Skip to content

Commit

Permalink
Fix for CVE-2022-28948 (#552)
Browse files Browse the repository at this point in the history
* CI: check-goimports

Signed-off-by: Pierre Fenoll <pierrefenoll@gmail.com>

* reorder imports per new CI check

Signed-off-by: Pierre Fenoll <pierrefenoll@gmail.com>

* switch from github.com/ghodss/yaml to github.com/invopop/yaml

Signed-off-by: Pierre Fenoll <pierrefenoll@gmail.com>

* remove all direct dependencies on gopkg.in/yaml.v2

Signed-off-by: Pierre Fenoll <pierrefenoll@gmail.com>

* upgrade gopkg.in/yaml.v2 to latest published tag

Signed-off-by: Pierre Fenoll <pierrefenoll@gmail.com>

* upgrade gopkg.in/yaml.v3 to latest published tag

Signed-off-by: Pierre Fenoll <pierrefenoll@gmail.com>
  • Loading branch information
fenollp authored May 31, 2022
1 parent 221a292 commit 39add0a
Show file tree
Hide file tree
Showing 36 changed files with 88 additions and 42 deletions.
12 changes: 12 additions & 0 deletions .github/workflows/go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -142,3 +142,15 @@ jobs:
T
Tag
XML
check-goimports:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v3
with:
go-version: '>=1.17.0'
- run: go install github.com/incu6us/goimports-reviser/v2@v2.5.1
- run: which goimports-reviser
- run: find . -type f -iname '*.go' ! -iname '*.pb.go' -exec goimports-reviser -file-path {} \;
- run: git --no-pager diff --exit-code
5 changes: 3 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@ module github.com/getkin/kin-openapi
go 1.16

require (
github.com/ghodss/yaml v1.0.0
github.com/go-openapi/jsonpointer v0.19.5
github.com/gorilla/mux v1.8.0
github.com/invopop/yaml v0.1.0
github.com/stretchr/testify v1.5.1
gopkg.in/yaml.v2 v2.3.0
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1
)
11 changes: 7 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tFY=
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
github.com/invopop/yaml v0.1.0 h1:YW3WGUoJEXYfzWBjn00zIlrw7brGVD0fUKRYDPAPhrc=
github.com/invopop/yaml v0.1.0/go.mod h1:2XuRLgs/ouIrW3XNzuNj7J3Nvu/Dig5MXvbCEdiBN3Q=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
Expand All @@ -27,5 +27,8 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
3 changes: 2 additions & 1 deletion openapi2/openapi2_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@ import (
"io/ioutil"
"reflect"

"github.com/invopop/yaml"

"github.com/getkin/kin-openapi/openapi2"
"github.com/ghodss/yaml"
)

func Example() {
Expand Down
7 changes: 4 additions & 3 deletions openapi2conv/issue187_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,11 @@ import (
"encoding/json"
"testing"

"github.com/invopop/yaml"
"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/openapi2"
"github.com/getkin/kin-openapi/openapi3"
"github.com/ghodss/yaml"
"github.com/stretchr/testify/require"
)

func v2v3JSON(spec2 []byte) (doc3 *openapi3.T, err error) {
Expand Down Expand Up @@ -162,7 +163,7 @@ paths:
"200":
description: description
`
require.Equal(t, string(spec3), expected)
require.YAMLEq(t, string(spec3), expected)

err = doc3.Validate(context.Background())
require.NoError(t, err)
Expand Down
3 changes: 2 additions & 1 deletion openapi2conv/issue440_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,10 @@ import (
"os"
"testing"

"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/openapi2"
"github.com/getkin/kin-openapi/openapi3"
"github.com/stretchr/testify/require"
)

func TestIssue440(t *testing.T) {
Expand Down
3 changes: 2 additions & 1 deletion openapi3/example.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@ import (
"context"
"fmt"

"github.com/getkin/kin-openapi/jsoninfo"
"github.com/go-openapi/jsonpointer"

"github.com/getkin/kin-openapi/jsoninfo"
)

type Examples map[string]*ExampleRef
Expand Down
3 changes: 2 additions & 1 deletion openapi3/extension_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ import (
"fmt"
"testing"

