parameter builder uses a comma instead of an empty string

[encodeering]

Hello,

it seems that an additional , can appended to the path in some cases and it has been detected using swagger ui's execution feature ([email protected]). It could be traced back to the following line:

swagger-js/src/execute/oas3/parameter-builders.js

Line 26 in 3627ead

req.url = req.url.split(`{${name}}`).join(styledValue);

The default behavior of Array.join will be used if styledValue is undefined.

The following yaml definition creates this case, if the input field in swagger ui remains untouched

paths:
  /openapi/specification{plural}:
    parameters:
    - name: plural
      in: path
      required: false
      schema:
        type: string
        pattern: "s?

Many thanks in advance.

[hkosova]

This is not a valid OpenAPI definition because path parameters must be required.

If you replace required: false with required: true, does the issue still occur?

[char0n]

Hi @encodeering,

@hkosova is right about the validity of your definition. Though you're right that this is a possible bug.

Here is a POC demonstrating when the bug occurs:

'/openapi/specification{plural}'.split('{plural}').join(undefined)

As styledValue can become undefined we have to compensate for this case and replace the styledValue with empty string.
Default value of separator for Array.prototype.join is ,. When we pass undefined to the join function it's the same as not passing a parameter at all and , is used to join the values.

[encodeering]

Hi @hkosova

thanks for pointing this out, wasn't aware of this fact. Going to rewrite the specification as it may suddenly stop working if we update the dependencies.

Cheers