fix(parameters): avoid panic on double-slash request paths

Fixes #274

Author: SAY-5

parameters/path_parameters.go

@@ -60,6 +60,12 @@ func (v *paramValidator) ValidatePathParamsWithPathItem(request *http.Request, p
 					continue
 				}
 
+				// guard against length mismatch (e.g. request path containing
+				// a double slash producing extra empty segments).
+				if x >= len(submittedSegments) {
+					continue
+				}
+
 				var rgx *regexp.Regexp
 
 				if v.options.RegexCache != nil {
@@ -83,6 +89,9 @@ func (v *paramValidator) ValidatePathParamsWithPathItem(request *http.Request, p
 				}
 
 				matches := rgx.FindStringSubmatch(submittedSegments[x])
+				if matches == nil {
+					continue
+				}
 				matches = matches[1:]
 
 				// Check if it is well-formed.

parameters/path_parameters_test.go

@@ -2348,3 +2348,35 @@ paths:
 	assert.EqualValues(t, 1, cache.storeCount, "No new stores on cache hit")
 	assert.EqualValues(t, 1, cache.hitCount, "Second OData lookup should hit cache")
 }
+
+func TestValidatePathParamsWithPathItem_DoubleSlashDoesNotPanic(t *testing.T) {
+	// Regression test for #274: ValidatePathParamsWithPathItem panics for
+	// request paths containing a leading double slash (e.g. //test/path/x),
+	// because path segments and submitted segments differ in length.
+	spec := `openapi: 3.1.0
+paths:
+  /test/path/{param}:
+    get:
+      operationId: testParam
+      parameters:
+        - in: path
+          name: param
+          required: true
+          schema:
+            type: string
+      responses:
+        "200":
+          description: ok`
+
+	doc, _ := libopenapi.NewDocument([]byte(spec))
+	m, _ := doc.BuildV3Model()
+	v := NewParameterValidator(&m.Model)
+
+	req, _ := http.NewRequest(http.MethodGet, "https://example.com//test/path/fubar", nil)
+	pathItem := m.Model.Paths.PathItems.GetOrZero("/test/path/{param}")
+	require.NotNil(t, pathItem)
+
+	assert.NotPanics(t, func() {
+		_, _ = v.ValidatePathParamsWithPathItem(req, pathItem, "/test/path/{param}")
+	})
+}