fix(openapi): prevent dynamic scope leakage between OpenAPI schemas

Author: marle3003

providers/openapi/components.go

@@ -20,9 +20,14 @@ type Components struct {
 type ComponentParameters map[string]*ParameterRef
 
 func (c *Components) parse(config *dynamic.Config, reader dynamic.Reader) error {
-	if err := c.Schemas.Parse(config, reader); err != nil {
-		return fmt.Errorf("parse components failed: %w", err)
+	if c.Schemas != nil {
+		for it := c.Schemas.Iter(); it.Next(); {
+			if err := it.Value().Parse(config, reader); err != nil {
+				return fmt.Errorf("parse components failed: parse schema '%s' failed: %w", it.Key(), err)
+			}
+		}
 	}
+
 	if err := c.Responses.parse(config, reader); err != nil {
 		return fmt.Errorf("parse components failed: %w", err)
 	}

providers/openapi/config.go

@@ -114,11 +114,13 @@ func (c *Config) Parse(config *dynamic.Config, reader dynamic.Reader) error {
 		return nil
 	}
 
-	if err := c.Components.parse(config, reader); err != nil {
+	config.Scope.OpenIfNeeded(config.Info.Path())
+
+	if err := c.Paths.parse(config, reader); err != nil {
 		return err
 	}
 
-	if err := c.Paths.parse(config, reader); err != nil {
+	if err := c.Components.parse(config, reader); err != nil {
 		return err
 	}
 

providers/openapi/config_schema_dynamic_test.go

@@ -0,0 +1,157 @@
+package openapi_test
+
+import (
+	"mokapi/config/dynamic"
+	"mokapi/config/dynamic/dynamictest"
+	"mokapi/providers/openapi"
+	json "mokapi/schema/json/schema"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"gopkg.in/yaml.v3"
+)
+
+func TestConfig_DynamicSchema(t *testing.T) {
+	testdata := []struct {
+		name string
+		data string
+		test func(t *testing.T, c *openapi.Config)
+	}{
+		{
+			name: "dynamic reference using $id",
+			data: `
+openapi: "3.0.0"
+info:
+  title: "Dynamic Schema"
+paths:
+  /foo:
+    get:
+      responses:
+        '200':
+          content:
+            'application/json':
+              schema:
+                $id: /foo
+                $ref: '#/components/schemas/Response'
+                $defs:
+                  content:
+                    $dynamicAnchor: T
+                    type: object
+  /bar:
+    get:
+      responses:
+        '200':
+          content:
+            'application/json':
+              schema:
+                $id: /bar
+                $ref: '#/components/schemas/Response'
+                $defs:
+                  content:
+                    $dynamicAnchor: T
+                    type: array
+components:
+  schemas:
+    Response:
+      $defs:
+        content:
+          $dynamicAnchor: T
+          not: true
+      type: object
+      properties:
+        content:
+          $dynamicRef: '#T'
+        error:
+          type: object
+`,
+			test: func(t *testing.T, c *openapi.Config) {
+				require.NotNil(t, c)
+				foo := c.Paths["/foo"].Value.Get.Responses.GetResponse(http.StatusOK).Content["application/json"].Schema
+				require.NotNil(t, foo)
+				require.NotNil(t, foo.Properties)
+				require.Equal(t, json.Types{"object"}, foo.Properties.Get("content").Type)
+
+				bar := c.Paths["/bar"].Value.Get.Responses.GetResponse(http.StatusOK).Content["application/json"].Schema
+				require.NotNil(t, bar)
+				require.NotNil(t, bar.Properties)
+				require.Equal(t, json.Types{"array"}, bar.Properties.Get("content").Type)
+
+			},
+		},
+		{
+			name: "dynamic reference without $id",
+			data: `
+openapi: "3.0.0"
+info:
+  title: "Dynamic Schema"
+paths:
+  /foo:
+    get:
+      responses:
+        '200':
+          content:
+            'application/json':
+              schema:
+                $ref: '#/components/schemas/Response'
+                $defs:
+                  content:
+                    $dynamicAnchor: T
+                    type: object
+  /bar:
+    get:
+      responses:
+        '200':
+          content:
+            'application/json':
+              schema:
+                $id: /bar
+                $ref: '#/components/schemas/Response'
+                $defs:
+                  content:
+                    $dynamicAnchor: T
+                    type: array
+components:
+  schemas:
+    Response:
+      $defs:
+        content:
+          $dynamicAnchor: T
+          not: true
+      type: object
+      properties:
+        content:
+          $dynamicRef: '#T'
+        error:
+          type: object
+`,
+			test: func(t *testing.T, c *openapi.Config) {
+				require.NotNil(t, c)
+				s := c.Paths["/foo"].Value.Get.Responses.GetResponse(http.StatusOK).Content["application/json"].Schema
+				require.NotNil(t, s)
+				require.NotNil(t, s.Properties)
+				require.Equal(t, json.Types{"object"}, s.Properties.Get("content").Type)
+
+				bar := c.Paths["/bar"].Value.Get.Responses.GetResponse(http.StatusOK).Content["application/json"].Schema
+				require.NotNil(t, bar)
+				require.NotNil(t, bar.Properties)
+				require.Equal(t, json.Types{"array"}, bar.Properties.Get("content").Type)
+			},
+		},
+	}
+
+	t.Parallel()
+	for _, tc := range testdata {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			c := &openapi.Config{}
+			err := yaml.Unmarshal([]byte(tc.data), c)
+			require.NoError(t, err)
+			err = c.Parse(&dynamic.Config{Data: c}, &dynamictest.Reader{})
+			require.NoError(t, err)
+			tc.test(t, c)
+		})
+	}
+}