"github.com/getkin/kin-openapi/jsoninfo"
"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/jsoninfo"
)

func ExampleExtensionProps_DecodeWith() {
Expand Down
3 changes: 2 additions & 1 deletion openapi3/header.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ import (
"errors"
"fmt"

"github.com/getkin/kin-openapi/jsoninfo"
"github.com/go-openapi/jsonpointer"

"github.com/getkin/kin-openapi/jsoninfo"
)

type Headers map[string]*HeaderRef
Expand Down
3 changes: 2 additions & 1 deletion openapi3/link.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ import (
"errors"
"fmt"

"github.com/getkin/kin-openapi/jsoninfo"
"github.com/go-openapi/jsonpointer"

"github.com/getkin/kin-openapi/jsoninfo"
)

type Links map[string]*LinkRef
Expand Down
2 changes: 1 addition & 1 deletion openapi3/loader.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import (
"strconv"
"strings"

"github.com/ghodss/yaml"
"github.com/invopop/yaml"
)

func foundUnresolvedRef(ref string) error {
Expand Down
3 changes: 2 additions & 1 deletion openapi3/media_type.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,9 @@ package openapi3
import (
"context"

"github.com/getkin/kin-openapi/jsoninfo"
"github.com/go-openapi/jsonpointer"

"github.com/getkin/kin-openapi/jsoninfo"
)

// MediaType is specified by OpenAPI/Swagger 3.0 standard.
Expand Down
2 changes: 1 addition & 1 deletion openapi3/openapi3_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (
"strings"
"testing"

"github.com/ghodss/yaml"
"github.com/invopop/yaml"
"github.com/stretchr/testify/require"
)

Expand Down
3 changes: 2 additions & 1 deletion openapi3/operation.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@ import (
"fmt"
"strconv"

"github.com/getkin/kin-openapi/jsoninfo"
"github.com/go-openapi/jsonpointer"

"github.com/getkin/kin-openapi/jsoninfo"
)

// Operation represents "operation" specified by" OpenAPI/Swagger 3.0 standard.
Expand Down
3 changes: 2 additions & 1 deletion openapi3/parameter.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@ import (
"fmt"
"strconv"

"github.com/getkin/kin-openapi/jsoninfo"
"github.com/go-openapi/jsonpointer"

"github.com/getkin/kin-openapi/jsoninfo"
)

type ParametersMap map[string]*ParameterRef
Expand Down
3 changes: 2 additions & 1 deletion openapi3/race_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@ import (
"context"
"testing"

"github.com/getkin/kin-openapi/openapi3"
"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/openapi3"
)

func TestRaceyPatternSchema(t *testing.T) {
Expand Down
3 changes: 2 additions & 1 deletion openapi3/refs.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,9 @@ package openapi3
import (
"context"

"github.com/getkin/kin-openapi/jsoninfo"
"github.com/go-openapi/jsonpointer"

"github.com/getkin/kin-openapi/jsoninfo"
)

// Ref is specified by OpenAPI/Swagger 3.0 standard.
Expand Down
3 changes: 2 additions & 1 deletion openapi3/request_body.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ import (
"errors"
"fmt"

"github.com/getkin/kin-openapi/jsoninfo"
"github.com/go-openapi/jsonpointer"

"github.com/getkin/kin-openapi/jsoninfo"
)

type RequestBodies map[string]*RequestBodyRef
Expand Down
3 changes: 2 additions & 1 deletion openapi3/response.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@ import (
"fmt"
"strconv"

"github.com/getkin/kin-openapi/jsoninfo"
"github.com/go-openapi/jsonpointer"

"github.com/getkin/kin-openapi/jsoninfo"
)

// Responses is specified by OpenAPI/Swagger 3.0 standard.
Expand Down
3 changes: 2 additions & 1 deletion openapi3/schema.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,9 @@ import (
"strconv"
"unicode/utf16"

"github.com/getkin/kin-openapi/jsoninfo"
"github.com/go-openapi/jsonpointer"

"github.com/getkin/kin-openapi/jsoninfo"
)

const (
Expand Down
3 changes: 2 additions & 1 deletion openapi3/security_scheme.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ import (
"errors"
"fmt"

