diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractCSharpCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractCSharpCodegen.java index 62995980db..0ea7b5b485 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractCSharpCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractCSharpCodegen.java @@ -665,7 +665,7 @@ public abstract class AbstractCSharpCodegen extends DefaultCodegen implements Co @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractJavaCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractJavaCodegen.java index 00d63b2850..c245125f80 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractJavaCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractJavaCodegen.java @@ -842,7 +842,7 @@ public abstract class AbstractJavaCodegen extends DefaultCodegen implements Code @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractTypeScriptClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractTypeScriptClientCodegen.java index cc41f3ea29..2435516f0f 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractTypeScriptClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractTypeScriptClientCodegen.java @@ -311,4 +311,15 @@ public abstract class AbstractTypeScriptClientCodegen extends DefaultCodegen imp public Boolean getSupportsES6() { return supportsES6; } + + @Override + public String escapeQuotationMark(String input) { + // remove ', " to avoid code injection + return input.replace("\"", "").replace("'", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AkkaScalaClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AkkaScalaClientCodegen.java index 43faca235d..4b7c321e80 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AkkaScalaClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AkkaScalaClientCodegen.java @@ -414,4 +414,14 @@ public class AkkaScalaClientCodegen extends DefaultCodegen implements CodegenCon } } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AndroidClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AndroidClientCodegen.java index d11cc6ce0a..788223bec9 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AndroidClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AndroidClientCodegen.java @@ -504,4 +504,15 @@ public class AndroidClientCodegen extends DefaultCodegen implements CodegenConfi this.sourceFolder = sourceFolder; } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ClojureClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ClojureClientCodegen.java index 73ef83bc9c..157488f15c 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ClojureClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ClojureClientCodegen.java @@ -212,4 +212,16 @@ public class ClojureClientCodegen extends DefaultCodegen implements CodegenConfi protected String namespaceToFolder(String ns) { return ns.replace(".", File.separator).replace("-", "_"); } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + // ref: https://clojurebridge.github.io/community-docs/docs/clojure/comment/ + return input.replace("(comment", "(_comment"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CppRestClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CppRestClientCodegen.java index f8299fc60c..c6715b22fb 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CppRestClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CppRestClientCodegen.java @@ -377,4 +377,16 @@ public class CppRestClientCodegen extends DefaultCodegen implements CodegenConfi public String toApiName(String type) { return Character.toUpperCase(type.charAt(0)) + type.substring(1) + "Api"; } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CsharpDotNet2ClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CsharpDotNet2ClientCodegen.java index 05654eebe5..d13c6c851d 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CsharpDotNet2ClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/CsharpDotNet2ClientCodegen.java @@ -274,4 +274,15 @@ public class CsharpDotNet2ClientCodegen extends DefaultCodegen implements Codege return camelize(operationId); } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/DartClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/DartClientCodegen.java index 70b98676ab..6bb54cb9d5 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/DartClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/DartClientCodegen.java @@ -289,4 +289,16 @@ public class DartClientCodegen extends DefaultCodegen implements CodegenConfig { public void setSourceFolder(String sourceFolder) { this.sourceFolder = sourceFolder; } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/FlashClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/FlashClientCodegen.java index a9eb1a97de..2d00c8cf7a 100755 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/FlashClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/FlashClientCodegen.java @@ -373,4 +373,15 @@ public class FlashClientCodegen extends DefaultCodegen implements CodegenConfig public void setSourceFolder(String sourceFolder) { this.sourceFolder = sourceFolder; } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoClientCodegen.java index efcde6d8c4..09672f6b6f 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoClientCodegen.java @@ -452,4 +452,15 @@ public class GoClientCodegen extends DefaultCodegen implements CodegenConfig { public void setPackageVersion(String packageVersion) { this.packageVersion = packageVersion; } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoServerCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoServerCodegen.java index 43c48cc64f..b8ce224765 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoServerCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GoServerCodegen.java @@ -263,4 +263,16 @@ public class GoServerCodegen extends DefaultCodegen implements CodegenConfig { // e.g. PetApi.go => pet_api.go return underscore(name); } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GroovyClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GroovyClientCodegen.java index 3f9bfbfc6b..84874b4060 