pax_global_header00006660000000000000000000000064151514036750014521gustar00rootroot0000000000000052 comment=8b85573320ccec4f4f1e962e09c1fab880cbfc23 go-openapi-jsonreference-6f5da62/000077500000000000000000000000001515140367500170245ustar00rootroot00000000000000go-openapi-jsonreference-6f5da62/.editorconfig000066400000000000000000000010331515140367500214760ustar00rootroot00000000000000# top-most EditorConfig file root = true # Unix-style newlines with a newline ending every file [*] end_of_line = lf insert_final_newline = true indent_style = space indent_size = 2 trim_trailing_whitespace = true # Set default charset [*.{js,py,go,scala,rb,java,html,css,less,sass,md}] charset = utf-8 # Tab indentation (no size specified) [*.go] indent_style = tab [*.md] trim_trailing_whitespace = false # Matches the exact files either package.json or .travis.yml [{package.json,.travis.yml}] indent_style = space indent_size = 2 go-openapi-jsonreference-6f5da62/.github/000077500000000000000000000000001515140367500203645ustar00rootroot00000000000000go-openapi-jsonreference-6f5da62/.github/CONTRIBUTING.md000066400000000000000000000210031515140367500226110ustar00rootroot00000000000000You'll find here general guidelines to contribute to this project. They mostly correspond to standard practices for open source repositories. We have tried to keep things as simple as possible. > [!NOTE] > If you're an experienced go developer on github, then you should just feel at home with us > and you may well skip the rest of this document. > > You'll essentially apply the usual guidelines for a go library project on github. These guidelines are common to all libraries published on github by the `go-openapi` organization, so you'll feel at home with any of our projects. You'll find more detailed (or repo-specific) instructions in the [maintainer's docs][maintainers-doc]. [maintainers-doc]: ../docs/MAINTAINERS.md ## How can I contribute There are many ways in which you can contribute, not just code. Here are a few ideas: - Reporting issues or bugs - Suggesting improvements - Documentation - Art work that makes the project look great - Code - proposing bug fixes and new features that are within the main project scope - improving test coverage - addressing code quality issues ## Questions & issues ### Asking a question You may inquire anything about this library by reporting a "Question" issue on github. You may also join our discord server where you may discuss issues or requests. [![Discord Server][discord-badge]][discord-url] [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue [discord-url]: https://discord.gg/twZ9BwT3 ### Reporting issues Reporting a problem with our libraries _is_ a valuable contribution. You can do this on the github issues page of this repository. Please be as specific as possible when describing your issue. Whenever relevant, please provide information about your environment (go version, OS). Adding a code snippet to reproduce the issue is great, and a big time saver for maintainers. ### Triaging issues You can help triage issues which may include: * reproducing bug reports * asking for important information, such as version numbers or reproduction instructions * answering questions and sharing your insight in issue comments ## Code contributions ### Pull requests are always welcome We are always thrilled to receive pull requests, and we do our best to process them as fast as possible. Not sure if that typo is worth a pull request? Do it! We will appreciate it. If your pull request is not accepted on the first try, don't be discouraged! If there's a problem with the implementation, hopefully you've received feedback on what to improve. If you have a lot of ideas or a lot of issues to solve, try to refrain a bit and post focused pull requests. Think that they must be reviewed by a maintainer and it is easy to lose track of things on big PRs. We're trying very hard to keep the go-openapi packages lean and focused. Together, these packages constitute a toolkit for go developers: it won't do everything for everybody out of the box, but everybody can use it to do just about everything related to OpenAPI. This means that we might decide against incorporating a new feature. However, there might be a way to implement that feature *on top of* our libraries. ### Environment You just need a `go` compiler to be installed. No special tools are needed to work with our libraries. The minimal go compiler version required is always the old stable (latest minor go version - 1). Our libraries are designed and tested to work on `Linux`, `MacOS` and `Windows`. If you're used to work with `go` you should already have everything in place. Although not required, you'll be certainly more productive with a local installation of `golangci-lint`, the meta-linter our CI uses. If you don't have it, you may install it like so: ```sh go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest ``` ### Conventions #### Git flow Fork the repo and make changes to your fork in a feature branch. To submit a pull request, push your branch to your fork (e.g. `upstream` remote): github will propose to open a pull request on the original repository. Typically you'd follow some common naming conventions: - if it's a bug fixing branch, name it `fix/XXX-something` where XXX is the number of the issue on github - if it's a feature branch, create an enhancement issue to announce your intentions, and name it `feature/XXX-something` where XXX is the number of the issue. NOTE: we don't enforce naming conventions on branches: it's your fork after all. #### Tests Submit unit tests for your changes. Go has a great built-in test framework ; use it! Take a look at existing tests for inspiration, and run the full test suite on your branch before submitting a pull request. Our CI measures test coverage and the test coverage of every patch. Although not a blocking step - because there are so many special cases - this is an indicator that maintainers consider when approving a PR. Please try your best to cover at least 80% of your patch. #### Code style You may read our stance on code style [there](../docs/STYLE.md). #### Documentation Don't forget to update the documentation when creating or modifying a feature. Most documentation for this library is directly found in code as comments for godoc. The documentation for this go-openapi package is published on [the public go docs site][go-doc]. --- Check your documentation changes for clarity, concision, and correctness. If you want to assess the rendering of your changes when published to `pkg.go.dev`, you may want to install the `pkgsite` tool proposed by `golang.org`. ```sh go install golang.org/x/pkgsite/cmd/pkgsite@latest ``` Then run on the repository folder: ```sh pkgsite . ``` This will run a godoc server locally where you may see the documentation generated from your local repository. [go-doc]: https://pkg.go.dev/github.com/go-openapi/jsonreference #### Commit messages Pull requests descriptions should be as clear as possible and include a reference to all the issues that they address. Pull requests must not contain commits from other users or branches. Commit messages are not required to follow the "conventional