does not comply with the OpenAPI spec.
+func (schema *Schema) validate(ctx context.Context, stack []*Schema) ([]*Schema, error) {
 	validationOpts := getValidationOptions(ctx)
 
 	for _, existing := range stack {
 		if existing == schema {
-			return nil
+			return stack, nil
 		}
 	}
 	stack = append(stack, schema)
 
 	if schema.ReadOnly && schema.WriteOnly {
-		return errors.New("a property MUST NOT be marked as both readOnly and writeOnly being true")
+		return stack, errors.New("a property MUST NOT be marked as both readOnly and writeOnly being true")
 	}
 
 	for _, item := range schema.OneOf {
 		v := item.Value
 		if v == nil {
-			return foundUnresolvedRef(item.Ref)
+			return stack, foundUnresolvedRef(item.Ref)
 		}
-		if err := v.validate(ctx, stack); err != nil {
-			return err
+
+		var err error
+		if stack, err = v.validate(ctx, stack); err != nil {
+			return stack, err
 		}
 	}
 
 	for _, item := range schema.AnyOf {
 		v := item.Value
 		if v == nil {
-			return foundUnresolvedRef(item.Ref)
+			return stack, foundUnresolvedRef(item.Ref)
 		}
-		if err := v.validate(ctx, stack); err != nil {
-			return err
+
+		var err error
+		if stack, err = v.validate(ctx, stack); err != nil {
+			return stack, err
 		}
 	}
 
 	for _, item := range schema.AllOf {
 		v := item.Value
 		if v == nil {
-			return foundUnresolvedRef(item.Ref)
+			return stack, foundUnresolvedRef(item.Ref)
 		}
-		if err := v.validate(ctx, stack); err != nil {
-			return err
+
+		var err error
+		if stack, err = v.validate(ctx, stack); err != nil {
+			return stack, err
 		}
 	}
 
 	if ref := schema.Not; ref != nil {
 		v := ref.Value
 		if v == nil {
-			return foundUnresolvedRef(ref.Ref)
+			return stack, foundUnresolvedRef(ref.Ref)
 		}
-		if err := v.validate(ctx, stack); err != nil {
-			return err
+
+		var err error
+		if stack, err = v.validate(ctx, stack); err != nil {
+			return stack, err
 		}
 	}
 
@@ -914,7 +924,7 @@ func (schema *Schema) validate(ctx context.Context, stack []*Schema) error {
 			case "float", "double":
 			default:
 				if validationOpts.schemaFormatValidationEnabled {
-					return unsupportedFormat(format)
+					return stack, unsupportedFormat(format)
 				}
 			}
 		}
@@ -924,7 +934,7 @@ func (schema *Schema) validate(ctx context.Context, stack []*Schema) error {
 			case "int32", "int64":
 			default:
 				if validationOpts.schemaFormatValidationEnabled {
-					return unsupportedFormat(format)
+					return stack, unsupportedFormat(format)
 				}
 			}
 		}
@@ -946,31 +956,33 @@ func (schema *Schema) validate(ctx context.Context, stack []*Schema) error {
 			default:
 				// Try to check for custom defined formats
 				if _, ok := SchemaStringFormats[format]; !ok && validationOpts.schemaFormatValidationEnabled {
-					return unsupportedFormat(format)
+					return stack, unsupportedFormat(format)
 				}
 			}
 		}
 		if schema.Pattern != "" && !validationOpts.schemaPatternValidationDisabled {
 			if err := schema.compilePattern(); err != nil {
-				return err
+				return stack, err
 			}
 		}
 	case TypeArray:
 		if schema.Items == nil {
-			return errors.New("when schema type is 'array', schema 'items' must be non-null")
+			return stack, errors.New("when schema type is 'array', schema 'items' must be non-null")
 		}
 	case TypeObject:
 	default:
-		return fmt.Errorf("unsupported 'type' value %q", schemaType)
+		return stack, fmt.Errorf("unsupported 'type' value %q", schemaType)
 	}
 
 	if ref := schema.Items; ref != nil {
 		v := ref.Value
 		if v == nil {
-			return foundUnresolvedRef(ref.Ref)
+			return stack, foundUnresolvedRef(ref.Ref)
 		}
-		if err := v.validate(ctx, stack); err != nil {
-			return err
+
+		var err error
+		if stack, err = v.validate(ctx, stack); err != nil {
+			return stack, err
 		}
 	}
 