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GroovyClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/GroovyClientCodegen.java @@ -83,4 +83,14 @@ public class GroovyClientCodegen extends AbstractJavaCodegen { this.configPackage = configPackage; } + @Override + public String escapeQuotationMark(String input) { + // remove ' to avoid code injection + return input.replace("'", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/HaskellServantCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/HaskellServantCodegen.java index 08147f60f3..59d9658ab7 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/HaskellServantCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/HaskellServantCodegen.java @@ -491,4 +491,16 @@ public class HaskellServantCodegen extends DefaultCodegen implements CodegenConf p.dataType = fixModelChars(p.dataType); return p; } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("{-", "{_-").replace("-}", "-_}"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JMeterCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JMeterCodegen.java index 2d08c9741e..394e7122a0 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JMeterCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JMeterCodegen.java @@ -183,4 +183,16 @@ public class JMeterCodegen extends DefaultCodegen implements CodegenConfig { type = swaggerType; return toModelName(type); } + + @Override + public String escapeQuotationMark(String input) { + // remove ' to avoid code injection + return input.replace("'", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClientCodegen.java index 5af43e546d..c20a70d402 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClientCodegen.java @@ -1041,7 +1041,7 @@ public class JavascriptClientCodegen extends DefaultCodegen implements CodegenCo @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClosureAngularClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClosureAngularClientCodegen.java index f980df9f4a..0371eee5e7 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClosureAngularClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavascriptClosureAngularClientCodegen.java @@ -254,7 +254,7 @@ public class JavascriptClosureAngularClientCodegen extends DefaultCodegen implem @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/LumenServerCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/LumenServerCodegen.java index 8ce97eb9dd..700bdfd3a5 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/LumenServerCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/LumenServerCodegen.java @@ -235,7 +235,7 @@ public class LumenServerCodegen extends DefaultCodegen implements CodegenConfig @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ObjcClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ObjcClientCodegen.java index 4344d90c7a..e028083a74 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ObjcClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ObjcClientCodegen.java @@ -723,5 +723,15 @@ public class ObjcClientCodegen extends DefaultCodegen implements CodegenConfig { p.example = example; } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PerlClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PerlClientCodegen.java index 4c4b9c8c31..15ec94188e 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PerlClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PerlClientCodegen.java @@ -413,6 +413,6 @@ public class PerlClientCodegen extends DefaultCodegen implements CodegenConfig { @Override public String escapeUnsafeCharacters(String input) { // remove =end, =cut to avoid code injection - return input.replace("=end", "").replace("=cut", ""); + return input.replace("=begin", "=_begin").replace("=end", "=_end").replace("=cut", "=_cut").replace("=pod", "=_pod"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PhpClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PhpClientCodegen.java index be89b8d265..feaf63d4e3 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PhpClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PhpClientCodegen.java @@ -658,6 +658,8 @@ public class PhpClientCodegen extends DefaultCodegen implements CodegenConfig { Map operations = (Map) objs.get("operations"); List operationList = (List) operations.get("operation"); for (CodegenOperation op : operationList) { + // for API test method name + // e.g. public function test{{vendorExtensions.x-testOperationId}}() op.vendorExtensions.put("x-testOperationId", camelize(op.operationId)); } return objs; @@ -671,7 +673,7 @@ public class PhpClientCodegen extends DefaultCodegen implements CodegenConfig { @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PythonClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PythonClientCodegen.java index 80d61745ac..f42e662d0f 100755 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PythonClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PythonClientCodegen.java @@ -599,7 +599,7 @@ public class PythonClientCodegen extends DefaultCodegen implements CodegenConfig @Override public String escapeUnsafeCharacters(String input) { // remove multiline comment - return input.replace("'''", ""); + return input.replace("'''", "'_'_'"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Qt5CPPGenerator.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Qt5CPPGenerator.java index 2b8e352328..46999eccbe 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Qt5CPPGenerator.