commit" rule, but it's certainly a good thing to follow that convention (e.g. "fix: fixed panic in XYZ", "ci: did this", "feat: did that" ...). The title in your commit message is used directly to produce our release notes: try to keep them neat. The commit message body should detail your changes. If an issue should be closed by a commit, please add this reference in the commit body: ``` * fixes #{issue number} ``` #### Code review Code review comments may be added to your pull request. Discuss, then make the suggested modifications and push additional commits to your feature branch. Be sure to post a comment after pushing. The new commits will show up in the pull request automatically, but the reviewers will not be notified unless you comment. Before the pull request is merged, **make sure that you've squashed your commits into logical units of work** using `git rebase -i` and `git push -f`. After every commit the test suite should be passing. Include documentation changes in the same commit so that a revert would remove all traces of the feature or fix. #### Sign your work Software is developed by real people. The sign-off is a simple line at the end of your commit message, which certifies that you wrote it or otherwise have the right to pass it on as an open-source patch. We require the simple DCO below with an email signing your commit. PGP-signed commit are greatly appreciated but not required. The rules are pretty simple: - read our [DCO][dco-doc] (from [developercertificate.org][dco-source]) - if you agree with these terms, then you just add a line to every git commit message ``` Signed-off-by: Joe Smith ``` using your real name (sorry, no pseudonyms or anonymous contributions.) You can add the sign-off when creating the git commit via `git commit -s`. [dco-doc]: ./DCO.md [dco-source]: https://developercertificate.org ## Code contributions by AI agents Our agentic friends are welcome to contribute! We only have a few demands to keep-up with human maintainers. 1. Issues and PRs written or posted by agents should always mention the original (human) poster for reference 2. We don't accept PRs attributed to agents. We don't want commits signed like "author: @claude.code". Agents or bots may coauthor commits, though. 3. Security vulnerability reports by agents should always be reported privately and mention the original (human) poster (see also [Security Policy][security-doc]). [security-doc]: ../SECURITY.md go-openapi-jsonreference-6f5da62/.github/DCO.md000066400000000000000000000026741515140367500213240ustar00rootroot00000000000000 # Developer's Certificate of Origin ``` Developer Certificate of Origin Version 1.1 Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 660 York Street, Suite 102, San Francisco, CA 94110 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Developer's Certificate of Origin 1.1 By making a contribution to this project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. ``` go-openapi-jsonreference-6f5da62/.github/dependabot.yaml000066400000000000000000000032001515140367500233500ustar00rootroot00000000000000version: 2 updates: - package-ecosystem: "github-actions" directory: "/" schedule: interval: "weekly" day: "friday" open-pull-requests-limit: 2 # <- default is 5 groups: # <- group all github actions updates in a single PR # 1. development-dependencies are auto-merged development-dependencies: patterns: - '*' - package-ecosystem: "gomod" # We define 4 groups of dependencies to regroup update pull requests: # - development (e.g. test dependencies) # - go-openapi updates # - golang.org (e.g. golang.org/x/... packages) # - other dependencies (direct or indirect) # # * All groups are checked once a week and each produce at most 1 PR. # * All dependabot PRs are auto-approved # # Auto-merging policy, when requirements are met: # 1. development-dependencies are auto-merged # 2. golang.org-dependencies are auto-merged # 3. go-openapi patch updates are auto-merged. Minor/major version updates require a manual merge. # 4. other dependencies require a manual merge directory: "/" schedule: interval: "weekly" day: "friday" open-pull-requests-limit: 4 groups: development-dependencies: patterns: - "github.com/stretchr/testify" golang-org-dependencies: patterns: - "golang.org/*" go-openapi-dependencies: patterns: - "github.com/go-openapi/*" other-dependencies: exclude-patterns: - "github.com/go-openapi/*" - "github.com/stretchr/testify" - "golang.org/*" go-openapi-jsonreference-6f5da62/.github/wordlist.txt000066400000000000000000000004531515140367500227760ustar00rootroot00000000000000CodeFactor CodeQL DCO GoDoc JSON Maintainer's PR's PRs Repo SPDX TODOs Triaging UI XYZ agentic ci codebase codecov config dependabot dev developercertificate github godoc golang golangci jsonpointer linter's linters maintainer's md metalinter monorepo openapi prepended repos semver sexualized vuln go-openapi-jsonreference-6f5da62/.github/workflows/000077500000000000000000000000001515140367500224215ustar00rootroot00000000000000go-openapi-jsonreference-6f5da62/.github/workflows/auto-merge.yml000066400000000000000000000004611515140367500252120ustar00rootroot00000000000000name: Dependabot auto-merge permissions: contents: read on: pull_request: jobs: dependabot: permissions: contents: write pull-requests: write uses: go-openapi/ci-workflows/.github/workflows/auto-merge.yml@84f8f9c0759d5d1d0c32b18a7abaa0cba65ebcff # v0.2.9 secrets: inherit go-openapi-jsonreference-6f5da62/.github/workflows/bump-release.yml000066400000000000000000000017441515140367500255330ustar00rootroot00000000000000name: Bump Release permissions: contents: read on: workflow_dispatch: inputs: bump-type: description: Type of bump (patch, minor, major) type: choice options: - patch - minor - major default: patch required: false tag-message-title: description: Tag message title to prepend to the release notes required: false type: string tag-message-body: description: | Tag message body to prepend to the release notes. (use "|" to replace end of line). required: false type: string jobs: bump-release: permissions: contents: write uses: go-openapi/ci-workflows/.github/workflows/bump-release.yml@84f8f9c0759d5d1d0c32b18a7abaa0cba65ebcff # v0.2.9 with: bump-type: ${{ inputs.bump-type }} tag-message-title: ${{ inputs.tag-message-title }} tag-message-body: ${{ inputs.tag-message-body }} secrets: inherit go-openapi-jsonreference-6f5da62/.github/workflows/codeql.yml000066400000000000000000000007301515140367500244130ustar00rootroot00000000000000name: "CodeQL" on: push: branches: [ "master" ] pull_request: branches: [ "master" ] paths-ignore: # remove this clause if CodeQL is a required check - '**/*.md' schedule: - cron: '39 19 * * 5' permissions: contents: read jobs: codeql: permissions: contents: read security-events: write uses: go-openapi/ci-workflows/.github/workflows/codeql.yml@84f8f9c0759d5d1d0c32b18a7abaa0cba65ebcff # v0.2.9 secrets: inherit go-openapi-jsonreference-6f5da62/.github/workflows/contributors.yml000066400000000000000000000005271515140367500257050ustar00rootroot00000000000000name: Contributors on: schedule: - cron: '18 4 * * 6' workflow_dispatch: permissions: contents: read jobs: contributors: permissions: pull-requests: write contents: write uses: go-openapi/ci-workflows/.github/workflows/contributors.yml@84f8f9c0759d5d1d0c32b18a7abaa0cba65ebcff # v0.2.9 secrets: inherit go-openapi-jsonreference-6f5da62/.github/workflows/go-test.yml000066400000000000000000000004241515140367500245260ustar00rootroot00000000000000name: go test permissions: pull-requests: read contents: read on: push: branches: - master pull_request: jobs: test: uses: go-openapi/ci-workflows/.github/workflows/go-test.yml@84f8f9c0759d5d1d0c32b18a7abaa0cba65ebcff # v0.2.9 secrets: inherit go-openapi-jsonreference-6f5da62/.github/workflows/scanner.yml000066400000000000000000000005751515140367500246040ustar00rootroot00000000000000name: Vulnerability scans on: branch_protection_rule: push: branches: [ "master" ] schedule: - cron: '18 4 * * 3' permissions: contents: read jobs: scanners: permissions: contents: read security-events: write uses: go-openapi/ci-workflows/.github/workflows/scanner.yml@84f8f9c0759d5d1d0c32b18a7abaa0cba65ebcff # V0.2.9 secrets: inherit go-openapi-jsonreference-6f5da62/.github/workflows/tag-release.yml000066400000000000000000000005441515140367500253400ustar00rootroot00000000000000name: Release on tag permissions: contents: read on: push: tags: - v[0-9]+* jobs: gh-release: name: Create release permissions: contents: write uses: go-openapi/ci-workflows/.github/workflows/release.yml@84f8f9c0759d5d1d0c32b18a7abaa0cba65ebcff # v0.2.9 with: tag: ${{ github.ref_name }} secrets: inherit go-openapi-jsonreference-6f5da62/.gitignore000066400000000000000000000000521515140367500210110ustar00rootroot00000000000000*.out *.cov .idea .env .mcp.json .claude/ go-openapi-jsonreference-6f5da62/.golangci.yml000066400000000000000000000022651515140367500214150ustar00rootroot00000000000000version: "2" linters: default: all disable: - depguard - funlen - godox - exhaustruct - nlreturn - nonamedreturns - noinlineerr - paralleltest - recvcheck - testpackage - thelper - tparallel - varnamelen - whitespace - wrapcheck - wsl - wsl_v5 settings: dupl: threshold: 200 goconst: min-len: 2 min-occurrences: 3 cyclop: max-complexity: 20 gocyclo: min-complexity: 20 exhaustive: default-signifies-exhaustive: true default-case-required: true lll: line-length: 180 exclusions: generated: lax presets: - comments - common-false-positives - legacy - std-error-handling paths: - third_party$ - builtin$ - examples$ formatters: enable: - gofmt - goimports - gofumpt exclusions: generated: lax paths: - third_party$ - builtin$ - examples$ issues: # Maximum issues count per one linter. # Set to 0 to disable. # Default: 50 max-issues-per-linter: 0 # Maximum count of issues with the same text. # Set to 0 to disable. # Default: 3 max-same-issues: 0 go-openapi-jsonreference-6f5da62/CODE_OF_CONDUCT.md000066400000000000000000000062471515140367500216340ustar00rootroot00000000000000# Contributor Covenant Code of Conduct ## Our Pledge In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. ## Our Standards Examples of behavior that contributes to creating a positive environment include: * Using welcoming and inclusive language * Being respectful of differing viewpoints and experiences * Gracefully accepting constructive criticism * Focusing on what is best for the community * Showing empathy towards other community members Examples of unacceptable behavior by participants include: * The use of sexualized language or imagery and unwelcome sexual attention or advances * Trolling, insulting/derogatory comments, and personal or political attacks * Public or private harassment * Publishing others' private information, such as a physical or electronic address, without explicit permission * Other conduct which could reasonably be considered inappropriate in a professional setting ## Our Responsibilities Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. ## Scope This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at . All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. ## Attribution This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [][version] [homepage]: http://contributor-covenant.org [version]: http://contributor-covenant.org/version/1/4/ go-openapi-jsonreference-6f5da62/CONTRIBUTORS.md000066400000000000000000000021161515140367500213030ustar00rootroot00000000000000# Contributors - Repository: ['go-openapi/jsonreference'] | Total Contributors | Total Contributions | | --- | --- | | 9 | 73 | | Username | All Time Contribution Count | All Commits | | --- | --- | --- | | @fredbi | 36 | https://github.com/go-openapi/jsonreference/commits?author=fredbi | | @casualjim | 25 | https://github.com/go-openapi/jsonreference/commits?author=casualjim | | @youyuanwu | 5 | https://github.com/go-openapi/jsonreference/commits?author=youyuanwu | | @olivierlemasle | 2 | https://github.com/go-openapi/jsonreference/commits?author=olivierlemasle | | @apelisse | 1 | https://github.com/go-openapi/jsonreference/commits?author=apelisse | | @gbjk | 1 | https://github.com/go-openapi/jsonreference/commits?author=gbjk | | @honza | 1 | https://github.com/go-openapi/jsonreference/commits?author=honza | | @Neo2308 | 1 | https://github.com/go-openapi/jsonreference/commits?author=Neo2308 | | @erraggy | 1 | https://github.com/go-openapi/jsonreference/commits?author=erraggy | _this file was generated by the [Contributors GitHub Action](https://github.com/github/contributors)_ go-openapi-jsonreference-6f5da62/LICENSE000066400000000000000000000261361515140367500200410ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. go-openapi-jsonreference-6f5da62/NOTICE000066400000000000000000000030661515140367500177350ustar00rootroot00000000000000Copyright 2015-2025 go-swagger maintainers // SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers // SPDX-License-Identifier: Apache-2.0 This software library, github.com/go-openapi/jsonreference, includes software developed by the go-swagger and go-openapi maintainers ("go-swagger maintainers"). Licensed under the Apache License, Version 2.0 (the "License"); you may not use this software except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. This software is copied from, derived from, and inspired by other original software products. It ships with copies of other software which license terms are recalled below. The original software was authored on 25-02-2013 by sigu-399 (https://github.com/sigu-399, sigu.399@gmail.com). github.com/sigh-399/jsonreference =========================== // SPDX-FileCopyrightText: Copyright 2013 sigu-399 ( https://github.com/sigu-399 ) // SPDX-License-Identifier: Apache-2.0 Copyright 2013 sigu-399 ( https://github.com/sigu-399 ) Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. go-openapi-jsonreference-6f5da62/README.md000066400000000000000000000130451515140367500203060ustar00rootroot00000000000000# jsonreference [![Tests][test-badge]][test-url] [![Coverage][cov-badge]][cov-url] [![CI vuln scan][vuln-scan-badge]][vuln-scan-url] [![CodeQL][codeql-badge]][codeql-url] [![Release][release-badge]][release-url] [![Go Report Card][gocard-badge]][gocard-url] [![CodeFactor Grade][codefactor-badge]][codefactor-url] [![License][license-badge]][license-url] [![GoDoc][godoc-badge]][godoc-url] [![Discord Channel][discord-badge]][discord-url] [![go