podman
281 строка · 9.4 Кб
1// Copyright 2015 go-swagger maintainers2//3// Licensed under the Apache License, Version 2.0 (the "License");4// you may not use this file except in compliance with the License.5// You may obtain a copy of the License at6//7// http://www.apache.org/licenses/LICENSE-2.08//9// Unless required by applicable law or agreed to in writing, software10// distributed under the License is distributed on an "AS IS" BASIS,11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.12// See the License for the specific language governing permissions and13// limitations under the License.14package validate16import (18"fmt"19"strings"20"github.com/go-openapi/spec"22)23// defaultValidator validates default values in a spec.25// According to Swagger spec, default values MUST validate their schema.26type defaultValidator struct {27SpecValidator *SpecValidator28visitedSchemas map[string]bool29}30// resetVisited resets the internal state of visited schemas32func (d *defaultValidator) resetVisited() {33d.visitedSchemas = map[string]bool{}34}35func isVisited(path string, visitedSchemas map[string]bool) bool {37found := visitedSchemas[path]38if !found {39// search for overlapping paths40frags := strings.Split(path, ".")41if len(frags) < 2 {42// shortcut exit on smaller paths43return found44}45last := len(frags) - 146var currentFragStr, parent string47for i := range frags {48if i == 0 {49currentFragStr = frags[last]50} else {51currentFragStr = strings.Join([]string{frags[last-i], currentFragStr}, ".")52}53if i < last {54parent = strings.Join(frags[0:last-i], ".")55} else {56parent = ""57}58if strings.HasSuffix(parent, currentFragStr) {59found = true60break61}62}63}64return found65}66// beingVisited asserts a schema is being visited68func (d *defaultValidator) beingVisited(path string) {69d.visitedSchemas[path] = true70}71// isVisited tells if a path has already been visited73func (d *defaultValidator) isVisited(path string) bool {74return isVisited(path, d.visitedSchemas)75}76// Validate validates the default values declared in the swagger spec78func (d *defaultValidator) Validate() (errs *Result) {79errs = new(Result)80if d == nil || d.SpecValidator == nil {81return errs82}83d.resetVisited()84errs.Merge(d.validateDefaultValueValidAgainstSchema()) // error -85return errs86}87func (d *defaultValidator) validateDefaultValueValidAgainstSchema() *Result {89// every default value that is specified must validate against the schema for that property90// headers, items, parameters, schema91res := new(Result)93s := d.SpecValidator94for method, pathItem := range s.expandedAnalyzer().Operations() {96for path, op := range pathItem {97// parameters98for _, param := range paramHelp.safeExpandedParamsFor(path, method, op.ID, res, s) {99if param.Default != nil && param.Required {100res.AddWarnings(requiredHasDefaultMsg(param.Name, param.In))101}102// reset explored schemas to get depth-first recursive-proof exploration104d.resetVisited()105// Check simple parameters first107// default values provided must validate against their inline definition (no explicit schema)108if param.Default != nil && param.Schema == nil {109// check param default value is valid110red := NewParamValidator(¶m, s.KnownFormats).Validate(param.Default) //#nosec111if red.HasErrorsOrWarnings() {112res.AddErrors(defaultValueDoesNotValidateMsg(param.Name, param.In))113res.Merge(red)114}115}116// Recursively follows Items and Schemas118if param.Items != nil {119red := d.validateDefaultValueItemsAgainstSchema(param.Name, param.In, ¶m, param.Items) //#nosec120if red.HasErrorsOrWarnings() {121res.AddErrors(defaultValueItemsDoesNotValidateMsg(param.Name, param.In))122res.Merge(red)123}124}125if param.Schema != nil {127// Validate default value against schema128red := d.validateDefaultValueSchemaAgainstSchema(param.Name, param.In, param.Schema)129if red.HasErrorsOrWarnings() {130res.AddErrors(defaultValueDoesNotValidateMsg(param.Name, param.In))131res.Merge(red)132}133}134}135if op.Responses != nil {137if op.Responses.Default != nil {138// Same constraint on default Response139res.Merge(d.validateDefaultInResponse(op.Responses.Default, jsonDefault, path, 0, op.ID))140}141// Same constraint on regular Responses142if op.Responses.StatusCodeResponses != nil { // Safeguard143for code, r := range op.Responses.StatusCodeResponses {144res.Merge(d.validateDefaultInResponse(&r, "response", path, code, op.ID)) //#nosec145}146}147} else if op.ID != "" {148// Empty op.ID means there is no meaningful operation: no need to report a specific message149res.AddErrors(noValidResponseMsg(op.ID))150}151}152}153if s.spec.Spec().Definitions != nil { // Safeguard154// reset explored schemas to get depth-first recursive-proof exploration155d.resetVisited()156for nm, sch := range s.spec.Spec().Definitions {157res.Merge(d.validateDefaultValueSchemaAgainstSchema(fmt.Sprintf("definitions.