providers/openapi/media_type.go

@@ -23,6 +23,11 @@ func (m *MediaType) parse(config *dynamic.Config, reader dynamic.Reader) error {
 	if m == nil {
 		return nil
 	}
+
+	scope := m.ContentType.String()
+	config.OpenScope(scope)
+	defer config.CloseScope()
+
 	if err := m.Schema.Parse(config, reader); err != nil {
 		return fmt.Errorf("parse schema failed: %s", err)
 	}

providers/openapi/parse_test.go

@@ -1,14 +1,15 @@
 package openapi_test
 
 import (
-	"github.com/stretchr/testify/require"
 	"mokapi/config/dynamic"
 	"mokapi/config/dynamic/dynamictest"
 	"mokapi/providers/openapi"
 	"mokapi/providers/openapi/openapitest"
 	"mokapi/providers/openapi/schema"
 	"mokapi/providers/openapi/schema/schematest"
 	"testing"
+
+	"github.com/stretchr/testify/require"
 )
 
 func Test_Parse(t *testing.T) {
@@ -132,18 +133,19 @@ func Test_ParseAndPatch(t *testing.T) {
 			t.Parallel()
 			var target *openapi.Config
 			for _, c := range tc.configs {
-				err := c.Parse(&dynamic.Config{
-					Info: dynamictest.NewConfigInfo(),
-					Data: c,
-				}, &dynamictest.Reader{})
-				require.NoError(t, err)
 				if target == nil {
 					target = c
 				} else {
 					target.Patch(c)
 				}
 			}
 
+			err := target.Parse(&dynamic.Config{
+				Info: dynamictest.NewConfigInfo(),
+				Data: target,
+			}, &dynamictest.Reader{})
+			require.NoError(t, err)
+
 			tc.test(t, target)
 		})
 	}

providers/openapi/schema/apply.go

@@ -55,16 +55,22 @@ func (s *Schema) apply(ref *Schema) {
 	}
 
 	if !s.isSet("items") {
-		s.Items = ref.Items
+		resolved := cloneSchema(ref.Items)
+		s.Items = resolved
 	}
 	if !s.isSet("prefixItems") {
-		s.PrefixItems = ref.PrefixItems
+		for _, pi := range ref.PrefixItems {
+			resolved := cloneSchema(pi)
+			s.PrefixItems = append(s.PrefixItems, resolved)
+		}
 	}
 	if !s.isSet("unevaluatedItems") {
-		s.UnevaluatedItems = ref.UnevaluatedItems
+		resolved := cloneSchema(ref.UnevaluatedItems)
+		s.UnevaluatedItems = resolved
 	}
 	if !s.isSet("contains") {
-		s.Contains = ref.Contains
+		resolved := cloneSchema(ref.Contains)
+		s.Contains = resolved
 	}
 	if !s.isSet("maxContains") {
 		s.MaxContains = ref.MaxContains
@@ -88,11 +94,19 @@ func (s *Schema) apply(ref *Schema) {
 		s.ShuffleItems = ref.ShuffleItems
 	}
 
-	if !s.isSet("properties") {
-		s.Properties = ref.Properties
+	if !s.isSet("properties") && ref.Properties != nil {
+		s.Properties = &Schemas{}
+		for it := ref.Properties.Iter(); it.Next(); {
+			resolved := cloneSchema(it.Value())
+			s.Properties.Set(it.Key(), resolved)
+		}
 	}
 	if !s.isSet("patternProperties") {
-		s.PatternProperties = ref.PatternProperties
+		s.PatternProperties = map[string]*Schema{}
+		for name, pi := range ref.PatternProperties {
+			resolved := cloneSchema(pi)
+			s.PatternProperties[name] = resolved
+		}
 	}
 	if !s.isSet("minProperties") {
 		s.MinProperties = ref.MinProperties
@@ -115,10 +129,12 @@ func (s *Schema) apply(ref *Schema) {
 		fmt.Print("")
 	}
 	if !s.isSet("unevaluatedProperties") {
-		s.UnevaluatedProperties = ref.UnevaluatedProperties
+		resolved := cloneSchema(ref.UnevaluatedProperties)
+		s.UnevaluatedProperties = resolved
 	}
 	if !s.isSet("propertyNames") {
-		s.PropertyNames = ref.PropertyNames
+		resolved := cloneSchema(ref.PropertyNames)
+		s.PropertyNames = resolved
 	}
 
 	if !s.isSet("anyOf") {
@@ -190,3 +206,11 @@ func (s *Schema) isEmpty() bool {
 func (s *Schema) isSet(name string) bool {
 	return s.m[name]
 }
+
+func cloneSchema(s *Schema) *Schema {
+	if s == nil {
+		return nil
+	}
+	c := *s
+	return &c
+}

providers/openapi/schema/patch.go

@@ -175,8 +175,6 @@ func (s *Schema) Patch(patch *Schema) {
 			}
 		}
 	}
-
-	s.cm.Notify(s)
 }
 
 func (x *Xml) patch(patch *Xml) {