version][goversion-badge]][goversion-url] ![Top language][top-badge] ![Commits since latest release][commits-badge] --- An implementation of JSON Reference for golang. ## Announcements * **2025-12-19** : new community chat on discord * a new discord community channel is available to be notified of changes and support users * our venerable Slack channel remains open, and will be eventually discontinued on **2026-03-31** You may join the discord community by clicking the invite link on the discord badge (also above). [![Discord Channel][discord-badge]][discord-url] Or join our Slack channel: [![Slack Channel][slack-logo]![slack-badge]][slack-url] ## Status API is stable. ## Import this library in your project ```cmd go get github.com/go-openapi/jsonreference ``` ## Dependencies * ## Basic usage ```go // Creating a new reference ref, err := jsonreference.New("http://example.com/doc.json#/definitions/Pet") // Fragment-only reference fragRef := jsonreference.MustCreateRef("#/definitions/Pet") // Resolving references parent, _ := jsonreference.New("http://example.com/base.json") child, _ := jsonreference.New("#/definitions/Pet") resolved, _ := parent.Inherits(child) // Result: "http://example.com/base.json#/definitions/Pet" ``` ## Change log See ## References * * ## Licensing This library ships under the [SPDX-License-Identifier: Apache-2.0](./LICENSE). See the license [NOTICE](./NOTICE), which recalls the licensing terms of all the pieces of software on top of which it has been built. ## Other documentation * [All-time contributors](./CONTRIBUTORS.md) * [Contributing guidelines](.github/CONTRIBUTING.md) * [Maintainers documentation](docs/MAINTAINERS.md) * [Code style](docs/STYLE.md) ## Cutting a new release Maintainers can cut a new release by either: * running [this workflow](https://github.com/go-openapi/jsonreference/actions/workflows/bump-release.yml) * or pushing a semver tag * signed tags are preferred * The tag message is prepended to release notes [test-badge]: https://github.com/go-openapi/jsonreference/actions/workflows/go-test.yml/badge.svg [test-url]: https://github.com/go-openapi/jsonreference/actions/workflows/go-test.yml [cov-badge]: https://codecov.io/gh/go-openapi/jsonreference/branch/master/graph/badge.svg [cov-url]: https://codecov.io/gh/go-openapi/jsonreference [vuln-scan-badge]: https://github.com/go-openapi/jsonreference/actions/workflows/scanner.yml/badge.svg [vuln-scan-url]: https://github.com/go-openapi/jsonreference/actions/workflows/scanner.yml [codeql-badge]: https://github.com/go-openapi/jsonreference/actions/workflows/codeql.yml/badge.svg [codeql-url]: https://github.com/go-openapi/jsonreference/actions/workflows/codeql.yml [release-badge]: https://badge.fury.io/gh/go-openapi%2Fjsonreference.svg [release-url]: https://badge.fury.io/gh/go-openapi%2Fjsonreference [gomod-badge]: https://badge.fury.io/go/github.com%2Fgo-openapi%2Fjsonreference.svg [gomod-url]: https://badge.fury.io/go/github.com%2Fgo-openapi%2Fjsonreference [gocard-badge]: https://goreportcard.com/badge/github.com/go-openapi/jsonreference [gocard-url]: https://goreportcard.com/report/github.com/go-openapi/jsonreference [codefactor-badge]: https://img.shields.io/codefactor/grade/github/go-openapi/jsonreference [codefactor-url]: https://www.codefactor.io/repository/github/go-openapi/jsonreference [doc-badge]: https://img.shields.io/badge/doc-site-blue?link=https%3A%2F%2Fgoswagger.io%2Fgo-openapi%2F [doc-url]: https://goswagger.io/go-openapi [godoc-badge]: https://pkg.go.dev/badge/github.com/go-openapi/jsonreference [godoc-url]: http://pkg.go.dev/github.com/go-openapi/jsonreference [slack-logo]: https://a.slack-edge.com/e6a93c1/img/icons/favicon-32.png [slack-badge]: https://img.shields.io/badge/slack-blue?link=https%3A%2F%2Fgoswagger.slack.com%2Farchives%2FC04R30YM [slack-url]: https://goswagger.slack.com/archives/C04R30YMU [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue [discord-url]: https://discord.gg/twZ9BwT3 [license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg [license-url]: https://github.com/go-openapi/jsonreference/?tab=Apache-2.0-1-ov-file#readme [goversion-badge]: https://img.shields.io/github/go-mod/go-version/go-openapi/jsonreference [goversion-url]: https://github.com/go-openapi/jsonreference/blob/master/go.mod [top-badge]: https://img.shields.io/github/languages/top/go-openapi/jsonreference [commits-badge]: https://img.shields.io/github/commits-since/go-openapi/jsonreference/latest go-openapi-jsonreference-6f5da62/SECURITY.md000066400000000000000000000026031515140367500206160ustar00rootroot00000000000000# Security Policy This policy outlines the commitment and practices of the go-openapi maintainers regarding security. ## Supported Versions | Version | Supported | | ------- | ------------------ | | O.x | :white_check_mark: | ## Vulnerability checks in place This repository uses automated vulnerability scans, at every merged commit and at least once a week. We use: * [`GitHub CodeQL`][codeql-url] * [`trivy`][trivy-url] * [`govulncheck`][govulncheck-url] Reports are centralized in github security reports and visible only to the maintainers. ## Reporting a vulnerability If you become aware of a security vulnerability that affects the current repository, **please report it privately to the maintainers** rather than opening a publicly visible GitHub issue. Please follow the instructions provided by github to [Privately report a security vulnerability][github-guidance-url]. > [!NOTE] > On Github, navigate to the project's "Security" tab then click on "Report a vulnerability". [codeql-url]: https://github.com/github/codeql [trivy-url]: https://trivy.dev/docs/latest/getting-started [govulncheck-url]: https://go.dev/blog/govulncheck [github-guidance-url]: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability go-openapi-jsonreference-6f5da62/docs/000077500000000000000000000000001515140367500177545ustar00rootroot00000000000000go-openapi-jsonreference-6f5da62/docs/MAINTAINERS.md000066400000000000000000000161201515140367500220500ustar00rootroot00000000000000> [!NOTE] > Comprehensive guide for maintainers covering repository structure, CI/CD workflows, release procedures, and development practices. > Essential reading for anyone contributing to or maintaining this project. ## Repo structure This project is organized as a repo with a single go module. ## Repo configuration * Default branch: master * Protected branches: master * Branch protection rules: * require pull requests and approval * required status checks: * DCO (simple email sign-off) * Lint * All tests completed * Auto-merge enabled (used for dependabot updates and other auto-merged PR's, e.g. contributors update) ## Continuous Integration ### Code Quality checks * meta-linter: [golangci-lint][golangci-url] * linter config: [`.golangci.yml`][linter-config] (see our [posture][style-doc] on linters) * Code quality assessment: [CodeFactor][codefactor-url] * Code quality badges * [go report card][gocard-url] * [CodeFactor][codefactor-url] > **NOTES** > > codefactor inherits roles from github. There is no need to create a dedicated account. > > The codefactor app is installed at the organization level (`github.com/go-openapi`). > > There is no special token to setup in github for CI usage. ### Testing * Test reports * Uploaded to codecov: * Test coverage reports * Uploaded to codecov: * Fuzz testing * Fuzz tests are handled separately by CI and may reuse a cached version of the fuzzing corpus. At this moment, cache may not be shared between feature branches or feature branch and master. The minimized corpus produced on failure is uploaded as an artifact and should be added manually to `testdata/fuzz/...