We are using swagger-parser 2.1.6 to parse OAS 3.0 schema files and need to support reference resolution. However, due to security and performance considerations, we must prevent the parser to resolve external references (e.g. in different files or over the network).
This should be resolved:
$ref: '#/components/schemas/Pet'
This must not be resolved:
$ref: definitions.yaml#/Pet
$ref: 'http://example.org/petapi-examples/openapi.json#/components/examples/name-example'
I know that the OpenAPIParser accepts ParseOptions to control this behaviour. Unfortunately, at least with a version 3.0 schema and parser, this seems to be "all or nothing", i.e. it resolves everything when enabled.
Is there a way to achieve our desired behaviour? My current approch is to have a preprocessing step. This involves parsing the schema with the resolution disabled, going through all $ref and nulling them if they are external, and then parsing the schema again with the resolution enabled. However, this feels quite error-prone.