You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I discovered a user trying to describe a property called $ref in a schema, for example:
type: objectproperties:
$ref:
type: string
This is failing as we're trying to dereference the $ref found in the property, after some digging I discovered that $ref should only be dereferenced in cases where a schema is expected thus since properties is not expected to be a schema, $ref here should not be dereferenced.
Limited use of "$ref" to wherever a schema is expected
Swagger 2 specification does allow $ref to be in more places, they don't clarify completely in the spec but it would seem that the JSON Schema rule is used, and there are additional places in the spec where 'Reference Object' is permitted, for example a 'Parameter Object' a default value, etc.
I have noticed that some of our users are using $ref in their example values which does not appear to support 'Reference Object', it is not a schema and it is not explicitly mentioned in the OpenAPI 2 specification that a 'Reference Object' may be placed in a example property of a 'Schema Object', the example property contains Any with description 'A free-form property to include an example of an instance for this schema.'.
Currently the value in #/definitions/User/example/name would be incorrectly dereferenced and I believe some customers are depending on this behaviour. Due to this implementation, it means if you try to use $ref as a property name in either a schema example or schema properties the parser will incorrectly attempt to dereference it (or crash if it is not valid) thus preventing users from using $ref as a property name.
The users that are using $ref inside an example may have been trying to work around some of our prior limitations that example in a nested structure wouldn't be used for JSON body generation or data structure generation. As of https://github.com/apiaryio/fury-adapter-swagger/releases/tag/v0.22.3 this should no longer be necessary.
The text was updated successfully, but these errors were encountered:
kylef
transferred this issue from apiaryio/fury-adapter-swagger
Apr 24, 2019
I discovered a user trying to describe a property called
$refin a schema, for example:This is failing as we're trying to dereference the
$reffound in the property, after some digging I discovered that$refshould only be dereferenced in cases where a schema is expected thus sincepropertiesis not expected to be a schema,$refhere should not be dereferenced.From draft-wright-json-schema-00:
Swagger 2 specification does allow
$refto be in more places, they don't clarify completely in the spec but it would seem that the JSON Schema rule is used, and there are additional places in the spec where 'Reference Object' is permitted, for example a 'Parameter Object' a default value, etc.I have noticed that some of our users are using
$refin their example values which does not appear to support 'Reference Object', it is not a schema and it is not explicitly mentioned in the OpenAPI 2 specification that a 'Reference Object' may be placed in aexampleproperty of a 'Schema Object', theexampleproperty containsAnywith description 'A free-form property to include an example of an instance for this schema.'.This means that the following:
Should be dereferenced as:
Currently the value in
#/definitions/User/example/namewould be incorrectly dereferenced and I believe some customers are depending on this behaviour. Due to this implementation, it means if you try to use$refas a property name in either a schema example or schema properties the parser will incorrectly attempt to dereference it (or crash if it is not valid) thus preventing users from using$refas a property name.The users that are using
$refinside an example may have been trying to work around some of our prior limitations thatexamplein a nested structure wouldn't be used for JSON body generation or data structure generation. As of https://github.com/apiaryio/fury-adapter-swagger/releases/tag/v0.22.3 this should no longer be necessary.The text was updated successfully, but these errors were encountered: