BasePath is never used in validator
Say in swagger, there is "basePath":"/base" and some other method path "/testGet"
If I validate the following it will fail validate(swagger.json, /base/testGet) while if i do not include the base path, it will succeed on validate(swagger.json, /testGet).
To further debug, based on the latest version of swagger-request-validator-core.1.0.13, I find that there is on bug on com.atlassian.oai.validator.interaction.ApiOperationResolver.ApiBasedNormalisedPath#ApiBasedNormalisedPath.
In the constructor, line 93, this.normalised = this.normalise(path);, and inside String normalise(String), it calls trimPrefix at line 133. Inside trimPrefix, it uses member variable apiPrefix but apiPrefix has not been initialized until line 95.
In this case, the normalised string will always use null as apiPrefix.
Comments (8)
-
-
reporter could u please let me know when the new release will be out?
-
Fix is now available in v1.0.14
Apologies for the delay in releasing.
-
- changed status to resolved
-
The bug still exists in version swagger-request-validator-core 1.3.2. There is "basePath":"/base" and some other method path "/testGet". Whether url contains basepath or does not contains basepath, it will succeed on validate. eg: swagger.json, /base/testGet, it will succeed on validate. swagger.json, /testGet, it will still succeed on validate.
-
Can you try the latest version (1.4.4) and let me know if you still see the problem.
Thanks.
-
I have updated to version 1.44. I'm sorry the problem still exists.The bug can be seen in my test code:
/** * Created by Blue-Ledao on 2018/6/21. */ public class JunitTest { String basepath; String apipath; private String template = "{\n" + " \"swagger\": \"2.0\",\n" + " \"info\": {\n" + " \"version\": \"1.0.0\",\n" + " \"title\": \"Sample API\",\n" + " \"description\": \"A simple API to learn how to write OpenAPI Specification\"\n" + " },\n" + " \"schemes\": [\n" + " \"https\",\n" + " \"http\"\n" + " ],\n" + " \"host\": \"localhost\",\n" + " \"basePath\": \"#####\",\n" + " \"paths\": {\n" + " \"*****\": {\n" + " \"get\": {\n" + " \"responses\": {\n" + " \"200\": {\n" + " \"description\": \"ok\"\n" + " }\n" + " }\n" + " }\n" + " }\n" + " }\n" + "}"; public String setSwaggerString(String basepath,String apipath){ String swaggerString = template.replace("#####",basepath).replace("*****",apipath); return swaggerString; } public ValidationReport validate(SimpleRequest request){ String swaggerString = setSwaggerString(basepath, apipath); SwaggerRequestResponseValidator validator = SwaggerRequestResponseValidator.createFor(swaggerString).build(); ValidationReport report = validator.validateRequest(request); return report; } /** * There is a Simplerequest object in the test1(), and its URL is/test/test * If the basepath is the same as apipath in swagger, then test1() does not pass * In fact the return value of report.hasErrors() should be false */ @Test public void test1(){ basepath = "/test"; apipath = "/test"; SimpleRequest request1 = SimpleRequest.Builder.get("/test/test").build(); ValidationReport report = validate(request1); Assert.assertEquals(false,report.hasErrors()); } /** * There is a Simplerequest object in the test2(), and its URL is/test/testABC * If BasePath is a apipath substring in swagger, then test2() does not pass * In fact the return value of report.hasErrors() should be false */ @Test public void test2(){ basepath = "/test"; apipath = "/testABC"; SimpleRequest request2 = SimpleRequest.Builder.get("/test/testABC").build(); ValidationReport report = validate(request2); Assert.assertEquals(false,report.hasErrors()); } /** * There is a Simplerequest object in the test3(), and its URL is/test * If the basepath is defined in the swagger, the URL does not actually contain basepath, then test3() does not pass * In fact the return value of report.hasErrors() should be true */ @Test public void test3(){ basepath = "/abc"; apipath = "/test"; SimpleRequest request3 = SimpleRequest.Builder.get("/test").build(); ValidationReport report = validate(request3); Assert.assertEquals(true,report.hasErrors()); } }
-
Hi @Blue-Ledao - thanks for that test - super helpful.
Looks like we have two separate bugs going on here:
For
test1
andtest2
the problem is that theapipath
has the same prefix as thebasepath
and so gets removed incorrectly. Your tests pass if you change thebasepath
to something other thantest
.For
test3
the problem is that the 'normalized' request path matches the 'normalised'apipath
and so the validation succeeds.I will raise a new issue to track these bugs.
- Log in to comment
Yes, correct. I introduced this bug.
This was already fixed with the latest pull request: https://bitbucket.org/atlassian/swagger-request-validator/pull-requests/31
A new release with this fixed bug is not out, yet.