`. Coverage threshold status is informative and not blocking. This is because the thresholds are difficult to tune and codecov oftentimes reports false negatives or may fail to upload coverage. All tests across `go-openapi` use our fork of `stretchr/jsonreference` (this repo): `github.com/go-openapi/jsonreference`. This allows for minimal test dependencies. > **NOTES** > > codecov inherits roles from github. There is no need to create a dedicated account. > However, there is only 1 maintainer allowed to be the admin of the organization on codecov > with their free plan. > > The codecov app is installed at the organization level (`github.com/go-openapi`). > > There is no special token to setup in github for CI usage. > A organization-level token used to upload coverage and test reports is managed at codecov: > no setup is required on github. ### Automated updates * dependabot * configuration: [`dependabot.yaml`][dependabot-config] Principle: * codecov applies updates and security patches to the github-actions and golang ecosystems. * all updates from "trusted" dependencies (github actions, golang.org packages, go-openapi packages are auto-merged if they successfully pass CI. * go version updates Principle: * we support the 2 latest minor versions of the go compiler (`stable`, `oldstable`) * `go.mod` should be updated (manually) whenever there is a new go minor release (e.g. every 6 months). > This means that our projects always have a 6 months lag to enforce new features from the go compiler. > > However, new features of go may be used with a "go:build" tag: this allows users of the newer > version to benefit the new feature while users still running with `oldstable` use another version > that still builds. * contributors * a [`CONTRIBUTORS.md`][contributors-doc] file is updated weekly, with all-time contributors to the repository * the `github-actions[bot]` posts a pull request to do that automatically * at this moment, this pull request is not auto-approved/auto-merged (bot cannot approve its own PRs) ### Vulnerability scanners There are 3 complementary scanners - obviously, there is some overlap, but each has a different focus. * GitHub `CodeQL` * `trivy` * `govulnscan` None of these tools require an additional account or token. Github CodeQL configuration is set to "Advanced", so we may collect a CI status for this check (e.g. for badges). Scanners run on every commit to master and at least once a week. Reports are centralized in github security reports for code scanning tools. ## Releases **For single module repos:** A bump release workflow can be triggered from the github actions UI to cut a release with a few clicks. The release process is minimalist: * push a semver tag (i.e v{major}.{minor}.{patch}) to the master branch. * the CI handles this to generate a github release with release notes * release notes generator: git-cliff * configuration: the `.cliff.toml` is defined as a share configuration on remote repo [`ci-workflows/.cliff.toml`][remote-cliff-config] Commits from maintainers are preferably PGP-signed. Tags are preferably PGP-signed. We want our releases to show as "verified" on github. The tag message introduces the release notes (e.g. a summary of this release). The release notes generator does not assume that commits are necessarily "conventional commits". **For mono-repos with multiple modules:** The release process is slightly different because we need to update cross-module dependencies before pushing a tag. A bump release workflow (mono-repo) can be triggered from the github actions UI to cut a release with a few clicks. It works with the same input as the one for single module repos, and first creates a PR (auto-merged) that updates the different go.mod files _before_ pushing the desired git tag. Commits and tags pushed by the workflow bot are PGP-signed ("go-openapi[bot]"). ## Other files Standard documentation: * [CONTRIBUTING.md][contributing-doc] guidelines * [DCO.md][dco-doc] terms for first-time contributors to read * [CODE_OF_CONDUCT.md][coc-doc] * [SECURITY.md][security-doc] policy: how to report vulnerabilities privately * [LICENSE][license-doc] terms * [NOTICE][notice-doc] on supplementary license terms (original authors, copied code etc) Reference documentation (released): * [pkg.go.dev (fka godoc)][godoc-url] [linter-config]: https://github.com/go-openapi/jsonreference/blob/master/.golangci.yml [local-cliff-config]: https://github.com/go-openapi/jsonreference/blob/master/.cliff.toml [remote-cliff-config]: https://github.com/go-openapi/ci-workflows/blob/master/.cliff.toml [dependabot-config]: https://github.com/go-openapi/jsonreference/blob/master/.github/dependabot.yaml [gocard-url]: https://goreportcard.com/report/github.com/go-openapi/jsonreference [codefactor-url]: https://www.codefactor.io/repository/github/go-openapi/jsonreference [golangci-url]: https://golangci-lint.run/ [godoc-url]: https://pkg.go.dev/github.com/go-openapi/jsonreference [contributors-doc]: ../CONTRIBUTORS.md [contributing-doc]: ../.github/CONTRIBUTING.md [dco-doc]: ../.github/DCO.md [style-doc]: STYLE.md [coc-doc]: ../CODE_OF_CONDUCT.md [security-doc]: ../SECURITY.md [license-doc]: ../LICENSE [notice-doc]: ../NOTICE go-openapi-jsonreference-6f5da62/docs/STYLE.md000066400000000000000000000134601515140367500212020ustar00rootroot00000000000000# Coding style at `go-openapi` > **TL;DR** > > Let's be honest: at `go-openapi` and `go-swagger` we've never been super-strict on code style and linting. > > But perhaps now (2025) is the time to adopt a different stance. Even though our repos have been early adopters of `golangci-lint` years ago (we used some other metalinter before), our decade-old codebase is only realigned to new rules from time to time. Now go-openapi and go-swagger together make up a really large codebase, which is taxing to maintain and keep afloat. Code quality and the harmonization of rules have thus become things that we need now. ## Meta-linter Universally formatted go code promotes ease of writing, reading, and maintenance. You should run `golangci-lint run` before committing your changes. Many editors have plugins that do that automatically. > We use the `golangci-lint` meta-linter. The configuration lies in > [`.golangci.yml`][golangci-yml]. > You may read [the linter's configuration reference][golangci-doc] for additional reference. This configuration is essentially the same across all `go-openapi` projects. Some projects may require slightly different settings. ## Linting rules posture Thanks to go's original design, we developers don't have to waste much time arguing about code figures of style. However, the number of available linters has been growing to the point that we need to pick a