Skip to content

openapiv2: panic when SecurityRequirement is missing a value #1811

New issue
New issue
Closed
#1818
Closed
openapiv2: panic when SecurityRequirement is missing a value#1811
#1818
@krishicks

Description

@krishicks
krishicks
opened on Nov 12, 2020

🐛 Bug Report

protoc-gen-openapiv2 panics when specifying an OpenAPI security option with a security requirement that is missing a value.

This was discovered when using buf to generate protos. @bufdev hinted that:

buf is correctly not producing a message value, while protoc is incorrectly producing a default value here

(Note: the issue was found in v1.9.6, and has been adapted to master, which includes the rename to openapiv2)

To Reproduce

Given the following proto:

syntax = "proto3";

import "protoc-gen-openapiv2/options/annotations.proto";

package mypackage;

option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
    security: {
        security_requirement: {
            key: "bearer";
        }
    }
};

Try to compile the proto with buf:

buf generate --template '{"version":"v1beta1","plugins":[{"name":"openapiv2","out":"out"}]}' --file proto/swagger-description.proto

Expected behavior

The plugin exits successfully.

Actual Behavior

The plugin panics:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x6302f7]

goroutine 1 [running]:
github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger/genswagger.applyTemplate(0xc0001e8080, 0xc0000cc640, 0xc0001c2fe0, 0x0, 0x0)
	/home/hicks/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/protoc-gen-swagger/genswagger/template.go:1177 +0x1017
github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger/genswagger.(*generator).Generate(0xc000010420, 0xc000010610, 0x1, 0x1, 0x1, 0xc000010610, 0x0, 0x1, 0x340)
	/home/hicks/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/protoc-gen-swagger/genswagger/generator.go:116 +0x6d9
main.main()
	/home/hicks/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/protoc-gen-swagger/main.go:117 +0x7eb
plugin swagger: exit status 2

The master line that equates to the v1.9.6 panic above is here: https://github.com/grpc-ecosystem/grpc-gateway/blob/master/protoc-gen-openapiv2/internal/genopenapi/template.go#L1358

Note that if the above security_requirement is given value: {}, generation with buf succeeds.

Your Environment

gen-go-swagger v1.9.6
GNU/Linux x86_64

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions