fix: do not leak 'exampleSetFlag' in api doc (v2.x.x) (#3934)

* fix - do not leak 'exampleSetFlag' in api doc

Signed-off-by: nx673747 <[email protected]>

* fix failing tests

Signed-off-by: nx673747 <[email protected]>

---------

Signed-off-by: nx673747 <[email protected]>
Co-authored-by: nx673747 <[email protected]>
Co-authored-by: Andrea Tabone <[email protected]>

api-catalog-services/src/main/java/org/zowe/apiml/apicatalog/swagger/api/ApiDocV3Service.java

@@ -16,10 +16,14 @@
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import io.swagger.v3.core.jackson.mixin.MediaTypeMixin;
+import io.swagger.v3.core.jackson.mixin.SchemaMixin;
 import io.swagger.v3.oas.models.ExternalDocumentation;
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.PathItem;
 import io.swagger.v3.oas.models.Paths;
+import io.swagger.v3.oas.models.media.MediaType;
+import io.swagger.v3.oas.models.media.Schema;
 import io.swagger.v3.oas.models.security.SecurityScheme;
 import io.swagger.v3.oas.models.servers.Server;
 import io.swagger.v3.oas.models.tags.Tag;
@@ -47,11 +51,8 @@ public class ApiDocV3Service extends AbstractApiDocService<OpenAPI, PathItem> {
     @Value("${gateway.scheme.external:https}")
     private String scheme;
 
-    private final ObjectMapper mapper;
-
     public ApiDocV3Service(GatewayClient gatewayClient) {
         super(gatewayClient);
-        mapper = initializeObjectMapper();
     }
 
     public String transformApiDoc(String serviceId, ApiDocInfo apiDocInfo) {
@@ -76,7 +77,7 @@ public String transformApiDoc(String serviceId, ApiDocInfo apiDocInfo) {
         updateExternalDoc(openAPI, apiDocInfo);
 
         try {
-            return mapper.writeValueAsString(openAPI);
+            return objectMapper().writeValueAsString(openAPI);
         } catch (JsonProcessingException e) {
             log.debug("Could not convert OpenAPI to JSON", e);
             throw new ApiDocTransformationException("Could not convert Swagger to JSON");
@@ -190,17 +191,13 @@ private boolean isHidden(List<Tag> tags) {
         return tags != null && tags.stream().anyMatch(tag -> tag.getName().equals(HIDDEN_TAG));
     }
 
-    private ObjectMapper initializeObjectMapper() {
-        ObjectMapper objectMapper = new ObjectMapper();
-        objectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
-
-        SimpleModule simpleModule = new SimpleModule();
-        simpleModule.addSerializer(SecurityScheme.class, new SecuritySchemeSerializer());
-
-        objectMapper.registerModule(simpleModule);
-        objectMapper.enable(SerializationFeature.WRITE_ENUMS_USING_TO_STRING);
-
-        objectMapper.registerModule(new JavaTimeModule());
-        return objectMapper;
+    private ObjectMapper objectMapper() {
+        return new ObjectMapper()
+            .setSerializationInclusion(JsonInclude.Include.NON_NULL)
+            .registerModule(new SimpleModule().addSerializer(SecurityScheme.class, new SecuritySchemeSerializer()))
+            .registerModule(new JavaTimeModule())
+            .enable(SerializationFeature.WRITE_ENUMS_USING_TO_STRING)
+            .addMixIn(Schema.class, SchemaMixin.class)
+            .addMixIn(MediaType.class, MediaTypeMixin.class);
     }
 }

api-catalog-services/src/main/java/org/zowe/apiml/apicatalog/swagger/api/ApiTransformationConfig.java

@@ -42,8 +42,8 @@ public class ApiTransformationConfig {
     @Bean
     @Scope(value = "prototype")
     public AbstractApiDocService<?, ?> abstractApiDocService(String content) {
-        ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
-        mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
+        ObjectMapper mapper = new ObjectMapper(new YAMLFactory())
+            .setSerializationInclusion(JsonInclude.Include.NON_NULL);
         try {
             ObjectNode objectNode = mapper.readValue(content, ObjectNode.class);
             JsonNode openApiNode = objectNode.get("openapi");

api-catalog-services/src/test/java/org/zowe/apiml/apicatalog/swagger/api/ApiDocV3ServiceTest.java

@@ -239,14 +239,28 @@ protected void updateExternalDoc(OpenAPI openAPI, ApiDocInfo apiDocInfo) {
                 }
             };
             String transformed = apiDocV3Service.transformApiDoc("serviceId", new ApiDocInfo(
-                    mock(ApiInfo.class),
-                    IOUtils.toString(new ClassPathResource("swagger/openapi3.json").getInputStream(), StandardCharsets.UTF_8),
-                    mock(RoutedServices.class)
+                mock(ApiInfo.class),
+                IOUtils.toString(new ClassPathResource("swagger/openapi3.json").getInputStream(), StandardCharsets.UTF_8),
+                mock(RoutedServices.class)
             ));
             assertNotNull(transformed);
             verifyOpenApi3(openApiHolder.get());
         }
 
+        @Test
+        void givenValidApiDoc_thenDoNotLeakExampleSetFlag() throws IOException {
+            ApiInfo apiInfo = new ApiInfo("zowe.apiml.apicatalog", "api/v1", API_VERSION, "https://localhost:10014/apicatalog/v3/api-docs", "https://www.zowe.org");
+            String content = IOUtils.toString(new ClassPathResource("swagger/openapi3.json").getInputStream(), StandardCharsets.UTF_8);
+
+            RoutedServices routedServices = new RoutedServices();
+            routedServices.addRoutedService(new RoutedService("api-v1", "api/v1", "/apicatalog"));
+
+            ApiDocInfo info = new ApiDocInfo(apiInfo, content, routedServices);
+            assertThat(content, containsString("\"exampleSetFlag\":"));
+
+            String actualContent = apiDocV3Service.transformApiDoc(SERVICE_ID, info);
+            assertThat(actualContent, not(containsString("\"exampleSetFlag\":")));
+        }
     }
 
     private String convertOpenApiToJson(OpenAPI openApi) {