choice. ### Our approach: evaluate, don't consume blindly As early adopters of `golangci-lint` (and its predecessors), we've watched linting orthodoxy shift back and forth over the years. Patterns that were idiomatic one year get flagged the next; rules that seemed reasonable in isolation produce noise at scale. Conversations with maintainers of other large Go projects confirmed what our own experience taught us: **the default linter set is a starting point, not a prescription**. Our stance is deliberate: - **Start from `default: all`**, then consciously disable what doesn't earn its keep. This forces us to evaluate every linter and articulate why we reject it — the disabled list is a design rationale, not technical debt. - **Tune thresholds rather than disable** when a linter's principle is sound but its defaults are too aggressive for a mature codebase. - **Require justification for every `//nolint`** directive. Each one must carry an inline comment explaining why it's there. - **Prefer disabling a linter over scattering `//nolint`** across the codebase. If a linter produces systematic false positives on patterns we use intentionally, the linter goes — not our code. - **Keep the configuration consistent** across all `go-openapi` repositories. Per-repo divergence is a maintenance tax we don't want to pay. We enable all linters published by `golangci-lint` by default, then disable a few ones. Here are the reasons why they are disabled (update: Feb. 2026, `golangci-lint v2.8.0`). ```yaml disable: - depguard # we don't want to configure rules to constrain import. That's the reviewer's job - exhaustruct # we don't want to configure regexp's to check type name. That's the reviewer's job - funlen # we accept cognitive complexity as a meaningful metric, but function length is relevant - godox # we don't see any value in forbidding TODO's etc in code - nlreturn # we usually apply this "blank line" rule to make code less compact. We just don't want to enforce it - nonamedreturns # we don't see any valid reason why we couldn't used named returns - noinlineerr # there is no value added forbidding inlined err - paralleltest # we like parallel tests. We just don't want them to be enforced everywhere - recvcheck # we like the idea of having pointer and non-pointer receivers - testpackage # we like test packages. We just don't want them to be enforced everywhere - thelper # too many false positives on test case factories returning func(*testing.T). See note below - tparallel # see paralleltest - varnamelen # sometimes, we like short variables. The linter doesn't catch cases when a short name is good - whitespace # no added value - wrapcheck # although there is some sense with this linter's general idea, it produces too much noise - wsl # no added value. Noise - wsl_v5 # no added value. Noise ``` As you may see, we agree with the objective of most linters, at least the principle they are supposed to enforce. But all linters do not support fine-grained tuning to tolerate some cases and not some others. **Relaxed linter settings** When this is possible, we enable linters with relaxed constraints. ```yaml settings: dupl: threshold: 200 # in a older code base such as ours, we have to be tolerant with a little redundancy # Hopefully, we'll be able to gradually get rid of those. goconst: min-len: 2 min-occurrences: 3 cyclop: max-complexity: 20 # the default is too low for most of our functions. 20 is a nicer trade-off gocyclo: min-complexity: 20 exhaustive: # when using default in switch, this should be good enough default-signifies-exhaustive: true default-case-required: true lll: line-length: 180 # we just want to avoid extremely long lines. # It is no big deal if a line or two don't fit on your terminal. ``` Final note: since we have switched to a forked version of `stretchr/testify`, we no longer benefit from the great `testifylint` linter for tests. [golangci-yml]: https://github.com/go-openapi/jsonreference/blob/master/.golangci.yml [golangci-doc]: https://golangci-lint.run/docs/linters/configuration/ go-openapi-jsonreference-6f5da62/examples_test.go000066400000000000000000000014211515140367500222260ustar00rootroot00000000000000// SPDX-FileCopyrightText: Copyright (c) 2015-2025 go-swagger maintainers // SPDX-License-Identifier: Apache-2.0 package jsonreference_test import ( "fmt" "log" "github.com/go-openapi/jsonreference" ) func ExampleRef_GetURL() { fragRef := jsonreference.MustCreateRef("#/definitions/Pet") fmt.Printf("URL: %s\n", fragRef.GetURL()) // Output: URL: #/definitions/Pet } func ExampleRef_Inherits() { parent := jsonreference.MustCreateRef("http://example.com/base.json") child, err := jsonreference.New("#/definitions/Pet") if err != nil { log.Printf("%v", err) return } resolved, err := parent.Inherits(child) if err != nil { log.Printf("%v", err) return } fmt.Printf("URL: %v\n", resolved) // Output: URL: http://example.com/base.json#/definitions/Pet } go-openapi-jsonreference-6f5da62/fuzz_test.go000066400000000000000000000047561515140367500214240ustar00rootroot00000000000000// SPDX-FileCopyrightText: Copyright (c) 2015-2025 go-swagger maintainers // SPDX-License-Identifier: Apache-2.0 package jsonreference import ( "iter" "slices" "strings" "testing" "github.com/go-openapi/testify/v2/require" ) func FuzzParse(f *testing.F) { // initial seed cumulated := make([]string, 0, 100) for generator := range generators() { f.Add(generator) cumulated = append(cumulated, generator) f.Add(strings.Join(cumulated, "")) } ref := Ref{} f.Fuzz(func(t *testing.T, input string) { require.NotPanics(t, func() { _ = ref.parse(input) }) }) } func generators() iter.Seq[string] { return slices.Values([]string{ "", "https://localhost/%F0%9F%8C%AD#/%F0%9F%8D%94", "#/ok", "%2", "http://host/path/a/b/c#/f/a/b", "http://host/path/a/b/c", "http://host/path/a/b/c#", "#/fragment/only", "/documents/document.json", "document.json", "http://www.test.com/doc.json", "#/a/b", "http://www.test.com/doc.json", "http://www.test2.com/doc.json#bla", "http://a/b/c/d;p?q", "g:h", "g:h", "g", "http://a/b/c/g", "./g", "http://a/b/c/g", "g/", "http://a/b/c/g/", "/g", "http://a/g", "//g", "http://g", "?y", "http://a/b/c/d;p?y", "g?y", "http://a/b/c/g?y", "#s", "http://a/b/c/d;p?q#s", "g#s", "http://a/b/c/g#s", "g?y#s", "http://a/b/c/g?y#s", ";x", "http://a/b/c/;x", "g;x", "http://a/b/c/g;x", "g;x?y#s", "http://a/b/c/g;x?y#s", "", "http://a/b/c/d;p?q", ".", "http://a/b/c/", "./", "http://a/b/c/", "..", "http://a/b/", "../", "http://a/b/", "../g", "http://a/b/g", "../..", "http://a/", "../../", "http://a/", "../../g", "http://a/g", "http://tools.ietf.org/html/rfc3986#section-5.4.2", "../../../g", "http://a/g", "../../../../g", "http://a/g", "https://localhost/🌭#/🍔", "https://localhost/%F0%9F%8C%AD#/%F0%9F%8D%94", "/./g", "http://a/g", "/../g", "http://a/g", "g.", "http://a/b/c/g.", ".g", "http://a/b/c/.g", "g..", "http://a/b/c/g..", "..g", "http://a/b/c/..g", "./../g", "http://a/b/g", "./g/.", "http://a/b/c/g/", "g/./h", "http://a/b/c/g/h", "g/../h", "http://a/b/c/h", "g;x=1/./y", "http://a/b/c/g;x=1/y", "g;x=1/../y", "http://a/b/c/y", "g?y/./x", "http://a/b/c/g?y/./x", "g?y/../x", "http://a/b/c/g?y/../x", "g#s/./x", "http://a/b/c/g#s/./x", "g#s/../x", "http://a/b/c/g#s/../x", "http:g", "http:g", // for