b2700903ae
As deepmap/oapi-codegen didn't work with this newer version, upgrade to oapi-codegen/oapi-codegen v2. Mitigating CVE-2025-30153
32 lines
588 B
Go
32 lines
588 B
Go
package openapi3
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"sort"
|
|
"strings"
|
|
)
|
|
|
|
func validateExtensions(ctx context.Context, extensions map[string]any) error { // FIXME: newtype + Validate(...)
|
|
allowed := getValidationOptions(ctx).extraSiblingFieldsAllowed
|
|
|
|
var unknowns []string
|
|
for k := range extensions {
|
|
if strings.HasPrefix(k, "x-") {
|
|
continue
|
|
}
|
|
if allowed != nil {
|
|
if _, ok := allowed[k]; ok {
|
|
continue
|
|
}
|
|
}
|
|
unknowns = append(unknowns, k)
|
|
}
|
|
|
|
if len(unknowns) != 0 {
|
|
sort.Strings(unknowns)
|
|
return fmt.Errorf("extra sibling fields: %+v", unknowns)
|
|
}
|
|
|
|
return nil
|
|
}
|