@@ -983,45 +995,49 @@ func (schema *Schema) validate(ctx context.Context, stack []*Schema) error {
 		ref := schema.Properties[name]
 		v := ref.Value
 		if v == nil {
-			return foundUnresolvedRef(ref.Ref)
+			return stack, foundUnresolvedRef(ref.Ref)
 		}
-		if err := v.validate(ctx, stack); err != nil {
-			return err
+
+		var err error
+		if stack, err = v.validate(ctx, stack); err != nil {
+			return stack, err
 		}
 	}
 
 	if schema.AdditionalProperties.Has != nil && schema.AdditionalProperties.Schema != nil {
-		return errors.New("additionalProperties are set to both boolean and schema")
+		return stack, errors.New("additionalProperties are set to both boolean and schema")
 	}
 	if ref := schema.AdditionalProperties.Schema; ref != nil {
 		v := ref.Value
 		if v == nil {
-			return foundUnresolvedRef(ref.Ref)
+			return stack, foundUnresolvedRef(ref.Ref)
 		}
-		if err := v.validate(ctx, stack); err != nil {
-			return err
+
+		var err error
+		if stack, err = v.validate(ctx, stack); err != nil {
+			return stack, err
 		}
 	}
 
 	if v := schema.ExternalDocs; v != nil {
 		if err := v.Validate(ctx); err != nil {
-			return fmt.Errorf("invalid external docs: %w", err)
+			return stack, fmt.Errorf("invalid external docs: %w", err)
 		}
 	}
 
 	if v := schema.Default; v != nil && !validationOpts.schemaDefaultsValidationDisabled {
 		if err := schema.VisitJSON(v); err != nil {
-			return fmt.Errorf("invalid default: %w", err)
+			return stack, fmt.Errorf("invalid default: %w", err)
 		}
 	}
 
 	if x := schema.Example; x != nil && !validationOpts.examplesValidationDisabled {
 		if err := validateExampleValue(ctx, x, schema); err != nil {
-			return fmt.Errorf("invalid example: %w", err)
+			return stack, fmt.Errorf("invalid example: %w", err)
 		}
 	}
 
-	return validateExtensions(ctx, schema.Extensions)
+	return stack, validateExtensions(ctx, schema.Extensions)
 }
 
 func (schema *Schema) IsMatching(value interface{}) bool {
diff --git a/openapi3/testdata/issue796.yml b/openapi3/testdata/issue796.yml