strict parsers "http:g", "http://a/b/c/g", `a`, ``, `/`, `/`, `/a~1b`, `/a~1b`, `/c%d`, `/e^f`, `/g|h`, `/i\j`, `/k"l`, `/ `, `/m~0n`, `/foo`, `/0`, }) } go-openapi-jsonreference-6f5da62/go.mod000066400000000000000000000003301515140367500201260ustar00rootroot00000000000000module github.com/go-openapi/jsonreference require ( github.com/go-openapi/jsonpointer v0.22.5 github.com/go-openapi/testify/v2 v2.4.0 ) require github.com/go-openapi/swag/jsonname v0.25.5 // indirect go 1.24.0 go-openapi-jsonreference-6f5da62/go.sum000066400000000000000000000010611515140367500201550ustar00rootroot00000000000000github.com/go-openapi/jsonpointer v0.22.5 h1:8on/0Yp4uTb9f4XvTrM2+1CPrV05QPZXu+rvu2o9jcA= github.com/go-openapi/jsonpointer v0.22.5/go.mod h1:gyUR3sCvGSWchA2sUBJGluYMbe1zazrYWIkWPjjMUY0= github.com/go-openapi/swag/jsonname v0.25.5 h1:8p150i44rv/Drip4vWI3kGi9+4W9TdI3US3uUYSFhSo= github.com/go-openapi/swag/jsonname v0.25.5/go.mod h1:jNqqikyiAK56uS7n8sLkdaNY/uq6+D2m2LANat09pKU= github.com/go-openapi/testify/v2 v2.4.0 h1:8nsPrHVCWkQ4p8h1EsRVymA2XABB4OT40gcvAu+voFM= github.com/go-openapi/testify/v2 v2.4.0/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= go-openapi-jsonreference-6f5da62/internal/000077500000000000000000000000001515140367500206405ustar00rootroot00000000000000go-openapi-jsonreference-6f5da62/internal/normalize_url.go000066400000000000000000000034501515140367500240530ustar00rootroot00000000000000// SPDX-FileCopyrightText: Copyright (c) 2015-2025 go-swagger maintainers // SPDX-License-Identifier: Apache-2.0 package internal import ( "net/url" "regexp" "strings" ) const ( defaultHTTPPort = ":80" defaultHTTPSPort = ":443" ) // Regular expressions used by the normalizations. var ( rxPort = regexp.MustCompile(`(:\d+)/?$`) rxDupSlashes = regexp.MustCompile(`/{2,}`) ) // NormalizeURL will normalize the specified URL // This was added to replace a previous call to the no longer maintained purell library: // The call that was used looked like the following: // // url.Parse(purell.NormalizeURL(parsed, purell.FlagsSafe|purell.FlagRemoveDuplicateSlashes)) // // To explain all that was included in the call above, purell.FlagsSafe was really just the following: // - FlagLowercaseScheme // - FlagLowercaseHost // - FlagRemoveDefaultPort // - FlagRemoveDuplicateSlashes (and this was mixed in with the |) // // This also normalizes the URL into its urlencoded form by removing RawPath and RawFragment. func NormalizeURL(u *url.URL) { lowercaseScheme(u) lowercaseHost(u) removeDefaultPort(u) removeDuplicateSlashes(u) u.RawPath = "" u.RawFragment = "" } func lowercaseScheme(u *url.URL) { if len(u.Scheme) > 0 { u.Scheme = strings.ToLower(u.Scheme) } } func lowercaseHost(u *url.URL) { if len(u.Host) > 0 { u.Host = strings.ToLower(u.Host) } } func removeDefaultPort(u *url.URL) { if len(u.Host) > 0 { scheme := strings.ToLower(u.Scheme) u.Host = rxPort.ReplaceAllStringFunc(u.Host, func(val string) string { if (scheme == "http" && val == defaultHTTPPort) || (scheme == "https" && val == defaultHTTPSPort) { return "" } return val }) } } func removeDuplicateSlashes(u *url.URL) { if len(u.Path) > 0 { u.Path = rxDupSlashes.ReplaceAllString(u.Path, "/") } } go-openapi-jsonreference-6f5da62/internal/normalize_url_test.go000066400000000000000000000015371515140367500251160ustar00rootroot00000000000000// SPDX-FileCopyrightText: Copyright (c) 2015-2025 go-swagger maintainers // SPDX-License-Identifier: Apache-2.0 package internal import ( "net/url" "testing" "github.com/go-openapi/testify/v2/assert" "github.com/go-openapi/testify/v2/require" ) func TestUrlnorm(t *testing.T) { testCases := []struct { url string expected string }{ { url: "HTTPs://xYz.cOm:443/folder//file", expected: "https://xyz.com/folder/file", }, { url: "HTTP://xYz.cOm:80/folder//file", expected: "http://xyz.com/folder/file", }, { url: "postGRES://xYz.cOm:5432/folder//file", expected: "postgres://xyz.com:5432/folder/file", }, } for _, toPin := range testCases { testCase := toPin u, err := url.Parse(testCase.url) require.NoError(t, err) NormalizeURL(u) assert.EqualT(t, testCase.expected, u.String()) } } go-openapi-jsonreference-6f5da62/reference.go000066400000000000000000000061771515140367500213240ustar00rootroot00000000000000// SPDX-FileCopyrightText: Copyright (c) 2015-2025 go-swagger maintainers // SPDX-License-Identifier: Apache-2.0 package jsonreference import ( "errors" "net/url" "strings" "github.com/go-openapi/jsonpointer" "github.com/go-openapi/jsonreference/internal" ) const ( fragmentRune = `#` ) // ErrChildURL is raised when there is no child. var ErrChildURL = errors.New("child url is nil") // Ref represents a json reference object. type Ref struct { referenceURL *url.URL referencePointer jsonpointer.Pointer HasFullURL bool HasURLPathOnly bool HasFragmentOnly bool HasFileScheme bool HasFullFilePath bool } // New creates a new reference for the given string. func New(jsonReferenceString string) (Ref, error) { var r Ref err := r.parse(jsonReferenceString) return r, err } // MustCreateRef parses the ref string and panics when it's invalid. // Use the New method for a version that returns an error. func MustCreateRef(ref string) Ref { r, err := New(ref) if err != nil { panic(err) } return r } // GetURL gets the URL for this reference. func (r *Ref) GetURL() *url.URL { return r.referenceURL } // GetPointer gets the json pointer for this reference. func (r *Ref) GetPointer() *jsonpointer.Pointer { return &r.referencePointer } // String returns the best version of the url for this reference. func (r *Ref) String() string { if r.referenceURL != nil { return r.referenceURL.String() } if r.HasFragmentOnly { return fragmentRune + r.referencePointer.String() } return r.referencePointer.String() } // IsRoot returns true if this reference is a root document. func (r *Ref) IsRoot() bool { return r.referenceURL != nil && !r.IsCanonical() && !r.HasURLPathOnly && r.referenceURL.Fragment == "" } // IsCanonical returns true when this pointer starts with http(s):// or file://. func (r *Ref) IsCanonical() bool { return (r.HasFileScheme && r.HasFullFilePath) || (!r.HasFileScheme && r.HasFullURL) } // Inherits creates a new reference from a parent and a child // If the child cannot inherit from the parent, an error is returned. func (r *Ref) Inherits(child Ref) (*Ref, error) { childURL := child.GetURL() parentURL := r.GetURL() if childURL == nil { return nil, ErrChildURL } if parentURL == nil { return &child, nil } ref, err := New(parentURL.ResolveReference(childURL).String()) if err != nil { return nil, err } return &ref, nil } // "Constructor", parses the given string JSON reference. func (r *Ref) parse(jsonReferenceString string) error { parsed, err := url.Parse(jsonReferenceString) if err != nil { return err } internal.NormalizeURL(parsed) r.referenceURL = parsed refURL := r.referenceURL if refURL.Scheme != "" && refURL.Host != "" { r.HasFullURL = true } else { if refURL.Path != "" { r.HasURLPathOnly = true } else if refURL.RawQuery == "" && refURL.Fragment != "" { r.HasFragmentOnly = true } } r.HasFileScheme = refURL.Scheme == "file" r.HasFullFilePath = strings.HasPrefix(refURL.Path, "/") // invalid json-pointer error