Avoid StringIndexOutOfBoundsException

#3

Author: Chris Wiechmann

src/main/java/com/axway/apim/openapi/validator/OpenAPIValidator.java

@@ -123,8 +123,15 @@ public boolean isValidRequest(String payload, String verb, String path, QueryStr
 	    			if(validationReport.getMessages().toString().contains("No API path found that matches request")) {
 	    				// Only cache the path, if a direct hit fails 
 	    				cachePath = true;
-	    				// Remove the first path (e.g. /petstore) from the path repeat the process
-	    				path = path.substring(path.indexOf("/", 1), path.length());
+	    				/*
+	    				 * If no match was found in the API-Spec for the given path, then we remove the first part of the 
+	    				 * path because the API might be exposed with a different path by the API-Manager than defined in the spec.
+	    				 * For example: /great-petstore/pet/31233 will not find anything in the first attempt, because the 
+	    				 * API does not exist with /great-petstore in the API-Spec. This process is repeated at most 5 times.
+	    				 */
+	    				if(path.indexOf("/", 1)!=-1) {
+	    					path = path.substring(path.indexOf("/", 1), path.length());
+	    				}
 	    			} else {
 	    				break;
 	    			}
@@ -257,6 +264,8 @@ protected boolean removeEldestEntry(Entry<K, V> eldest) {
 		}
 
 		public void setMaxSize(int maxSize) {
+			// Reset the cache if the maxSize is set
+			clear();
 			this.maxSize = maxSize;
 		}
 	}

src/test/java/com/axway/apim/openapi/validator/TestOpenAPIValidator.java

@@ -109,7 +109,12 @@ public void validRequestWithFullPathAndPathParameter() throws IOException
     	path = "/api/petstore/v3/store/order/434312";
     	Assert.assertTrue(validator.isValidRequest(null, verb, path, null, headers), "Request should be valid!");
 
-    	Assert.assertEquals(validator.getExposurePath2SpecifiedPathMap().size(), 2, "Cached paths should be two as the size is limited");
+    	path = "/api/petstore/v3/store/order/978978";
+    	Assert.assertTrue(validator.isValidRequest(null, verb, path, null, headers), "Request should be valid!");
+    	
+    	// Check the cache
+    	Assert.assertEquals(validator.getExposurePath2SpecifiedPathMap().size(), 2, "Cached paths should be two as the size is limited. "
+    			+ "Cached paths: " + validator.getExposurePath2SpecifiedPathMap().toString());
     }
 
     @Test
@@ -118,7 +123,7 @@ public void invalidRequestWithFullPathAndPathParameter() throws IOException
     	String swagger = Files.readFile(this.getClass().getClassLoader().getResourceAsStream(TEST_PACKAGE + "PetstoreSwagger2.0.json"));
     	OpenAPIValidator validator = OpenAPIValidator.getInstance(swagger);
 
-    	String path = "/api/petstore/v3/store/order/invalidPatameter";
+    	String path = "/api/petstore/v3/store/order/invalidParameter";
     	String verb = "DELETE";
     	HeaderSet headers = new HeaderSet();
     	headers.addHeader("Content-Type", "application/json");
@@ -142,6 +147,20 @@ public void invalidRequestNoMatchToSpec() throws IOException
     	Assert.assertFalse(validator.isValidRequest(null, verb, path, null, headers));
     }
 
+    @Test
+    public void invalidNoMatch2SpecAtAll() throws IOException
+    {
+    	String swagger = Files.readFile(this.getClass().getClassLoader().getResourceAsStream(TEST_PACKAGE + "PetstoreSwagger2.0.json"));
+    	OpenAPIValidator validator = OpenAPIValidator.getInstance(swagger);
+    	
+    	String path = "/no/match";
+    	String verb = "GET";
+    	HeaderSet headers = new HeaderSet();
+    	headers.addHeader("Content-Type", "application/json");
+    	
+    	Assert.assertFalse(validator.isValidRequest(null, verb, path, null, headers));
+    }
+    
     @Test
     public void validRequestExternalURLSwagger20() throws IOException
     {
@@ -213,5 +232,4 @@ public void validResponsewithoutBody() throws IOException
 
     	Assert.assertFalse(validator.isValidResponse(null, verb, path, status, headers), "Request should be not valid!");
     }
-    
 }