1
1
mirror of https://github.com/go-gitea/gitea synced 2025-01-25 09:04:29 +00:00
6543 d1353e1f7c
Vendor Update (#14496)
* update code.gitea.io/sdk/gitea v0.13.1 -> v0.13.2

* update github.com/go-swagger/go-swagger v0.25.0 -> v0.26.0

* update github.com/google/uuid v1.1.2 -> v1.2.0

* update github.com/klauspost/compress v1.11.3 -> v1.11.7

* update github.com/lib/pq 083382b7e6fc -> v1.9.0

* update github.com/markbates/goth v1.65.0 -> v1.66.1

* update github.com/mattn/go-sqlite3 v1.14.4 -> v1.14.6

* update github.com/mgechev/revive 246eac737dc7 -> v1.0.3

* update github.com/minio/minio-go/v7 v7.0.6 -> v7.0.7

* update github.com/niklasfasching/go-org v1.3.2 -> v1.4.0

* update github.com/olivere/elastic/v7 v7.0.21 -> v7.0.22

* update github.com/pquerna/otp v1.2.0 -> v1.3.0

* update github.com/xanzy/go-gitlab v0.39.0 -> v0.42.0

* update github.com/yuin/goldmark v1.2.1 -> v1.3.1
2021-01-28 17:56:38 +01:00

325 lines
10 KiB
Go
Vendored

// Copyright 2015 go-swagger maintainers
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package validate
// TODO: define this as package validate/internal
// This must be done while keeping CI intact with all tests and test coverage
import (
"reflect"
"strconv"
"strings"
"github.com/go-openapi/errors"
"github.com/go-openapi/spec"
)
const (
swaggerBody = "body"
swaggerExample = "example"
swaggerExamples = "examples"
)
const (
objectType = "object"
arrayType = "array"
stringType = "string"
integerType = "integer"
numberType = "number"
booleanType = "boolean"
fileType = "file"
nullType = "null"
)
const (
jsonProperties = "properties"
jsonItems = "items"
jsonType = "type"
// jsonSchema = "schema"
jsonDefault = "default"
)
const (
stringFormatDate = "date"
stringFormatDateTime = "date-time"
stringFormatPassword = "password"
stringFormatByte = "byte"
// stringFormatBinary = "binary"
stringFormatCreditCard = "creditcard"
stringFormatDuration = "duration"
stringFormatEmail = "email"
stringFormatHexColor = "hexcolor"
stringFormatHostname = "hostname"
stringFormatIPv4 = "ipv4"
stringFormatIPv6 = "ipv6"
stringFormatISBN = "isbn"
stringFormatISBN10 = "isbn10"
stringFormatISBN13 = "isbn13"
stringFormatMAC = "mac"
stringFormatBSONObjectID = "bsonobjectid"
stringFormatRGBColor = "rgbcolor"
stringFormatSSN = "ssn"
stringFormatURI = "uri"
stringFormatUUID = "uuid"
stringFormatUUID3 = "uuid3"
stringFormatUUID4 = "uuid4"
stringFormatUUID5 = "uuid5"
integerFormatInt32 = "int32"
integerFormatInt64 = "int64"
integerFormatUInt32 = "uint32"
integerFormatUInt64 = "uint64"
numberFormatFloat32 = "float32"
numberFormatFloat64 = "float64"
numberFormatFloat = "float"
numberFormatDouble = "double"
)
// Helpers available at the package level
var (
pathHelp *pathHelper
valueHelp *valueHelper
errorHelp *errorHelper
paramHelp *paramHelper
responseHelp *responseHelper
)
type errorHelper struct {
// A collection of unexported helpers for error construction
}
func (h *errorHelper) sErr(err errors.Error) *Result {
// Builds a Result from standard errors.Error
return &Result{Errors: []error{err}}
}
func (h *errorHelper) addPointerError(res *Result, err error, ref string, fromPath string) *Result {
// Provides more context on error messages
// reported by the jsoinpointer package by altering the passed Result
if err != nil {
res.AddErrors(cannotResolveRefMsg(fromPath, ref, err))
}
return res
}
type pathHelper struct {
// A collection of unexported helpers for path validation
}
func (h *pathHelper) stripParametersInPath(path string) string {
// Returns a path stripped from all path parameters, with multiple or trailing slashes removed.
//
// Stripping is performed on a slash-separated basis, e.g '/a{/b}' remains a{/b} and not /a.
// - Trailing "/" make a difference, e.g. /a/ !~ /a (ex: canary/bitbucket.org/swagger.json)
// - presence or absence of a parameter makes a difference, e.g. /a/{log} !~ /a/ (ex: canary/kubernetes/swagger.json)
// Regexp to extract parameters from path, with surrounding {}.
// NOTE: important non-greedy modifier
rexParsePathParam := mustCompileRegexp(`{[^{}]+?}`)
strippedSegments := []string{}
for _, segment := range strings.Split(path, "/") {
strippedSegments = append(strippedSegments, rexParsePathParam.ReplaceAllString(segment, "X"))
}
return strings.Join(strippedSegments, "/")
}
func (h *pathHelper) extractPathParams(path string) (params []string) {
// Extracts all params from a path, with surrounding "{}"
rexParsePathParam := mustCompileRegexp(`{[^{}]+?}`)
for _, segment := range strings.Split(path, "/") {
for _, v := range rexParsePathParam.FindAllStringSubmatch(segment, -1) {
params = append(params, v...)
}
}
return
}
type valueHelper struct {
// A collection of unexported helpers for value validation
}
func (h *valueHelper) asInt64(val interface{}) int64 {
// Number conversion function for int64, without error checking
// (implements an implicit type upgrade).
v := reflect.ValueOf(val)
switch v.Kind() {
case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
return v.Int()
case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
return int64(v.Uint())
case reflect.Float32, reflect.Float64:
return int64(v.Float())
default:
// panic("Non numeric value in asInt64()")
return 0
}
}
func (h *valueHelper) asUint64(val interface{}) uint64 {
// Number conversion function for uint64, without error checking
// (implements an implicit type upgrade).
v := reflect.ValueOf(val)
switch v.Kind() {
case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
return uint64(v.Int())
case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
return v.Uint()
case reflect.Float32, reflect.Float64:
return uint64(v.Float())
default:
// panic("Non numeric value in asUint64()")
return 0
}
}
// Same for unsigned floats
func (h *valueHelper) asFloat64(val interface{}) float64 {
// Number conversion function for float64, without error checking
// (implements an implicit type upgrade).
v := reflect.ValueOf(val)
switch v.Kind() {
case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
return float64(v.Int())
case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
return float64(v.Uint())
case reflect.Float32, reflect.Float64:
return v.Float()
default:
// panic("Non numeric value in asFloat64()")
return 0
}
}
type paramHelper struct {
// A collection of unexported helpers for parameters resolution
}
func (h *paramHelper) safeExpandedParamsFor(path, method, operationID string, res *Result, s *SpecValidator) (params []spec.Parameter) {
operation, ok := s.analyzer.OperationFor(method, path)
if ok {
// expand parameters first if necessary
resolvedParams := []spec.Parameter{}
for _, ppr := range operation.Parameters {
resolvedParam, red := h.resolveParam(path, method, operationID, &ppr, s) //#nosec
res.Merge(red)
if resolvedParam != nil {
resolvedParams = append(resolvedParams, *resolvedParam)
}
}
// remove params with invalid expansion from Slice
operation.Parameters = resolvedParams
for _, ppr := range s.analyzer.SafeParamsFor(method, path,
func(p spec.Parameter, err error) bool {
// since params have already been expanded, there are few causes for error
res.AddErrors(someParametersBrokenMsg(path, method, operationID))
// original error from analyzer
res.AddErrors(err)
return true
}) {
params = append(params, ppr)
}
}
return
}
func (h *paramHelper) resolveParam(path, method, operationID string, param *spec.Parameter, s *SpecValidator) (*spec.Parameter, *Result) {
// Ensure parameter is expanded
var err error
res := new(Result)
isRef := param.Ref.String() != ""
if s.spec.SpecFilePath() == "" {
err = spec.ExpandParameterWithRoot(param, s.spec.Spec(), nil)
} else {
err = spec.ExpandParameter(param, s.spec.SpecFilePath())
}
if err != nil { // Safeguard
// NOTE: we may enter enter here when the whole parameter is an unresolved $ref
refPath := strings.Join([]string{"\"" + path + "\"", method}, ".")
errorHelp.addPointerError(res, err, param.Ref.String(), refPath)
return nil, res
}
res.Merge(h.checkExpandedParam(param, param.Name, param.In, operationID, isRef))
return param, res
}
func (h *paramHelper) checkExpandedParam(pr *spec.Parameter, path, in, operation string, isRef bool) *Result {
// Secure parameter structure after $ref resolution
res := new(Result)
simpleZero := spec.SimpleSchema{}
// Try to explain why... best guess
switch {
case pr.In == swaggerBody && (pr.SimpleSchema != simpleZero && pr.SimpleSchema.Type != objectType):
if isRef {
// Most likely, a $ref with a sibling is an unwanted situation: in itself this is a warning...
// but we detect it because of the following error:
// schema took over Parameter for an unexplained reason
res.AddWarnings(refShouldNotHaveSiblingsMsg(path, operation))
}
res.AddErrors(invalidParameterDefinitionMsg(path, in, operation))
case pr.In != swaggerBody && pr.Schema != nil:
if isRef {
res.AddWarnings(refShouldNotHaveSiblingsMsg(path, operation))
}
res.AddErrors(invalidParameterDefinitionAsSchemaMsg(path, in, operation))
case (pr.In == swaggerBody && pr.Schema == nil) || (pr.In != swaggerBody && pr.SimpleSchema == simpleZero):
// Other unexpected mishaps
res.AddErrors(invalidParameterDefinitionMsg(path, in, operation))
}
return res
}
type responseHelper struct {
// A collection of unexported helpers for response resolution
}
func (r *responseHelper) expandResponseRef(
response *spec.Response,
path string, s *SpecValidator) (*spec.Response, *Result) {
// Ensure response is expanded
var err error
res := new(Result)
if s.spec.SpecFilePath() == "" {
// there is no physical document to resolve $ref in response
err = spec.ExpandResponseWithRoot(response, s.spec.Spec(), nil)
} else {
err = spec.ExpandResponse(response, s.spec.SpecFilePath())
}
if err != nil { // Safeguard
// NOTE: we may enter here when the whole response is an unresolved $ref.
errorHelp.addPointerError(res, err, response.Ref.String(), path)
return nil, res
}
return response, res
}
func (r *responseHelper) responseMsgVariants(
responseType string,
responseCode int) (responseName, responseCodeAsStr string) {
// Path variants for messages
if responseType == jsonDefault {
responseCodeAsStr = jsonDefault
responseName = "default response"
} else {
responseCodeAsStr = strconv.Itoa(responseCode)
responseName = "response " + responseCodeAsStr
}
return
}