Original file line number	Diff line number	Diff line change
`@@ -847,60 +847,70 @@ func (schema *Schema) IsEmpty() bool {`
`847`	`847`	`// Validate returns an error if Schema does not comply with the OpenAPI spec.`
`848`	`848`	`func (schema *Schema) Validate(ctx context.Context, opts ...ValidationOption) error {`
`849`	`849`	`ctx = WithValidationOptions(ctx, opts...)`
`850`		`- return schema.validate(ctx, []*Schema{})`
	`850`	`+ _, err := schema.validate(ctx, []*Schema{})`
	`851`	`+ return err`
`851`	`852`	`}`
`852`	`853`
`853`		`-func (schema Schema) validate(ctx context.Context, stack []Schema) error {`
	`854`	`+// returns the updated stack and an error if Schema does not comply with the OpenAPI spec.`
	`855`	`+func (schema Schema) validate(ctx context.Context, stack []Schema) ([]*Schema, error) {`
`854`	`856`	`validationOpts := getValidationOptions(ctx)`
`855`	`857`
`856`	`858`	`for _, existing := range stack {`
`857`	`859`	`if existing == schema {`
`858`		`- return nil`
	`860`	`+ return stack, nil`
`859`	`861`	`}`
`860`	`862`	`}`
`861`	`863`	`stack = append(stack, schema)`
`862`	`864`
`863`	`865`	`if schema.ReadOnly && schema.WriteOnly {`
`864`		`- return errors.New("a property MUST NOT be marked as both readOnly and writeOnly being true")`
	`866`	`+ return stack, errors.New("a property MUST NOT be marked as both readOnly and writeOnly being true")`
`865`	`867`	`}`
`866`	`868`
`867`	`869`	`for _, item := range schema.OneOf {`
`868`	`870`	`v := item.Value`
`869`	`871`	`if v == nil {`
`870`		`- return foundUnresolvedRef(item.Ref)`
	`872`	`+ return stack, foundUnresolvedRef(item.Ref)`
`871`	`873`	`}`
`872`		`- if err := v.validate(ctx, stack); err != nil {`
`873`		`- return err`
	`874`	`+`
	`875`	`+ var err error`
	`876`	`+ if stack, err = v.validate(ctx, stack); err != nil {`
	`877`	`+ return stack, err`
`874`	`878`	`}`
`875`	`879`	`}`
`876`	`880`
`877`	`881`	`for _, item := range schema.AnyOf {`
`878`	`882`	`v := item.Value`
`879`	`883`	`if v == nil {`
`880`		`- return foundUnresolvedRef(item.Ref)`
	`884`	`+ return stack, foundUnresolvedRef(item.Ref)`
`881`	`885`	`}`
`882`		`- if err := v.validate(ctx, stack); err != nil {`
`883`		`- return err`
	`886`	`+`
	`887`	`+ var err error`
	`888`	`+ if stack, err = v.validate(ctx, stack); err != nil {`
	`889`	`+ return stack, err`
`884`	`890`	`}`
`885`	`891`	`}`
`886`	`892`
`887`	`893`	`for _, item := range schema.AllOf {`
`888`	`894`	`v := item.Value`
`889`	`895`	`if v == nil {`
`890`		`- return foundUnresolvedRef(item.Ref)`
	`896`	`+ return stack, foundUnresolvedRef(item.Ref)`
`891`	`897`	`}`
`892`		`- if err := v.validate(ctx, stack); err != nil {`
`893`		`- return err`
	`898`	`+`
	`899`	`+ var err error`
	`900`	`+ if stack, err = v.validate(ctx, stack); err != nil {`
	`901`	`+ return stack, err`
`894`	`902`	`}`
`895`	`903`	`}`
`896`	`904`
`897`	`905`	`if ref := schema.Not; ref != nil {`
`898`	`906`	`v := ref.Value`
`899`	`907`	`if v == nil {`
`900`		`- return foundUnresolvedRef(ref.Ref)`
	`908`	`+ return stack, foundUnresolvedRef(ref.Ref)`
`901`	`909`	`}`
`902`		`- if err := v.validate(ctx, stack); err != nil {`
`903`		`- return err`
	`910`	`+`
	`911`	`+ var err error`
	`912`	`+ if stack, err = v.validate(ctx, stack); err != nil {`
	`913`	`+ return stack, err`
`904`	`914`	`}`
`905`	`915`	`}`
`906`	`916`
`@@ -914,7 +924,7 @@ func (schema Schema) validate(ctx context.Context, stack []Schema) error {`
`914`	`924`	`case "float", "double":`
`915`	`925`	`default:`
`916`	`926`	`if validationOpts.schemaFormatValidationEnabled {`
`917`		`- return unsupportedFormat(format)`
	`927`	`+ return stack, unsupportedFormat(format)`
`918`	`928`	`}`
`919`	`929`	`}`
`920`	`930`	`}`
`@@ -924,7 +934,7 @@ func (schema Schema) validate(ctx context.Context, stack []Schema) error {`
`924`	`934`	`case "int32", "int64":`
`925`	`935`	`default:`
`926`	`936`	`if validationOpts.schemaFormatValidationEnabled {`
`927`		`- return unsupportedFormat(format)`
	`937`	`+ return stack, unsupportedFormat(format)`
`928`	`938`	`}`
`929`	`939`	`}`
`930`	`940`	`}`
`@@ -946,31 +956,33 @@ func (schema Schema) validate(ctx context.Context, stack []Schema) error {`
`946`	`956`	`default:`
