2

I have a Spring Boot project and I have an OpenAPI 3.0.0 YAML file in the resource folder.

To parse my YAML file, I am constructing a URL and using OpenApiParser as follows:

URL url = Resources.getResource(MyFile.yaml) //from com.google.common.io
 
OpenApi3 openApi3 = (OpenApi3) new OpenApiParser().parse(url);

When running from my local IntelliJ IDEA, url comes as follows and parsing is working fine:

"file:/C:/git/top_level_project/my_folder/my_project/build/resources/main/MyFile.yaml"

but when my project is being deployed at k8 setup, url comes as follows and parsing is getting failed:

"jar:file:some_image_name.jar!/BOOT-INF/lib/my_folder-0.1.0-beta.0.149+20220910T185040Z-plain.jar!/MyFile.yaml"

I also tried the following ways to construct the URL but getting the same URL on k8 setup and OpenAPI parsing getting failed due to the incorrect path.

URL url1 =  this.getClass().getResource("/" + MyFile.yaml); //from java.lang
 
URL url2 = this.getClass().getClassLoader().getResource(MyFile.yaml));
Helen
  • 87,344
  • 17
  • 243
  • 314
Vaibhav
  • 169
  • 6
  • Can anyone please have a look? – Vaibhav Sep 12 '22 at 09:17
  • 1
    What parser do you use? Doesn't seem to be [this one](https://github.com/swagger-api/swagger-parser#usage). Most likely, the parser doesn't support reading resources inside JAR files and requires either a regular file (in the file system or at an HTTP/S URL) or the text contents of a file. – Helen Sep 12 '22 at 09:56
  • Thanks @Helen for taking a look. I am using this com.networknt.oas.OpenApiParser. Also heard that there are also lots of security vulnerabilities with swagger parser.What do you suggest? – Vaibhav Sep 12 '22 at 16:02
  • 1
    [Read the resource file contents as a string](https://stackoverflow.com/q/6068197/113116) and then use the `.parse(String spec, URL resolutionBase)` version of the parse method. – Helen Sep 12 '22 at 16:31
  • Thanks you @Helen. I am able to parse using : OpenAPI openAPI = new OpenAPIV3Parser().read("/" + file.yaml, null, options); and its not introducing new vulnerabilities in my project. – Vaibhav Sep 18 '22 at 14:49
  • @Helen: can you please have a look at this : https://stackoverflow.com/questions/73764145/unable-to-validate-query-parameters-against-predefined-yaml-file-using-json-sche Need your expert advise here! – Vaibhav Sep 18 '22 at 15:47

0 Answers0