diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractCSharpCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractCSharpCodegen.java index 62995980dbf..0ea7b5b4855 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractCSharpCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractCSharpCodegen.java @@ -665,7 +665,7 @@ public String escapeQuotationMark(String input) { @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractJavaCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractJavaCodegen.java index 00d63b28508..c245125f80a 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractJavaCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractJavaCodegen.java @@ -842,7 +842,7 @@ public String escapeQuotationMark(String input) { @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractTypeScriptClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractTypeScriptClientCodegen.java index cc41f3ea297..2435516f0f6 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractTypeScriptClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractTypeScriptClientCodegen.java @@ -311,4 +311,15 @@ public void setSupportsES6(Boolean value) { public Boolean getSupportsES6() { return supportsES6; } + + @Override + public String escapeQuotationMark(String input) { + // remove ', " to avoid code injection + return input.replace("\"", "").replace("'", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AkkaScalaClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AkkaScalaClientCodegen.java index 43faca235d0..4b7c321e802 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AkkaScalaClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AkkaScalaClientCodegen.java @@ -414,4 +414,14 @@ public String formatFragment(String fragment) { } } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AndroidClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AndroidClientCodegen.java index d11cc6ce0a3..788223bec9b 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AndroidClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AndroidClientCodegen.java @@ -504,4 +504,15 @@ public void setSourceFolder(String sourceFolder) { this.sourceFolder = sourceFolder; } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ClojureClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ClojureClientCodegen.java index 73ef83bc9cc..157488f15c9 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ClojureClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ClojureClientCodegen.java @@ -212,4 +212,16 @@ public Map postProcessOperations(Map operations) protected String namespaceToFolder(String ns) { return ns.replace(".", File.separator).replace("-", "_"); } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + // ref: https://clojurebridge.github.io/community-docs/docs/clojure/comment/ + return input.replace("(comment", "(_comment"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CppRestClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CppRestClientCodegen.java index f8299fc60cd..c6715b22fb2 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CppRestClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CppRestClientCodegen.java @@ -377,4 +377,16 @@ public String toVarName(String name) { public String toApiName(String type) { return Character.toUpperCase(type.charAt(0)) + type.substring(1) + "Api"; } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CsharpDotNet2ClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CsharpDotNet2ClientCodegen.java index 05654eebe5c..d13c6c851da 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CsharpDotNet2ClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CsharpDotNet2ClientCodegen.java @@ -274,4 +274,15 @@ public String toOperationId(String operationId) { return camelize(operationId); } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/DartClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/DartClientCodegen.java index 70b98676ab3..6bb54cb9d50 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/DartClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/DartClientCodegen.java @@ -289,4 +289,16 @@ public void setPubDescription(String pubDescription) { public void setSourceFolder(String sourceFolder) { this.sourceFolder = sourceFolder; } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/FlashClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/FlashClientCodegen.java index a9eb1a97de7..2d00c8cf7a2 100755 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/FlashClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/FlashClientCodegen.java @@ -373,4 +373,15 @@ public void setInvokerPackage(String invokerPackage) { public void setSourceFolder(String sourceFolder) { this.sourceFolder = sourceFolder; } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/FlaskConnexionCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/FlaskConnexionCodegen.java index b2c1492631b..153d85f1596 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/FlaskConnexionCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/FlaskConnexionCodegen.java @@ -336,4 +336,16 @@ public String toOperationId(String operationId) { // addPet => add_pet return underscore(operationId); } + + @Override + public String escapeQuotationMark(String input) { + // remove ' to avoid code injection + return input.replace("'", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + // remove multiline comment + return input.replace("'''", "'_'_'"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoClientCodegen.java index efcde6d8c41..09672f6b6f6 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoClientCodegen.java @@ -452,4 +452,15 @@ public void setPackageName(String packageName) { public void setPackageVersion(String packageVersion) { this.packageVersion = packageVersion; } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoServerCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoServerCodegen.java index 43c48cc64f7..b8ce2247652 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoServerCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoServerCodegen.java @@ -263,4 +263,16 @@ public String toApiFilename(String name) { // e.g. PetApi.go => pet_api.go return underscore(name); } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GroovyClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GroovyClientCodegen.java index 3f9bfbfc6b3..84874b4060f 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GroovyClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GroovyClientCodegen.java @@ -83,4 +83,14 @@ public void setConfigPackage(String configPackage) { this.configPackage = configPackage; } + @Override + public String escapeQuotationMark(String input) { + // remove ' to avoid code injection + return input.replace("'", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/HaskellServantCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/HaskellServantCodegen.java index 08147f60f36..59d9658ab75 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/HaskellServantCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/HaskellServantCodegen.java @@ -491,4 +491,16 @@ public CodegenParameter fromParameter(Parameter param, Set imports) { p.dataType = fixModelChars(p.dataType); return p; } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("{-", "{_-").replace("-}", "-_}"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JMeterCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JMeterCodegen.java index 2d08c9741e9..394e7122a04 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JMeterCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JMeterCodegen.java @@ -183,4 +183,16 @@ public String getSwaggerType(Property p) { type = swaggerType; return toModelName(type); } + + @Override + public String escapeQuotationMark(String input) { + // remove ' to avoid code injection + return input.replace("'", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClientCodegen.java index 5af43e546d6..c20a70d4028 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClientCodegen.java @@ -1041,7 +1041,7 @@ public String escapeQuotationMark(String input) { @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClosureAngularClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClosureAngularClientCodegen.java index f980df9f4a8..0371eee5e75 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClosureAngularClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClosureAngularClientCodegen.java @@ -254,7 +254,7 @@ public String escapeQuotationMark(String input) { @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/LumenServerCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/LumenServerCodegen.java index 8ce97eb9dd8..700bdfd3a50 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/LumenServerCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/LumenServerCodegen.java @@ -235,7 +235,7 @@ public String escapeQuotationMark(String input) { @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ObjcClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ObjcClientCodegen.java index 4344d90c7ae..e028083a74b 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ObjcClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ObjcClientCodegen.java @@ -723,5 +723,15 @@ public void setParameterExampleValue(CodegenParameter p) { p.example = example; } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PerlClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PerlClientCodegen.java index 4c4b9c8c314..15ec94188e1 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PerlClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PerlClientCodegen.java @@ -413,6 +413,6 @@ public String escapeQuotationMark(String input) { @Override public String escapeUnsafeCharacters(String input) { // remove =end, =cut to avoid code injection - return input.replace("=end", "").replace("=cut", ""); + return input.replace("=begin", "=_begin").replace("=end", "=_end").replace("=cut", "=_cut").replace("=pod", "=_pod"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PhpClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PhpClientCodegen.java index be89b8d265a..feaf63d4e39 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PhpClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PhpClientCodegen.java @@ -658,6 +658,8 @@ public Map postProcessOperations(Map objs) { Map operations = (Map) objs.get("operations"); List operationList = (List) operations.get("operation"); for (CodegenOperation op : operationList) { + // for API test method name + // e.g. public function test{{vendorExtensions.x-testOperationId}}() op.vendorExtensions.put("x-testOperationId", camelize(op.operationId)); } return objs; @@ -671,7 +673,7 @@ public String escapeQuotationMark(String input) { @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PythonClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PythonClientCodegen.java index 80d61745ac5..f42e662d0fa 100755 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PythonClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PythonClientCodegen.java @@ -599,7 +599,7 @@ public String escapeQuotationMark(String input) { @Override public String escapeUnsafeCharacters(String input) { // remove multiline comment - return input.replace("'''", ""); + return input.replace("'''", "'_'_'"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Qt5CPPGenerator.