fix: a bug where path parameter validation would fail if they contained forbidden JSON pointer characters

Signed-off-by: Vincent Biret <vibiret@microsoft.com>

Author: baywet

src/Microsoft.OpenApi/Services/OpenApiVisitorBase.cs

@@ -33,10 +33,19 @@ public virtual void Enter(string segment)
                 this._path.Push(string.Empty);
                 return;
             }
+            this._path.Push(EncodeJsonPointerSegment(segment));
+        }
+
+        internal static string EncodeJsonPointerSegment(string? segment)
+        {
+            if (string.IsNullOrEmpty(segment))
+            {
+                return string.Empty;
+            }
 #if NETSTANDARD2_1_OR_GREATER || NETCOREAPP1_0_OR_GREATER
-            this._path.Push(segment.Replace("~", "~0", StringComparison.Ordinal).Replace("/", "~1", StringComparison.OrdinalIgnoreCase));
+            return segment.Replace("~", "~0", StringComparison.Ordinal).Replace("/", "~1", StringComparison.OrdinalIgnoreCase);
 #else
-            this._path.Push(segment.Replace("~", "~0").Replace("/", "~1"));
+            return segment!.Replace("~", "~0").Replace("/", "~1");
 #endif
         }
 

src/Microsoft.OpenApi/Validations/Rules/OpenApiParameterRules.cs

@@ -61,7 +61,7 @@ public static class OpenApiParameterRules
                 (context, parameter) =>
                 {
                     if (parameter.In == ParameterLocation.Path &&
-                           !(context.PathString.Contains("{" + parameter.Name + "}") || context.PathString.Contains("#/components")))
+                           !(context.PathString.Contains("{" + OpenApiVisitorBase.EncodeJsonPointerSegment(parameter.Name) + "}") || context.PathString.Contains("#/components")))
                     {
                         context.Enter("in");
                         context.CreateError(

test/Microsoft.OpenApi.Tests/Validations/OpenApiParameterValidationTests.cs

@@ -203,7 +203,42 @@ public void PathParameterInThePathShouldBeOk()
             validator.Enter("1");
 
             var walker = new OpenApiWalker(validator);
-            walker.Walk(parameter);
+            walker.Walk((IOpenApiParameter)parameter);
+
+            errors = validator.Errors;
+            var result = errors.Any();
+
+            // Assert
+            Assert.False(result);
+        }
+
+        [Fact]
+        public void PathParameterInThePathShouldBeOkWithSlashInParameterName()
+        {
+            // Arrange
+            IEnumerable<OpenApiError> errors;
+
+            var parameter = new OpenApiParameter
+            {
+                Name = "parameter/1",
+                In = ParameterLocation.Path,
+                Required = true,
+                Schema = new OpenApiSchema()
+                {
+                    Type = JsonSchemaType.String,
+                }
+            };
+
+            // Act
+            var validator = new OpenApiValidator(ValidationRuleSet.GetDefaultRuleSet());
+            validator.Enter("paths");
+            validator.Enter("/{parameter/1}");
+            validator.Enter("get");
+            validator.Enter("parameters");
+            validator.Enter("1");
+
+            var walker = new OpenApiWalker(validator);
+            walker.Walk((IOpenApiParameter)parameter);
 
             errors = validator.Errors;
             var result = errors.Any();