Skip to content

fix: wrap unresolvable $ref in ValidationError#519

Open
patchwright wants to merge 1 commit into
python-openapi:masterfrom
patchwright:fix/wrap-unresolvable-ref-error
Open

fix: wrap unresolvable $ref in ValidationError#519
patchwright wants to merge 1 commit into
python-openapi:masterfrom
patchwright:fix/wrap-unresolvable-ref-error

Conversation

@patchwright

Copy link
Copy Markdown

Problem

When a $ref points to a nonexistent target, referencing.exceptions.Unresolvable (PointerToNowhere) escapes uncaught instead of being wrapped in a ValidationError. The internal library exception leaks to the caller, and as a side effect dumps the entire spec into the error message.

Reproduction (from #511)

from openapi_spec_validator import validate
spec = {
    "openapi": "3.0.0",
    "info": {"title": "Test", "version": "1.0.0"},
    "paths": {"/test": {"get": {"responses": {
        "200": {"description": "ok"},
        "404": {"$ref": "#/components/responses/NotFound"},
    }}}}
}
validate(spec)
# Raises: referencing.exceptions.PointerToNowhere (not ValidationError)

Cause

The Unresolvable exception escapes during iter_errors() generation (when a $ref is resolved), so the wraps_errors decorator — which only wraps yielded errors — doesn't catch it.

Fix

Catch referencing.exceptions.Unresolvable in SpecValidator.validate() and SpecValidator.is_valid():

  • validate(): wrap in jsonschema.exceptions.ValidationError
  • is_valid(): return False (the spec is invalid)

Test

Updated the existing test_ref_failed tests (v2 + v3.1 parametrized) to expect ValidationError (the documented behavior) instead of Unresolvable (the leak). 45/45 integration tests pass.

Fixes #511.

Assisted-by: Claude (Anthropic).

When a $ref points to a nonexistent target, the referencing library's
Unresolvable (PointerToNowhere) exception escaped uncaught instead of being
wrapped in a ValidationError. This leaked the internal library exception
(and, as a side effect, dumped the entire spec into the error message).

Catch Unresolvable in SpecValidator.validate() and is_valid(), wrap in
jsonschema.exceptions.ValidationError. Updated existing test_ref_failed tests
to expect ValidationError (the documented behavior) instead of Unresolvable
(the leak). Fixes python-openapi#511.

Assisted-by: Claude (Anthropic).
Co-Authored-By: claude-flow <ruv@ruv.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant