-
Notifications
You must be signed in to change notification settings - Fork 532
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SWG-9288 utilizing safe url resolver for OAS 2.0 #2031
SWG-9288 utilizing safe url resolver for OAS 2.0 #2031
Conversation
I'll add tests soon & similar PR to v3 parser |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work, just 2 possible changes in constructors
@@ -66,6 +66,27 @@ public ResolverCache(Swagger swagger, List<AuthorizationValue> auths, String par | |||
this.swagger = swagger; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
instead of duplicating logic in constructor I would suggest to call this(swagger, auths, parentFileLocation, new ParseOptions())
@@ -49,6 +50,16 @@ public SwaggerResolver(Swagger swagger, List<AuthorizationValue> auths, String p | |||
parametersProcessor = new ParameterProcessor(cache, swagger); | |||
} | |||
|
|||
public SwaggerResolver(Swagger swagger, List<AuthorizationValue> auths, String parentFileLocation, Settings settings, ParseOptions parseOptions) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
instead of duplicating logic in constructor I would suggest to call in constructor above this(swagger, auths, parentFileLocation, settings, new ParseOptions())
Great shout, commited changes! Sorry for taking so long to apply the feedback, had to urgently finish other stuff last days. |
Addresses: #2030
This PR makes swagger-parser to utilizes safeUrlResolver when resolving OpenAPI 2.0 definitions.
The reason behind this change is described deeply under the following PR:
#1910
The $refs are checked in ResolverCache class, in loadRef method.
In order to keep the backward compatibility, I've created a new constructor of ResolverCache so it is possible to explicitly pass the parseOptions through the SwaggerResolver.