Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openapiv2: panic when SecurityRequirement is missing a value #1811

Closed
krishicks opened this issue Nov 12, 2020 · 0 comments · Fixed by #1818
Closed

openapiv2: panic when SecurityRequirement is missing a value #1811

krishicks opened this issue Nov 12, 2020 · 0 comments · Fixed by #1818

Comments

@krishicks
Copy link

🐛 Bug Report

protoc-gen-openapiv2 panics when specifying an OpenAPI security option with a security requirement that is missing a value.

This was discovered when using buf to generate protos. @bufdev hinted that:

buf is correctly not producing a message value, while protoc is incorrectly producing a default value here

(Note: the issue was found in v1.9.6, and has been adapted to master, which includes the rename to openapiv2)

To Reproduce

Given the following proto:

syntax = "proto3";

import "protoc-gen-openapiv2/options/annotations.proto";

package mypackage;

option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
    security: {
        security_requirement: {
            key: "bearer";
        }
    }
};

Try to compile the proto with buf:

buf generate --template '{"version":"v1beta1","plugins":[{"name":"openapiv2","out":"out"}]}' --file proto/swagger-description.proto

Expected behavior

The plugin exits successfully.

Actual Behavior

The plugin panics:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x6302f7]

goroutine 1 [running]:
github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger/genswagger.applyTemplate(0xc0001e8080, 0xc0000cc640, 0xc0001c2fe0, 0x0, 0x0)
	/home/hicks/go/pkg/mod/github.com/grpc-ecosystem/grpc-gateway@v1.9.6/protoc-gen-swagger/genswagger/template.go:1177 +0x1017
github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger/genswagger.(*generator).Generate(0xc000010420, 0xc000010610, 0x1, 0x1, 0x1, 0xc000010610, 0x0, 0x1, 0x340)
	/home/hicks/go/pkg/mod/github.com/grpc-ecosystem/grpc-gateway@v1.9.6/protoc-gen-swagger/genswagger/generator.go:116 +0x6d9
main.main()
	/home/hicks/go/pkg/mod/github.com/grpc-ecosystem/grpc-gateway@v1.9.6/protoc-gen-swagger/main.go:117 +0x7eb
plugin swagger: exit status 2

The master line that equates to the v1.9.6 panic above is here: https://github.com/grpc-ecosystem/grpc-gateway/blob/master/protoc-gen-openapiv2/internal/genopenapi/template.go#L1358

Note that if the above security_requirement is given value: {}, generation with buf succeeds.

Your Environment

gen-go-swagger v1.9.6
GNU/Linux x86_64
@krishicks krishicks changed the title panic when SecurityRequirement is missing a value openapiv2: panic when SecurityRequirement is missing a value Nov 12, 2020
johanbrandhorst added a commit that referenced this issue Nov 13, 2020
@johanbrandhorst
Fix panic when SecurityRequirement is missing value
2b37e0e 
Fixes #1811
@johanbrandhorst johanbrandhorst mentioned this issue Nov 13, 2020
Merged
johanbrandhorst added a commit that referenced this issue Nov 13, 2020
@johanbrandhorst
Fix openapiv2 panic (#1818)
3d22f27 
* Fix panic when SecurityRequirement is missing value

Fixes #1811

* Fix test warnings

These were just annoying me
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix openapiv2 panic grpc-ecosystem/grpc-gateway
1 participant
@krishicks