def _sanitize_operation_id(operation_id, http_method, path_name):
sanitized_operation_id = sanitize_name(operation_id or '')
# Handle crazy corner cases where someone explicitly sets operation
# id a value that gets sanitized down to an empty string or an underscore
if sanitized_operation_id in {'', '_'}:
# build based on the http method and request path
sanitized_operation_id = sanitize_name(http_method + '_' + path_name)
# Handle super crazy corner case where even ``http_method + '_' + path_name``
# gets sanitized down to just an underscore (the empty string is just there for good measure)
if sanitized_operation_id in {'', '_'}:
# This case is theoretically possible only in case http_method and path_name are
# sanitized down to empty string. According to the specs valid values of
# http_method will not allow this case.
raise ValueError(
'_sanitize_operation_id produced an empty operation id starting from '
'operation_id={operation_id}, http_method={http_method} and path_name={path_name}'
.format(
operation_id=operation_id,
http_method=http_method,
path_name=path_name,
), )
return sanitized_operation_id
def build_params(op):
"""Builds up the list of this operation's parameters taking into account
parameters that may be available for this operation's path component.
:type op: :class:`bravado_core.operation.Operation`
:returns: dict where (k,v) is (param_name, Param)
"""
swagger_spec = op.swagger_spec
deref = swagger_spec.deref
op_spec = deref(op.op_spec)
op_params_spec = deref(op_spec.get('parameters', []))
spec_dict = deref(swagger_spec._internal_spec_dict)
paths_spec = deref(spec_dict.get('paths', {}))
path_spec = deref(paths_spec.get(op.path_name))
path_params_spec = deref(path_spec.get('parameters', []))
# Order of addition is *important* here. Since op_params are last in the
# list, they will replace any previously defined path_params with the
# same name when the final params dict is constructed in the loop below.
params_spec = path_params_spec + op_params_spec
params = AliasKeyDict()
for param_spec in params_spec:
param = Param(swagger_spec, op, deref(param_spec))
sanitized_name = sanitize_name(param.name)
params[sanitized_name] = param
params.add_alias(param.name, sanitized_name)
# Security parameters cannot override and been overridden by operation or path objects
new_params = {}
new_param_aliases = {}
for parameter in op.security_parameters:
param_name = sanitize_name(parameter.name)
if param_name in params:
raise SwaggerSchemaError(
"'{0}' security parameter is overriding a parameter defined in operation or path object".format(
parameter.name,
)
)
else:
# not directly in params because different security requirements could share parameters
new_params[param_name] = parameter
new_param_aliases[parameter.name] = param_name
params.update(new_params)
for alias, name in iteritems(new_param_aliases):
params.add_alias(alias, name)
return params
def build_resources(swagger_spec):
# type: (Spec) -> AliasKeyDict
"""Transforms the REST resources in the json-like swagger_spec into rich
:Resource: objects that have associated :Operation:s.
:type swagger_spec: :class:`bravado_core.spec.Spec`
:returns: dict where (key,value) = (resource name, Resource)
"""
# Map operations to resources using operation tags if available.
# - If an operation has multiple tags, it will be associated with multiple
# resources!
# - If an operation has no tags, its resource name will be derived from its
# path
# key = tag_name value = { operation_id : Operation }
tag_to_ops = defaultdict(
dict
) # type: typing.DefaultDict[typing.Text, typing.Dict[typing.Text, Operation]]
deref = swagger_spec.deref
spec_dict = deref(swagger_spec._internal_spec_dict)
paths_spec = deref(spec_dict.get('paths', {}))
for path_name, path_spec in iteritems(paths_spec):
path_spec = deref(path_spec)
for http_method, op_spec in iteritems(path_spec):
op_spec = deref(op_spec)
# vendor extensions and parameters that are shared across all
# operations for a given path are also defined at this level - we
# just need to skip over them.
if http_method.startswith('x-') or http_method == 'parameters':
continue
op = Operation.from_spec(
swagger_spec,
path_name,
http_method,
op_spec,
)
tags = deref(op_spec.get('tags', []))
if not tags:
tags.append(convert_path_to_resource(path_name))
for tag in tags:
tag_to_ops[deref(tag)][op.operation_id] = op
resources = AliasKeyDict()
for tag, ops in iteritems(tag_to_ops):
sanitized_tag = sanitize_name(tag)
resources[sanitized_tag] = Resource(sanitized_tag, ops)
resources.add_alias(tag, sanitized_tag)
return resources
def test_sanitize_name(input, expected):
assert sanitize_name(input) == expected
def build_params_monkey_patch(op):
"""
This is the monkey-patched version of build_params [0] for w3af.
While parsing some open API specifications we found this error:
The document at "http://moth/swagger.yaml" is not a valid Open API specification.
The following exception was raised while parsing the dict into a specification object:
"'Authorization' security parameter is overriding a parameter defined in operation
or path object"
And identified that the root cause for this "issue" was in this method.
The problem was that we really needed to parse that specification, and we
did not care that much about the restriction imposed by bravado-core.
[0] https://github.com/Yelp/bravado-core/blob/1272d21b80800ad98d3f32c3aaa090e277466f69/bravado_core/operation.py#L153
The following is the documentation for the original function:
Builds up the list of this operation's parameters taking into account
parameters that may be available for this operation's path component.
:type op: :class:`bravado_core.operation.Operation`
:returns: dict where (k,v) is (param_name, Param)
"""
swagger_spec = op.swagger_spec
deref = swagger_spec.deref
op_spec = deref(op.op_spec)
op_params_spec = deref(op_spec.get('parameters', []))
spec_dict = deref(swagger_spec._internal_spec_dict)
paths_spec = deref(spec_dict.get('paths', {}))
path_spec = deref(paths_spec.get(op.path_name))
path_params_spec = deref(path_spec.get('parameters', []))
# Order of addition is *important* here. Since op_params are last in the
# list, they will replace any previously defined path_params with the
# same name when the final params dict is constructed in the loop below.
params_spec = path_params_spec + op_params_spec
params = AliasKeyDict()
for param_spec in params_spec:
param = Param(swagger_spec, op, deref(param_spec))
sanitized_name = sanitize_name(param.name)
params[sanitized_name] = param
params.add_alias(param.name, sanitized_name)
# Security parameters cannot override and been overridden by operation or path objects
new_params = {}
new_param_aliases = {}
for parameter in op.security_parameters:
param_name = sanitize_name(parameter.name)
"""
Removed this code:
if param_name in params:
raise SwaggerSchemaError(
"'{0}' security parameter is overriding a parameter defined in operation or path object".format(
parameter.name,
)
)
else:
# not directly in params because different security requirements could share parameters
new_params[param_name] = parameter
new_param_aliases[parameter.name] = param_name
And replaced it with:
"""
new_params[param_name] = parameter
new_param_aliases[parameter.name] = param_name
params.update(new_params)
for alias, name in iteritems(new_param_aliases):
params.add_alias(alias, name)
return params
