From 7c7c25e8d6f98ad747b4c88de2c7fd8d39d04331 Mon Sep 17 00:00:00 2001
From: Maggiekimani1 <maggiekim42@gmail.com>
Date: Thu, 5 Sep 2024 12:49:03 +0300
Subject: [PATCH] Revert security array initialization to avoid a breaking
 change

---
 .../Models/OpenApiDocument.cs                 |  2 +-
 .../Models/OpenApiOperation.cs                |  2 +-
 .../V3Tests/OpenApiDocumentTests.cs           | 60 -------------------
 3 files changed, 2 insertions(+), 62 deletions(-)

diff --git a/src/Microsoft.OpenApi/Models/OpenApiDocument.cs b/src/Microsoft.OpenApi/Models/OpenApiDocument.cs
index 745bb3cdb..1a7035793 100644
--- a/src/Microsoft.OpenApi/Models/OpenApiDocument.cs
+++ b/src/Microsoft.OpenApi/Models/OpenApiDocument.cs
@@ -48,7 +48,7 @@ public class OpenApiDocument : IOpenApiSerializable, IOpenApiExtensible, IOpenAp
         /// <summary>
         /// A declaration of which security mechanisms can be used across the API.
         /// </summary>
-        public IList<OpenApiSecurityRequirement> SecurityRequirements { get; set; }
+        public IList<OpenApiSecurityRequirement> SecurityRequirements { get; set; } = new List<OpenApiSecurityRequirement>();
 
         /// <summary>
         /// A list of tags used by the specification with additional metadata.
diff --git a/src/Microsoft.OpenApi/Models/OpenApiOperation.cs b/src/Microsoft.OpenApi/Models/OpenApiOperation.cs
index e4bf5cc39..69054740e 100644
--- a/src/Microsoft.OpenApi/Models/OpenApiOperation.cs
+++ b/src/Microsoft.OpenApi/Models/OpenApiOperation.cs
@@ -91,7 +91,7 @@ public class OpenApiOperation : IOpenApiSerializable, IOpenApiExtensible, IOpenA
         /// This definition overrides any declared top-level security.
         /// To remove a top-level security declaration, an empty array can be used.
         /// </summary>
-        public IList<OpenApiSecurityRequirement> Security { get; set; }
+        public IList<OpenApiSecurityRequirement> Security { get; set; } = new List<OpenApiSecurityRequirement>();
 
         /// <summary>
         /// An alternative server array to service this operation.
diff --git a/test/Microsoft.OpenApi.Readers.Tests/V3Tests/OpenApiDocumentTests.cs b/test/Microsoft.OpenApi.Readers.Tests/V3Tests/OpenApiDocumentTests.cs
index a0bfa7c80..7ce9c0964 100644
--- a/test/Microsoft.OpenApi.Readers.Tests/V3Tests/OpenApiDocumentTests.cs
+++ b/test/Microsoft.OpenApi.Readers.Tests/V3Tests/OpenApiDocumentTests.cs
@@ -1433,65 +1433,5 @@ public void ParseBasicDocumentWithServerVariableAndNoDefaultShouldFail()
 
             diagnostic.Errors.Should().NotBeEmpty();
         }
-
-        [Fact]
-        public void ParseDocumentWithMissingSecuritySchemeDefaultsToNull()
-        {
-            // Arrange
-            var input = @"openapi: 3.0.0
-info:
-  title: test
-  version: ""1.0""
-paths:
-  /test:
-    get:
-      description: description for test path
-      responses:
-        '200':
-          description: test
-components:
-  securitySchemes:
-    apiKey0:
-      type: apiKey,
-      name: x-api-key,
-      in: header";
-
-            // Act && Assert
-            var doc = new OpenApiStringReader().Read(input, out var diagnostic);
-
-            doc.Paths["/test"].Operations[OperationType.Get].Security.Should().BeNull();
-            doc.SecurityRequirements.Should().BeNull();
-        }
-
-        [Fact]
-        public void ParseDocumentWithEmptySecuritySchemeDefaultsToEmptyList()
-        {
-            // Arrange
-            var input = @"openapi: 3.0.0
-info:
-  title: test
-  version: ""1.0""
-paths:
-  /test:
-    get:
-      description: description for test path
-      responses:
-        '200':
-          description: test
-      security: []
-security: 
-- apiKey0: []
-components:
-  securitySchemes:
-    apiKey0:
-      type: apiKey,
-      name: x-api-key,
-      in: header";
-
-            // Act && Assert
-            var doc = new OpenApiStringReader().Read(input, out var diagnostic);
-
-            doc.Paths["/test"].Operations[OperationType.Get].Security.Should().BeEmpty();
-        }
     }
 }