"github.com/getkin/kin-openapi/jsoninfo"
"github.com/go-openapi/jsonpointer"

"github.com/getkin/kin-openapi/jsoninfo"
)

type SecuritySchemes map[string]*SecuritySchemeRef
Expand Down
3 changes: 2 additions & 1 deletion openapi3/unique_items_checker_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@ import (
"strings"
"testing"

"github.com/getkin/kin-openapi/openapi3"
"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/openapi3"
)

func TestRegisterArrayUniqueItemsChecker(t *testing.T) {
Expand Down
2 changes: 1 addition & 1 deletion openapi3filter/req_resp_decoder.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import (
"strconv"
"strings"

"gopkg.in/yaml.v2"
"gopkg.in/yaml.v3"

"github.com/getkin/kin-openapi/openapi3"
)
Expand Down
3 changes: 2 additions & 1 deletion openapi3filter/req_resp_decoder_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,10 @@ import (
"strings"
"testing"

"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/openapi3"
legacyrouter "github.com/getkin/kin-openapi/routers/legacy"
"github.com/stretchr/testify/require"
)

func TestDecodeParameter(t *testing.T) {
Expand Down
3 changes: 2 additions & 1 deletion openapi3filter/validate_readonly_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,10 @@ import (
"net/http"
"testing"

"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/openapi3"
legacyrouter "github.com/getkin/kin-openapi/routers/legacy"
"github.com/stretchr/testify/require"
)

func TestValidatingRequestBodyWithReadOnlyProperty(t *testing.T) {
Expand Down
5 changes: 3 additions & 2 deletions openapi3filter/validate_request_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,12 @@ import (
"net/http"
"testing"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/openapi3"
"github.com/getkin/kin-openapi/routers"
"github.com/getkin/kin-openapi/routers/gorillamux"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)

func setupTestRouter(t *testing.T, spec string) routers.Router {
Expand Down
3 changes: 2 additions & 1 deletion openapi3filter/validate_set_default_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,10 @@ import (
"net/url"
"testing"

"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/openapi3"
legacyrouter "github.com/getkin/kin-openapi/routers/legacy"
"github.com/stretchr/testify/require"
)

func TestValidatingRequestParameterAndSetDefault(t *testing.T) {
Expand Down
3 changes: 2 additions & 1 deletion openapi3filter/validation_discriminator_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,10 @@ import (
"net/http"
"testing"

"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/openapi3"
legacyrouter "github.com/getkin/kin-openapi/routers/legacy"
"github.com/stretchr/testify/require"
)

func TestValidationWithDiscriminatorSelection(t *testing.T) {
Expand Down
3 changes: 2 additions & 1 deletion openapi3filter/validation_error_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,10 @@ import (
"net/http/httptest"
"testing"

"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/openapi3"
"github.com/getkin/kin-openapi/routers"
"github.com/stretchr/testify/require"
)

func newPetstoreRequest(t *testing.T, method, path string, body io.Reader) *http.Request {
Expand Down
3 changes: 2 additions & 1 deletion openapi3filter/validation_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,10 @@ import (
"strings"
"testing"

"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/openapi3"
legacyrouter "github.com/getkin/kin-openapi/routers/legacy"
"github.com/stretchr/testify/require"
)

type ExampleRequest struct {
Expand Down
3 changes: 2 additions & 1 deletion openapi3gen/openapi3gen_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,10 @@ import (
"testing"
"time"

"github.com/stretchr/testify/require"

"github.com/getkin/kin-openapi/openapi3"
"github.com/getkin/kin-openapi/openapi3gen"
"github.com/stretchr/testify/require"
)

func ExampleGenerator_SchemaRefs() {
Expand Down
3 changes: 2 additions & 1 deletion routers/gorillamux/router.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,10 @@ import (
"sort"
"strings"

"github.com/gorilla/mux"

"github.com/getkin/kin-openapi/openapi3"
"github.com/getkin/kin-openapi/routers"
"github.com/gorilla/mux"
)

var _ routers.Router = &Router{}
Expand Down
Loading

0 comments on commit 39add0a

Please sign in to comment.