urlValuesDecoder.DecodeObject: the key must match the param name before decoding a deepObject

Author: Mateus Franchini de Freitas

openapi3filter/req_resp_decoder.go

@@ -650,6 +650,10 @@ func (d *urlValuesDecoder) DecodeObject(param string, sm *openapi3.Serialization
 		propsFn = func(params url.Values) (map[string]string, error) {
 			props := make(map[string]string)
 			for key, values := range params {
+				if !regexp.MustCompile(fmt.Sprintf(`^%s\[`, regexp.QuoteMeta(param))).MatchString(key) {
+					continue
+				}
+
 				matches := regexp.MustCompile(`\[(.*?)\]`).FindAllStringSubmatch(key, -1)
 				switch l := len(matches); {
 				case l == 0:

openapi3filter/req_resp_decoder_test.go

@@ -998,6 +998,17 @@ func TestDecodeParameter(t *testing.T) {
 					query: "anotherparam=bar",
 					want:  map[string]interface{}(nil),
 				},
+				{
+					name: "deepObject explode nested object - extraneous deep object param ignored",
+					param: &openapi3.Parameter{
+						Name: "param", In: "query", Style: "deepObject", Explode: explode,
+						Schema: objectOf(
+							"obj", objectOf("nestedObjOne", stringSchema, "nestedObjTwo", stringSchema),
+						),
+					},
+					query: "anotherparam[obj][nestedObjOne]=one&anotherparam[obj][nestedObjTwo]=two",
+					want:  map[string]interface{}(nil),
+				},
 				{
 					name: "deepObject explode nested object - bad array item type",
 					param: &openapi3.Parameter{