means url has no json-pointer fragment. simply ignore error r.referencePointer, _ = jsonpointer.New(refURL.Fragment) return nil } go-openapi-jsonreference-6f5da62/reference_test.go000066400000000000000000000162751515140367500223630ustar00rootroot00000000000000// SPDX-FileCopyrightText: Copyright (c) 2015-2025 go-swagger maintainers // SPDX-License-Identifier: Apache-2.0 package jsonreference import ( "testing" "github.com/go-openapi/jsonpointer" "github.com/go-openapi/testify/v2/assert" "github.com/go-openapi/testify/v2/require" ) func TestIsRoot(t *testing.T) { t.Run("with empty fragment", func(t *testing.T) { in := "#" r1, err := New(in) require.NoError(t, err) assert.TrueT(t, r1.IsRoot()) }) t.Run("with fragment", func(t *testing.T) { in := "#/ok" r1 := MustCreateRef(in) assert.FalseT(t, r1.IsRoot()) }) t.Run("with invalid ref", func(t *testing.T) { assert.Panics(t, func() { MustCreateRef("%2") }) }) } func TestFullURL(t *testing.T) { t.Run("with fragment", func(t *testing.T) { const ( in = "http://host/path/a/b/c#/f/a/b" ) r1, err := New(in) require.NoError(t, err) assert.EqualT(t, in, r1.String()) require.FalseT(t, r1.HasFragmentOnly) require.TrueT(t, r1.HasFullURL) require.FalseT(t, r1.HasURLPathOnly) require.FalseT(t, r1.HasFileScheme) require.EqualT(t, "/f/a/b", r1.GetPointer().String()) }) t.Run("with empty fragment", func(t *testing.T) { const in = "http://host/path/a/b/c" r1, err := New(in) require.NoError(t, err) assert.EqualT(t, in, r1.String()) require.FalseT(t, r1.HasFragmentOnly) require.TrueT(t, r1.HasFullURL) require.FalseT(t, r1.HasURLPathOnly) require.FalseT(t, r1.HasFileScheme) require.Empty(t, r1.GetPointer().String()) }) } func TestFragmentOnly(t *testing.T) { const in = "#/fragment/only" r1, err := New(in) require.NoError(t, err) assert.EqualT(t, in, r1.String()) require.TrueT(t, r1.HasFragmentOnly) require.FalseT(t, r1.HasFullURL) require.FalseT(t, r1.HasURLPathOnly) require.FalseT(t, r1.HasFileScheme) require.EqualT(t, "/fragment/only", r1.GetPointer().String()) p, err := jsonpointer.New(r1.referenceURL.Fragment) require.NoError(t, err) t.Run("Ref with fragmentOnly", func(t *testing.T) { r2 := Ref{referencePointer: p, HasFragmentOnly: true} assert.EqualT(t, in, r2.String()) }) t.Run("Ref without fragmentOnly", func(t *testing.T) { r3 := Ref{referencePointer: p, HasFragmentOnly: false} assert.EqualT(t, in[1:], r3.String()) }) } func TestURLPathOnly(t *testing.T) { const in = "/documents/document.json" r1, err := New(in) require.NoError(t, err) assert.EqualT(t, in, r1.String()) require.FalseT(t, r1.HasFragmentOnly) require.FalseT(t, r1.HasFullURL) require.TrueT(t, r1.HasURLPathOnly) require.FalseT(t, r1.HasFileScheme) require.Empty(t, r1.GetPointer().String()) } func TestURLRelativePathOnly(t *testing.T) { const in = "document.json" r1, err := New(in) require.NoError(t, err) assert.EqualT(t, in, r1.String()) require.FalseT(t, r1.HasFragmentOnly) require.FalseT(t, r1.HasFullURL) require.TrueT(t, r1.HasURLPathOnly) require.FalseT(t, r1.HasFileScheme) require.Empty(t, r1.GetPointer().String()) } func TestInheritsInValid(t *testing.T) { const ( in1 = "http://www.test.com/doc.json" in2 = "#/a/b" ) r1, err := New(in1) require.NoError(t, err) t.Run("inherits from empty Ref", func(t *testing.T) { r2 := Ref{} result, err := r1.Inherits(r2) require.Error(t, err) assert.Nil(t, result) }) t.Run("inherits from non-empty Ref", func(t *testing.T) { r1 = Ref{} r2, err := New(in2) require.NoError(t, err) result, err := r1.Inherits(r2) require.NoError(t, err) require.NotNil(t, result) assert.Equal(t, r2, *result) }) } func TestInheritsValid(t *testing.T) { const ( in1 = "http://www.test.com/doc.json" in2 = "#/a/b" out = in1 + in2 ) r1, err := New(in1) require.NoError(t, err) r2, err := New(in2) require.NoError(t, err) result, err := r1.Inherits(r2) require.NoError(t, err) require.NotNil(t, result) assert.EqualT(t, out, result.String()) assert.EqualT(t, "/a/b", result.GetPointer().String()) } func TestInheritsDifferentHost(t *testing.T) { const ( in1 = "http://www.test.com/doc.json" in2 = "http://www.test2.com/doc.json#bla" ) r1, err := New(in1) require.NoError(t, err) r2, err := New(in2) require.NoError(t, err) result, err := r1.Inherits(r2) require.NoError(t, err) require.NotNil(t, result) assert.EqualT(t, in2, result.String()) assert.Empty(t, result.GetPointer().String()) } func TestFileScheme(t *testing.T) { const ( in1 = "file:///Users/mac/1.json#a" in2 = "file:///Users/mac/2.json#b" ) r1, err := New(in1) require.NoError(t, err) r2, err := New(in2) require.NoError(t, err) require.FalseT(t, r1.HasFragmentOnly) require.TrueT(t, r1.HasFileScheme) require.TrueT(t, r1.HasFullFilePath) require.TrueT(t, r1.IsCanonical()) assert.Empty(t, r1.GetPointer().String()) result, err := r1.Inherits(r2) require.NoError(t, err) assert.EqualT(t, in2, result.String()) assert.Empty(t, result.GetPointer().String()) } func TestReferenceResolution(t *testing.T) { // 5.4. Reference Resolution Examples // http://tools.ietf.org/html/rfc3986#section-5.4 const base = "http://a/b/c/d;p?q" baseRef, err := New(base) require.NoError(t, err) require.EqualT(t, base, baseRef.String()) checks := []string{ // 5.4.1. Normal Examples // http://tools.ietf.org/html/rfc3986#section-5.4.1 "g:h", "g:h", "g", "http://a/b/c/g", "./g", "http://a/b/c/g", "g/", "http://a/b/c/g/", "/g", "http://a/g", "//g", "http://g", "?y", "http://a/b/c/d;p?y", "g?y", "http://a/b/c/g?y", "#s", "http://a/b/c/d;p?q#s", "g#s", "http://a/b/c/g#s", "g?y#s", "http://a/b/c/g?y#s", ";x", "http://a/b/c/;x", "g;x", "http://a/b/c/g;x", "g;x?y#s", "http://a/b/c/g;x?y#s", "", "http://a/b/c/d;p?q", ".", "http://a/b/c/", "./", "http://a/b/c/", "..", "http://a/b/", "../", "http://a/b/", "../g", "http://a/b/g", "../..", "http://a/", "../../", "http://a/", "../../g", "http://a/g", // 5.4.2. Abnormal Examples // http://tools.ietf.org/html/rfc3986#section-5.4.2 "../../../g", "http://a/g", "../../../../g", "http://a/g", "/./g", "http://a/g", "/../g", "http://a/g", "g.", "http://a/b/c/g.", ".g", "http://a/b/c/.g", "g..", "http://a/b/c/g..", "..g", "http://a/b/c/..g", "./../g", "http://a/b/g", "./g/.", "http://a/b/c/g/", "g/./h", "http://a/b/c/g/h", "g/../h", "http://a/b/c/h", "g;x=1/./y", "http://a/b/c/g;x=1/y", "g;x=1/../y", "http://a/b/c/y", "g?y/./x", "http://a/b/c/g?y/./x", "g?y/../x", "http://a/b/c/g?y/../x", "g#s/./x", "http://a/b/c/g#s/./x", "g#s/../x", "http://a/b/c/g#s/../x", "http:g", "http:g", // for strict parsers // "http:g", "http://a/b/c/g", // for backward compatibility } for i := 0; i < len(checks)-1; i += 2 { child := checks[i] expected := checks[i+1] childRef, e := New(child) require.NoErrorf(t, e, "test: %d: New(%s) failed error: %v", i/2, child, e) res, e := baseRef.Inherits(childRef) require.NoErrorf(t, e, "test: %d", i/2) require.NotNilf(t, res, "test: %d", i/2) assert.EqualTf(t, expected, res.String(), "test: %d", i/2) } } func TestIdenticalURLEncoded(t *testing.T) { expected, err := New("https://localhost/🌭#/🍔") require.NoErrorf(t, err, "failed to create jsonreference: %v", err) actual, err := New("https://localhost/%F0%9F%8C%AD#/%F0%9F%8D%94") require.NoErrorf(t, err, "failed to create jsonreference: %v", err) require.Equal(t, expected, actual) }