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Qt5CPPGenerator.java index 2b8e3523287..46999eccbe1 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Qt5CPPGenerator.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Qt5CPPGenerator.java @@ -333,4 +333,15 @@ public String toModelName(String type) { public String toApiName(String type) { return PREFIX + Character.toUpperCase(type.charAt(0)) + type.substring(1) + "Api"; } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Rails5ServerCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Rails5ServerCodegen.java index 4bb4c8e883c..e03622b5919 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Rails5ServerCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Rails5ServerCodegen.java @@ -317,4 +317,14 @@ public Map postProcessSupportingFileData(Map obj return super.postProcessSupportingFileData(objs); } + @Override + public String escapeQuotationMark(String input) { + // remove ' to avoid code injection + return input.replace("'", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("=end", "=_end").replace("=begin", "=_begin"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/RubyClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/RubyClientCodegen.java index 07d774566f7..e58199e1b70 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/RubyClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/RubyClientCodegen.java @@ -721,6 +721,6 @@ public String escapeQuotationMark(String input) { @Override public String escapeUnsafeCharacters(String input) { - return input.replace("=end", ""); + return input.replace("=end", "=_end").replace("=begin", "=_begin"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalaClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalaClientCodegen.java index b740ba552a1..157d650a42f 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalaClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalaClientCodegen.java @@ -336,4 +336,15 @@ public String toModelFilename(String name) { return toModelName(name); } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalatraServerCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalatraServerCodegen.java index 46a3af76324..b148a4da08f 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalatraServerCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalatraServerCodegen.java @@ -196,4 +196,16 @@ public String getSwaggerType(Property p) { } return toModelName(type); } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SilexServerCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SilexServerCodegen.java index 5a1a7044fab..a840b77e05a 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SilexServerCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SilexServerCodegen.java @@ -208,7 +208,6 @@ public String escapeQuotationMark(String input) { @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } - } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SinatraServerCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SinatraServerCodegen.java index fb3ceab7d78..345607e3b4a 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SinatraServerCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SinatraServerCodegen.java @@ -243,4 +243,14 @@ public Map postProcessSupportingFileData(Map obj return super.postProcessSupportingFileData(objs); } + @Override + public String escapeQuotationMark(String input) { + // remove ' to avoid code injection + return input.replace("'", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("=end", "=_end").replace("=begin", "=_begin"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SwiftCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SwiftCodegen.java index 3e393a7fe04..f23cf72d502 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SwiftCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SwiftCodegen.java @@ -550,4 +550,15 @@ public Map postProcessModels(Map objs) { return postProcessModelsEnum(objs); } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/TizenClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/TizenClientCodegen.java index ec58781ab2b..3327972665d 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/TizenClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/TizenClientCodegen.java @@ -281,4 +281,14 @@ public String toOperationId(String operationId) { return camelize(operationId, true); } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/README.md b/samples/client/petstore-security-test/php/SwaggerClient-php/README.md index 069a30dae03..e147df3172e 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/README.md +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/README.md @@ -1,10 +1,10 @@ # SwaggerClient-php -This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end +This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end This PHP package is automatically generated by the [Swagger Codegen](https://github.com/swagger-api/swagger-codegen) project: -- API version: 1.0.0 ' \" =end -- Build date: 2016-06-30T07:09:53.488+02:00 +- API version: 1.0.0 *_/ ' \" =end +- Build date: 2016-07-02T16:22:07.280+08:00 - Build package: class io.swagger.codegen.languages.PhpClientCodegen ## Requirements @@ -58,7 +58,7 @@ Please follow the [installation procedure](#installation--usage) and then run th require_once(__DIR__ . '/vendor/autoload.php'); $api_instance = new Swagger\Client\Api\FakeApi(); -$test_code_inject____end = "test_code_inject____end_example"; // string | To test code injection ' \" =end +$test_code_inject____end = "test_code_inject____end_example"; // string | To test code injection *_/ ' \" =end try { $api_instance->testCodeInjectEnd($test_code_inject____end); @@ -71,11 +71,11 @@ try { ## Documentation for API Endpoints -All URIs are relative to *https://petstore.swagger.io ' \" =end/v2 ' \" =end* +All URIs are relative to *https://petstore.swagger.io *_/ ' \" =end/v2 *_/ ' \" =end* Class | Method | HTTP request | Description ------------ | ------------- | ------------- | ------------- -*FakeApi* | [**testCodeInjectEnd**](docs/Api/FakeApi.md#testcodeinjectend) | **PUT** /fake | To test code injection ' \" =end +*FakeApi* | [**testCodeInjectEnd**](docs/Api/FakeApi.md#testcodeinjectend) | **PUT** /fake | To test code injection *_/ ' \" =end ## Documentation For Models @@ -86,6 +86,12 @@ Class | Method | HTTP request | Description ## Documentation For Authorization +## api_key + +- **Type**: API key +- **API key parameter name**: api_key */ ' " =end +- **Location**: HTTP header + ## petstore_auth - **Type**: OAuth @@ -95,15 +101,9 @@ Class | Method | HTTP request | Description - **write:pets**: modify pets in your account */ ' " =end - **read:pets**: read your pets */ ' " =end -## api_key - -- **Type**: API key -- **API key parameter name**: api_key */ ' " =end -- **Location**: HTTP header - ## Author -apiteam@swagger.io ' \" =end +apiteam@swagger.io *_/ ' \" =end diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/autoload.php b/samples/client/petstore-security-test/php/SwaggerClient-php/autoload.php index b8dc24a83b9..cc9a6698cdf 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/autoload.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/autoload.php @@ -1,12 +1,12 @@ testCodeInjectEnd($test_code_inject____end) -To test code injection ' \" =end +To test code injection *_/ ' \" =end ### Example ```php @@ -18,7 +18,7 @@ To test code injection ' \" =end require_once(__DIR__ . '/vendor/autoload.php'); $api_instance = new Swagger\Client\Api\FakeApi(); -$test_code_inject____end = "test_code_inject____end_example"; // string | To test code injection ' \" =end +$test_code_inject____end = "test_code_inject____end_example"; // string | To test code injection *_/ ' \" =end try { $api_instance->testCodeInjectEnd($test_code_inject____end); @@ -32,7 +32,7 @@ try { Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - **test_code_inject____end** | **string**| To test code injection ' \" =end | [optional] + **test_code_inject____end** | **string**| To test code injection *_/ ' \" =end | [optional] ### Return type diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/docs/Model/ModelReturn.md b/samples/client/petstore-security-test/php/SwaggerClient-php/docs/Model/ModelReturn.md index 138a1882556..97772852c12 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/docs/Model/ModelReturn.md +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/docs/Model/ModelReturn.md @@ -3,7 +3,7 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**return** | **int** | property description ' \" =end | [optional] +**return** | **int** | property description *_/ ' \" =end | [optional] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Api/FakeApi.php b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Api/FakeApi.php index a74ebc4af68..8c9ea6c5c29 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Api/FakeApi.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Api/FakeApi.php @@ -11,12 +11,12 @@ */ /** - * Swagger Petstore ' \" =end + * Swagger Petstore *_/ ' \" =end * - * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end + * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end * - * OpenAPI spec version: 1.0.0 ' \" =end - * Contact: apiteam@swagger.io ' \" =end + * OpenAPI spec version: 1.0.0 *_/ ' \" =end + * Contact: apiteam@swagger.io *_/ ' \" =end * Generated by: https://github.com/swagger-api/swagger-codegen.git * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -73,7 +73,7 @@ public function __construct(\Swagger\Client\ApiClient $apiClient = null) { if ($apiClient == null) { $apiClient = new ApiClient(); - $apiClient->getConfig()->setHost('https://petstore.swagger.io ' \" =end/v2 ' \" =end'); + $apiClient->getConfig()->setHost('https://petstore.swagger.io *_/ ' \" =end/v2 *_/ ' \" =end'); } $this->apiClient = $apiClient; @@ -105,9 +105,9 @@ public function setApiClient(\Swagger\Client\ApiClient $apiClient) /** * Operation testCodeInjectEnd * - * To test code injection ' \" =end + * To test code injection *_/ ' \" =end * - * @param string $test_code_inject____end To test code injection ' \" =end (optional) + * @param string $test_code_inject____end To test code injection *_/ ' \" =end (optional) * @return void * @throws \Swagger\Client\ApiException on non-2xx response */ @@ -120,9 +120,9 @@ public function testCodeInjectEnd($test_code_inject____end = null) /** * Operation testCodeInjectEndWithHttpInfo * - * To test code injection ' \" =end + * To test code injection *_/ ' \" =end * - * @param string $test_code_inject____end To test code injection ' \" =end (optional) + * @param string $test_code_inject____end To test code injection *_/ ' \" =end (optional) * @return Array of null, HTTP status code, HTTP response headers (array of strings) * @throws \Swagger\Client\ApiException on non-2xx response */ diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiClient.php b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiClient.php index c29bfb86bb2..53c2b153bee 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiClient.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiClient.php @@ -12,12 +12,12 @@ */ /** - * Swagger Petstore ' \" =end + * Swagger Petstore *_/ ' \" =end * - * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end + * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end * - * OpenAPI spec version: 1.0.0 ' \" =end - * Contact: apiteam@swagger.io ' \" =end + * OpenAPI spec version: 1.0.0 *_/ ' \" =end + * Contact: apiteam@swagger.io *_/ ' \" =end * Generated by: https://github.com/swagger-api/swagger-codegen.git * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiException.php b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiException.php index ae465a3964e..9bb23ee3341 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiException.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiException.php @@ -11,12 +11,12 @@ */ /** - * Swagger Petstore ' \" =end + * Swagger Petstore *_/ ' \" =end * - * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end + * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end * - * OpenAPI spec version: 1.0.0 ' \" =end - * Contact: apiteam@swagger.io ' \" =end + * OpenAPI spec version: 1.0.0 *_/ ' \" =end + * Contact: apiteam@swagger.io *_/ ' \" =end * Generated by: https://github.com/swagger-api/swagger-codegen.git * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Configuration.php b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Configuration.php index 3308e3c5824..a5838d9c81c 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Configuration.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Configuration.php @@ -11,12 +11,12 @@ */ /** - * Swagger Petstore ' \" =end + * Swagger Petstore *_/ ' \" =end * - * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end + * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end * - * OpenAPI spec version: 1.0.0 ' \" =end - * Contact: apiteam@swagger.io ' \" =end + * OpenAPI spec version: 1.0.0 *_/ ' \" =end + * Contact: apiteam@swagger.io *_/ ' \" =end * Generated by: https://github.com/swagger-api/swagger-codegen.git * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -102,7 +102,7 @@ class Configuration * * @var string */ - protected $host = 'https://petstore.swagger.io ' \" =end/v2 ' \" =end'; + protected $host = 'https://petstore.swagger.io *_/ ' \" =end/v2 *_/ ' \" =end'; /** * Timeout (second) of the HTTP request, by default set to 0, no timeout @@ -522,7 +522,7 @@ public static function toDebugReport() $report = 'PHP SDK (Swagger\Client) Debug Report:' . PHP_EOL; $report .= ' OS: ' . php_uname() . PHP_EOL; $report .= ' PHP Version: ' . phpversion() . PHP_EOL; - $report .= ' OpenAPI Spec Version: 1.0.0 ' \" =end' . PHP_EOL; + $report .= ' OpenAPI Spec Version: 1.0.0 *_/ ' \" =end' . PHP_EOL; $report .= ' Temp Folder Path: ' . self::getDefaultConfiguration()->getTempFolderPath() . PHP_EOL; return $report; diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Model/ModelReturn.php b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Model/ModelReturn.php index e633896f436..eeaf6ff9279 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Model/ModelReturn.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Model/ModelReturn.php @@ -12,12 +12,12 @@ */ /** - * Swagger Petstore ' \" =end + * Swagger Petstore *_/ ' \" =end * - * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end + * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end * - * OpenAPI spec version: 1.0.0 ' \" =end - * Contact: apiteam@swagger.io ' \" =end + * OpenAPI spec version: 1.0.0 *_/ ' \" =end + * Contact: apiteam@swagger.io *_/ ' \" =end * Generated by: https://github.com/swagger-api/swagger-codegen.git * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -47,7 +47,7 @@ * ModelReturn Class Doc Comment * * @category Class */ - // @description Model for testing reserved words ' \" =end + // @description Model for testing reserved words *_/ ' \" =end /** * @package Swagger\Client * @author http://github.com/swagger-api/swagger-codegen @@ -167,7 +167,7 @@ public function getReturn() /** * Sets return - * @param int $return property description ' \" =end + * @param int $return property description *_/ ' \" =end * @return $this */ public function setReturn($return) diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ObjectSerializer.php b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ObjectSerializer.php index ca518c99c8b..7ee21f8bd6a 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ObjectSerializer.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ObjectSerializer.php @@ -12,12 +12,12 @@ */ /** - * Swagger Petstore ' \" =end + * Swagger Petstore *_/ ' \" =end * - * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end + * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end * - * OpenAPI spec version: 1.0.0 ' \" =end - * Contact: apiteam@swagger.io ' \" =end + * OpenAPI spec version: 1.0.0 *_/ ' \" =end + * Contact: apiteam@swagger.io *_/ ' \" =end * Generated by: https://github.com/swagger-api/swagger-codegen.git * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -264,7 +264,7 @@ public static function deserialize($data, $class, $httpHeaders = null, $discrimi } else { return null; } - } elseif (in_array($class, array('void', 'bool', 'string', 'double', 'byte', 'mixed', 'integer', 'float', 'int', 'DateTime', 'number', 'boolean', 'object'))) { + } elseif (in_array($class, array('integer', 'int', 'void', 'number', 'object', 'double', 'float', 'byte', 'DateTime', 'string', 'mixed', 'boolean', 'bool'))) { settype($data, $class); return $data; } elseif ($class === '\SplFileObject') {