`947`	`957`	`// Try to check for custom defined formats`
`948`	`958`	`if _, ok := SchemaStringFormats[format]; !ok && validationOpts.schemaFormatValidationEnabled {`
`949`		`- return unsupportedFormat(format)`
	`959`	`+ return stack, unsupportedFormat(format)`
`950`	`960`	`}`
`951`	`961`	`}`
`952`	`962`	`}`
`953`	`963`	`if schema.Pattern != "" && !validationOpts.schemaPatternValidationDisabled {`
`954`	`964`	`if err := schema.compilePattern(); err != nil {`
`955`		`- return err`
	`965`	`+ return stack, err`
`956`	`966`	`}`
`957`	`967`	`}`
`958`	`968`	`case TypeArray:`
`959`	`969`	`if schema.Items == nil {`
`960`		`- return errors.New("when schema type is 'array', schema 'items' must be non-null")`
	`970`	`+ return stack, errors.New("when schema type is 'array', schema 'items' must be non-null")`
`961`	`971`	`}`
`962`	`972`	`case TypeObject:`
`963`	`973`	`default:`
`964`		`- return fmt.Errorf("unsupported 'type' value %q", schemaType)`
	`974`	`+ return stack, fmt.Errorf("unsupported 'type' value %q", schemaType)`
`965`	`975`	`}`
`966`	`976`
`967`	`977`	`if ref := schema.Items; ref != nil {`
`968`	`978`	`v := ref.Value`
`969`	`979`	`if v == nil {`
`970`		`- return foundUnresolvedRef(ref.Ref)`
	`980`	`+ return stack, foundUnresolvedRef(ref.Ref)`
`971`	`981`	`}`
`972`		`- if err := v.validate(ctx, stack); err != nil {`
`973`		`- return err`
	`982`	`+`
	`983`	`+ var err error`
	`984`	`+ if stack, err = v.validate(ctx, stack); err != nil {`
	`985`	`+ return stack, err`
`974`	`986`	`}`
`975`	`987`	`}`
`976`	`988`
`@@ -983,45 +995,49 @@ func (schema Schema) validate(ctx context.Context, stack []Schema) error {`
`983`	`995`	`ref := schema.Properties[name]`
`984`	`996`	`v := ref.Value`
`985`	`997`	`if v == nil {`
`986`		`- return foundUnresolvedRef(ref.Ref)`
	`998`	`+ return stack, foundUnresolvedRef(ref.Ref)`
`987`	`999`	`}`
`988`		`- if err := v.validate(ctx, stack); err != nil {`
`989`		`- return err`
	`1000`	`+`
	`1001`	`+ var err error`
	`1002`	`+ if stack, err = v.validate(ctx, stack); err != nil {`
	`1003`	`+ return stack, err`
`990`	`1004`	`}`
`991`	`1005`	`}`
`992`	`1006`
`993`	`1007`	`if schema.AdditionalProperties.Has != nil && schema.AdditionalProperties.Schema != nil {`
`994`		`- return errors.New("additionalProperties are set to both boolean and schema")`
	`1008`	`+ return stack, errors.New("additionalProperties are set to both boolean and schema")`
`995`	`1009`	`}`
`996`	`1010`	`if ref := schema.AdditionalProperties.Schema; ref != nil {`
`997`	`1011`	`v := ref.Value`
`998`	`1012`	`if v == nil {`
`999`		`- return foundUnresolvedRef(ref.Ref)`
	`1013`	`+ return stack, foundUnresolvedRef(ref.Ref)`
`1000`	`1014`	`}`
`1001`		`- if err := v.validate(ctx, stack); err != nil {`
`1002`		`- return err`
	`1015`	`+`
	`1016`	`+ var err error`
	`1017`	`+ if stack, err = v.validate(ctx, stack); err != nil {`
	`1018`	`+ return stack, err`
`1003`	`1019`	`}`
`1004`	`1020`	`}`
`1005`	`1021`
`1006`	`1022`	`if v := schema.ExternalDocs; v != nil {`
`1007`	`1023`	`if err := v.Validate(ctx); err != nil {`
`1008`		`- return fmt.Errorf("invalid external docs: %w", err)`
	`1024`	`+ return stack, fmt.Errorf("invalid external docs: %w", err)`
`1009`	`1025`	`}`
`1010`	`1026`	`}`
`1011`	`1027`
`1012`	`1028`	`if v := schema.Default; v != nil && !validationOpts.schemaDefaultsValidationDisabled {`
`1013`	`1029`	`if err := schema.VisitJSON(v); err != nil {`
`1014`		`- return fmt.Errorf("invalid default: %w", err)`
	`1030`	`+ return stack, fmt.Errorf("invalid default: %w", err)`
`1015`	`1031`	`}`
`1016`	`1032`	`}`
`1017`	`1033`
`1018`	`1034`	`if x := schema.Example; x != nil && !validationOpts.examplesValidationDisabled {`
`1019`	`1035`	`if err := validateExampleValue(ctx, x, schema); err != nil {`
`1020`		`- return fmt.Errorf("invalid example: %w", err)`
	`1036`	`+ return stack, fmt.Errorf("invalid example: %w", err)`
`1021`	`1037`	`}`
`1022`	`1038`	`}`
`1023`	`1039`
`1024`		`- return validateExtensions(ctx, schema.Extensions)`
	`1040`	`+ return stack, validateExtensions(ctx, schema.Extensions)`
`1025`	`1041`	`}`
`1026`	`1042`
`1027`	`1043`	`func (schema *Schema) IsMatching(value interface{}) bool {`