Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

improper validation of x-www-form-urlencoded with arbitrary nested allOf #1045

Closed
mikhailovavexmocom opened this issue Dec 23, 2024 · 0 comments · Fixed by #1046
Closed

improper validation of x-www-form-urlencoded with arbitrary nested allOf #1045

mikhailovavexmocom opened this issue Dec 23, 2024 · 0 comments · Fixed by #1046

Comments

@mikhailovavexmocom
Copy link
Contributor

in case of json, there're ways to describe and validate complex structures;
with form-data the same can be achieved - however, currently there's need of properties duplication;
give kin dry spec - it fails

example:

openapi: 3.0.3
info:
  version: 1.0.0
  title: sample api
  description: api service paths to test the issue
paths:
  /api/path:
    post:
      summary: path
      tags:
        - api
      requestBody:
        required: true
        content:
          application/json:
            schema: { $ref: '#/components/schemas/PathRequest' }
          application/x-www-form-urlencoded:
            schema: { $ref: '#/components/schemas/PathRequest' }
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema: { $ref: '#/components/schemas/PathResponse' }
components:
  schemas:
    Msg_Opt:
      properties:
        msg: { type: string }
    Msg:
      allOf:
        - $ref: '#/components/schemas/Msg_Opt'
        - required: [ msg ]
    Name:
      properties:
        name: { type: string }
      required: [ name ]
    Id:
      properties:
        id:
          type: string
          format: uint64
      required: [ id ]
    PathRequest:
      type: object
      allOf:
        - $ref: '#/components/schemas/Msg'
        - $ref: '#/components/schemas/Name'
    PathResponse:
      type: object
      allOf:
        - $ref: '#/components/schemas/PathRequest'
        - $ref: '#/components/schemas/Id'

which fails on msg=message&name=some+name
mikhalytch pushed a commit to mikhalytch/kin-openapi that referenced this issue Dec 23, 2024
@mikhailovavexmocom
improper validation of x-www-form-urlencoded with arbitrary nested a…
f04b5e8 
…llOf (getkin#1045)
@mikhalytch mikhalytch mentioned this issue Dec 23, 2024
Merged
fenollp pushed a commit that referenced this issue Dec 24, 2024
@mikhalytch @mikhailovavexmocom
openapi3filter: validation of x-www-form-urlencoded with arbitrary …
f476f7b 
…nested allOf (#1046)

* improper validation of x-www-form-urlencoded with arbitrary nested allOf (#1045)

* extend test cases

---------

Co-authored-by: Aleksey Mikhaylov <mikhailov.av@exmo.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@mikhailovavexmocom