fix: after review

daniel-kmiecik · daniel-kmiecik · commit c3ce6c404531 · 2025-09-01T09:13:05.000+02:00
diff --git a/modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/util/RefUtils.java b/modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/util/RefUtils.java
@@ -172,6 +172,15 @@ public static String buildUrl(String rootPath, String relativePath) {
         }
     }
 
+    /**
+     * @deprecated - new readExternalRef with PermittedUrlsChecker is preferred because it prevents bypassing security checks
+     */
+    @Deprecated
+    public static String readExternalRef(String file, RefFormat refFormat, List<AuthorizationValue> auths,
+                                         Path parentDirectory) {
+        return readExternalRef(file, refFormat, auths, parentDirectory, null);
+    }
+
     public static String readExternalRef(String file, RefFormat refFormat, List<AuthorizationValue> auths,
                                          Path parentDirectory, PermittedUrlsChecker permittedUrlsChecker) {
 
diff --git a/modules/swagger-parser-v3/src/test/java/io/swagger/v3/parser/util/RemoteUrlTest.java b/modules/swagger-parser-v3/src/test/java/io/swagger/v3/parser/util/RemoteUrlTest.java
@@ -193,7 +193,6 @@ public void testTooManyRedirectsThrowsException() throws Exception {
     @Test(expectedExceptions = HostDeniedException.class)
     public void testRedirectWithForbiddenProtocolThrowsException() throws Exception {
         String nextPath = "/redirect";
-        // Chain 6 redirects
         for (int i = 0; i < 3; i++) {
             String target = "/redirect" + (i + 1);
             stubFor(get(urlEqualTo(nextPath))
@@ -203,19 +202,14 @@ public void testRedirectWithForbiddenProtocolThrowsException() throws Exception
             nextPath = target;
         }
 
-        // Add stub for /redirect6 to return a 200 OK response, but it's not expected to be reached
+        // Add stub for /redirect3 to return a 200 OK response, but it's not expected to be reached
         stubFor(get(urlEqualTo(nextPath))
                 .willReturn(aResponse()
                         .withStatus(200)
                         .withBody("Final destination")));
 
         String startUrl = String.format("https://%s:%d/redirect", LOCALHOST, WIRE_MOCK_PORT);
 
-        try {
-            RemoteUrl.urlToString(startUrl, null, new PermittedUrlsCheckerAllowLocal());
-        } catch (IOException e) {
-            assertTrue(e.getMessage().contains("Too many redirects"));
-            throw e;
-        }
+        RemoteUrl.urlToString(startUrl, null, new PermittedUrlsCheckerAllowLocal());
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -172,6 +172,15 @@ public static String buildUrl(String rootPath, String relativePath) {`
`172`	`172`	`}`
`173`	`173`	`}`
`174`	`174`
	`175`	`+ /**`
	`176`	`+ * @deprecated - new readExternalRef with PermittedUrlsChecker is preferred because it prevents bypassing security checks`
	`177`	`+ */`
	`178`	`+ @Deprecated`
	`179`	`+ public static String readExternalRef(String file, RefFormat refFormat, List<AuthorizationValue> auths,`
	`180`	`+ Path parentDirectory) {`
	`181`	`+ return readExternalRef(file, refFormat, auths, parentDirectory, null);`
	`182`	`+ }`
	`183`	`+`
`175`	`184`	`public static String readExternalRef(String file, RefFormat refFormat, List<AuthorizationValue> auths,`
`176`	`185`	`Path parentDirectory, PermittedUrlsChecker permittedUrlsChecker) {`
`177`	`186`