%s", nm), "body", &sch)) //#nosec158}159}160return res161}162func (d *defaultValidator) validateDefaultInResponse(resp *spec.Response, responseType, path string, responseCode int, operationID string) *Result {164s := d.SpecValidator165response, res := responseHelp.expandResponseRef(resp, path, s)167if !res.IsValid() {168return res169}170responseName, responseCodeAsStr := responseHelp.responseMsgVariants(responseType, responseCode)172// nolint: dupl174if response.Headers != nil { // Safeguard175for nm, h := range response.Headers {176// reset explored schemas to get depth-first recursive-proof exploration177d.resetVisited()178if h.Default != nil {180red := NewHeaderValidator(nm, &h, s.KnownFormats).Validate(h.Default) //#nosec181if red.HasErrorsOrWarnings() {182res.AddErrors(defaultValueHeaderDoesNotValidateMsg(operationID, nm, responseName))183res.Merge(red)184}185}186// Headers have inline definition, like params188if h.Items != nil {189red := d.validateDefaultValueItemsAgainstSchema(nm, "header", &h, h.Items) //#nosec190if red.HasErrorsOrWarnings() {191res.AddErrors(defaultValueHeaderItemsDoesNotValidateMsg(operationID, nm, responseName))192res.Merge(red)193}194}195if _, err := compileRegexp(h.Pattern); err != nil {197res.AddErrors(invalidPatternInHeaderMsg(operationID, nm, responseName, h.Pattern, err))198}199// Headers don't have schema201}202}203if response.Schema != nil {204// reset explored schemas to get depth-first recursive-proof exploration205d.resetVisited()206red := d.validateDefaultValueSchemaAgainstSchema(responseCodeAsStr, "response", response.Schema)208if red.HasErrorsOrWarnings() {209// Additional message to make sure the context of the error is not lost210res.AddErrors(defaultValueInDoesNotValidateMsg(operationID, responseName))211res.Merge(red)212}213}214return res215}216func (d *defaultValidator) validateDefaultValueSchemaAgainstSchema(path, in string, schema *spec.Schema) *Result {218if schema == nil || d.isVisited(path) {219// Avoids recursing if we are already done with that check220return nil221}222d.beingVisited(path)223res := new(Result)224s := d.SpecValidator225if schema.Default != nil {227res.Merge(NewSchemaValidator(schema, s.spec.Spec(), path+".default", s.KnownFormats, SwaggerSchema(true)).Validate(schema.Default))228}229if schema.Items != nil {230if schema.Items.Schema != nil {231res.Merge(d.validateDefaultValueSchemaAgainstSchema(path+".items.default", in, schema.Items.Schema))232}233// Multiple schemas in items234if schema.Items.Schemas != nil { // Safeguard235for i, sch := range schema.Items.Schemas {236res.Merge(d.validateDefaultValueSchemaAgainstSchema(fmt.Sprintf("%s.items[%d].default", path, i), in, &sch)) //#nosec237}238}239}240if _, err := compileRegexp(schema.Pattern); err != nil {241res.AddErrors(invalidPatternInMsg(path, in, schema.Pattern))242}243if schema.AdditionalItems != nil && schema.AdditionalItems.Schema != nil {244// NOTE: we keep validating values, even though additionalItems is not supported by Swagger 2.0 (and 3.0 as well)245res.Merge(d.validateDefaultValueSchemaAgainstSchema(fmt.Sprintf("%s.additionalItems", path), in, schema.AdditionalItems.Schema))246}247for propName, prop := range schema.Properties {248res.Merge(d.validateDefaultValueSchemaAgainstSchema(path+"."+propName, in, &prop)) //#nosec249}250for propName, prop := range schema.PatternProperties {251res.Merge(d.validateDefaultValueSchemaAgainstSchema(path+"."+propName, in, &prop)) //#nosec252}253if schema.AdditionalProperties != nil && schema.AdditionalProperties.Schema != nil {254res.Merge(d.validateDefaultValueSchemaAgainstSchema(fmt.Sprintf("%s.additionalProperties", path), in, schema.AdditionalProperties.Schema))255}256if schema.AllOf != nil {257for i, aoSch := range schema.AllOf {258res.Merge(d.validateDefaultValueSchemaAgainstSchema(fmt.Sprintf("%s.allOf[%d]", path, i), in, &aoSch)) //#nosec259}260}261return res262}263// TODO: Temporary duplicated code. Need to refactor with examples265// nolint: dupl266func (d *defaultValidator) validateDefaultValueItemsAgainstSchema(path, in string, root interface{}, items *spec.Items) *Result {267res := new(Result)268s := d.SpecValidator269if items != nil {270if items.Default != nil {271res.Merge(newItemsValidator(path, in, items, root, s.KnownFormats).Validate(0, items.Default))272}273if items.Items != nil {274res.Merge(d.validateDefaultValueItemsAgainstSchema(path+"[0].default", in, root, items.Items))275}276if _, err := compileRegexp(items.Pattern); err != nil {277res.AddErrors(invalidPatternInMsg(path, in, items.Pattern))278}279}280return res281}282