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Qt5CPPGenerator.java @@ -333,4 +333,15 @@ public class Qt5CPPGenerator extends DefaultCodegen implements CodegenConfig { public String toApiName(String type) { return PREFIX + Character.toUpperCase(type.charAt(0)) + type.substring(1) + "Api"; } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Rails5ServerCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Rails5ServerCodegen.java index 4bb4c8e883..e03622b591 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Rails5ServerCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/Rails5ServerCodegen.java @@ -317,4 +317,14 @@ public class Rails5ServerCodegen extends DefaultCodegen implements CodegenConfig return super.postProcessSupportingFileData(objs); } + @Override + public String escapeQuotationMark(String input) { + // remove ' to avoid code injection + return input.replace("'", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("=end", "=_end").replace("=begin", "=_begin"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/RubyClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/RubyClientCodegen.java index 07d774566f..e58199e1b7 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/RubyClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/RubyClientCodegen.java @@ -721,6 +721,6 @@ public class RubyClientCodegen extends DefaultCodegen implements CodegenConfig { @Override public String escapeUnsafeCharacters(String input) { - return input.replace("=end", ""); + return input.replace("=end", "=_end").replace("=begin", "=_begin"); } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalaClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalaClientCodegen.java index b740ba552a..157d650a42 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalaClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalaClientCodegen.java @@ -336,4 +336,15 @@ public class ScalaClientCodegen extends DefaultCodegen implements CodegenConfig return toModelName(name); } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalatraServerCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalatraServerCodegen.java index 46a3af7632..b148a4da08 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalatraServerCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/ScalatraServerCodegen.java @@ -196,4 +196,16 @@ public class ScalatraServerCodegen extends DefaultCodegen implements CodegenConf } return toModelName(type); } + + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SilexServerCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SilexServerCodegen.java index 5a1a7044fa..a840b77e05 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SilexServerCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SilexServerCodegen.java @@ -208,7 +208,6 @@ public class SilexServerCodegen extends DefaultCodegen implements CodegenConfig @Override public String escapeUnsafeCharacters(String input) { - return input.replace("*/", ""); + return input.replace("*/", "*_/").replace("/*", "/_*"); } - } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SinatraServerCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SinatraServerCodegen.java index fb3ceab7d7..345607e3b4 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SinatraServerCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SinatraServerCodegen.java @@ -243,4 +243,14 @@ public class SinatraServerCodegen extends DefaultCodegen implements CodegenConfi return super.postProcessSupportingFileData(objs); } + @Override + public String escapeQuotationMark(String input) { + // remove ' to avoid code injection + return input.replace("'", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("=end", "=_end").replace("=begin", "=_begin"); + } } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SwiftCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SwiftCodegen.java index 3e393a7fe0..f23cf72d50 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SwiftCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SwiftCodegen.java @@ -550,4 +550,15 @@ public class SwiftCodegen extends DefaultCodegen implements CodegenConfig { return postProcessModelsEnum(objs); } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } + } diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/TizenClientCodegen.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/TizenClientCodegen.java index ec58781ab2..3327972665 100644 --- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/TizenClientCodegen.java +++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/TizenClientCodegen.java @@ -281,4 +281,14 @@ public class TizenClientCodegen extends DefaultCodegen implements CodegenConfig return camelize(operationId, true); } + @Override + public String escapeQuotationMark(String input) { + // remove " to avoid code injection + return input.replace("\"", ""); + } + + @Override + public String escapeUnsafeCharacters(String input) { + return input.replace("*/", "*_/").replace("/*", "/_*"); + } } diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/README.md b/samples/client/petstore-security-test/php/SwaggerClient-php/README.md index 069a30dae0..e147df3172 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/README.md +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/README.md @@ -1,10 +1,10 @@ # SwaggerClient-php -This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end +This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end This PHP package is automatically generated by the [Swagger Codegen](https://github.com/swagger-api/swagger-codegen) project: -- API version: 1.0.0 ' \" =end -- Build date: 2016-06-30T07:09:53.488+02:00 +- API version: 1.0.0 *_/ ' \" =end +- Build date: 2016-07-02T16:22:07.280+08:00 - Build package: class io.swagger.codegen.languages.PhpClientCodegen ## Requirements @@ -58,7 +58,7 @@ Please follow the [installation procedure](#installation--usage) and then run th require_once(__DIR__ . '/vendor/autoload.php'); $api_instance = new Swagger\Client\Api\FakeApi(); -$test_code_inject____end = "test_code_inject____end_example"; // string | To test code injection ' \" =end +$test_code_inject____end = "test_code_inject____end_example"; // string | To test code injection *_/ ' \" =end try { $api_instance->testCodeInjectEnd($test_code_inject____end); @@ -71,11 +71,11 @@ try { ## Documentation for API Endpoints -All URIs are relative to *https://petstore.swagger.io ' \" =end/v2 ' \" =end* +All URIs are relative to *https://petstore.swagger.io *_/ ' \" =end/v2 *_/ ' \" =end* Class | Method | HTTP request | Description ------------ | ------------- | ------------- | ------------- -*FakeApi* | [**testCodeInjectEnd**](docs/Api/FakeApi.md#testcodeinjectend) | **PUT** /fake | To test code injection ' \" =end +*FakeApi* | [**testCodeInjectEnd**](docs/Api/FakeApi.md#testcodeinjectend) | **PUT** /fake | To test code injection *_/ ' \" =end ## Documentation For Models @@ -86,6 +86,12 @@ Class | Method | HTTP request | Description ## Documentation For Authorization +## api_key + +- **Type**: API key +- **API key parameter name**: api_key */ ' " =end +- **Location**: HTTP header + ## petstore_auth - **Type**: OAuth @@ -95,15 +101,9 @@ Class | Method | HTTP request | Description - **write:pets**: modify pets in your account */ ' " =end - **read:pets**: read your pets */ ' " =end -## api_key - -- **Type**: API key -- **API key parameter name**: api_key */ ' " =end -- **Location**: HTTP header - ## Author -apiteam@swagger.io ' \" =end +apiteam@swagger.io *_/ ' \" =end diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/autoload.php b/samples/client/petstore-security-test/php/SwaggerClient-php/autoload.php index b8dc24a83b..cc9a6698cd 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/autoload.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/autoload.php @@ -1,12 +1,12 @@ testCodeInjectEnd($test_code_inject____end) -To test code injection ' \" =end +To test code injection *_/ ' \" =end ### Example ```php @@ -18,7 +18,7 @@ To test code injection ' \" =end require_once(__DIR__ . '/vendor/autoload.php'); $api_instance = new Swagger\Client\Api\FakeApi(); -$test_code_inject____end = "test_code_inject____end_example"; // string | To test code injection ' \" =end +$test_code_inject____end = "test_code_inject____end_example"; // string | To test code injection *_/ ' \" =end try { $api_instance->testCodeInjectEnd($test_code_inject____end); @@ -32,7 +32,7 @@ try { Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - **test_code_inject____end** | **string**| To test code injection ' \" =end | [optional] + **test_code_inject____end** | **string**| To test code injection *_/ ' \" =end | [optional] ### Return type diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/docs/Model/ModelReturn.md b/samples/client/petstore-security-test/php/SwaggerClient-php/docs/Model/ModelReturn.md index 138a188255..97772852c1 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/docs/Model/ModelReturn.md +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/docs/Model/ModelReturn.md @@ -3,7 +3,7 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**return** | **int** | property description ' \" =end | [optional] +**return** | **int** | property description *_/ ' \" =end | [optional] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Api/FakeApi.php b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Api/FakeApi.php index a74ebc4af6..8c9ea6c5c2 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Api/FakeApi.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Api/FakeApi.php @@ -11,12 +11,12 @@ */ /** - * Swagger Petstore ' \" =end + * Swagger Petstore *_/ ' \" =end * - * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end + * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end * - * OpenAPI spec version: 1.0.0 ' \" =end - * Contact: apiteam@swagger.io ' \" =end + * OpenAPI spec version: 1.0.0 *_/ ' \" =end + * Contact: apiteam@swagger.io *_/ ' \" =end * Generated by: https://github.com/swagger-api/swagger-codegen.git * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -73,7 +73,7 @@ class FakeApi { if ($apiClient == null) { $apiClient = new ApiClient(); - $apiClient->getConfig()->setHost('https://petstore.swagger.io ' \" =end/v2 ' \" =end'); + $apiClient->getConfig()->setHost('https://petstore.swagger.io *_/ ' \" =end/v2 *_/ ' \" =end'); } $this->apiClient = $apiClient; @@ -105,9 +105,9 @@ class FakeApi /** * Operation testCodeInjectEnd * - * To test code injection ' \" =end + * To test code injection *_/ ' \" =end * - * @param string $test_code_inject____end To test code injection ' \" =end (optional) + * @param string $test_code_inject____end To test code injection *_/ ' \" =end (optional) * @return void * @throws \Swagger\Client\ApiException on non-2xx response */ @@ -120,9 +120,9 @@ class FakeApi /** * Operation testCodeInjectEndWithHttpInfo * - * To test code injection ' \" =end + * To test code injection *_/ ' \" =end * - * @param string $test_code_inject____end To test code injection ' \" =end (optional) + * @param string $test_code_inject____end To test code injection *_/ ' \" =end (optional) * @return Array of null, HTTP status code, HTTP response headers (array of strings) * @throws \Swagger\Client\ApiException on non-2xx response */ diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiClient.php b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiClient.php index c29bfb86bb..53c2b153be 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiClient.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiClient.php @@ -12,12 +12,12 @@ */ /** - * Swagger Petstore ' \" =end + * Swagger Petstore *_/ ' \" =end * - * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end + * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end * - * OpenAPI spec version: 1.0.0 ' \" =end - * Contact: apiteam@swagger.io ' \" =end + * OpenAPI spec version: 1.0.0 *_/ ' \" =end + * Contact: apiteam@swagger.io *_/ ' \" =end * Generated by: https://github.com/swagger-api/swagger-codegen.git * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiException.php b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiException.php index ae465a3964..9bb23ee334 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiException.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ApiException.php @@ -11,12 +11,12 @@ */ /** - * Swagger Petstore ' \" =end + * Swagger Petstore *_/ ' \" =end * - * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end + * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end * - * OpenAPI spec version: 1.0.0 ' \" =end - * Contact: apiteam@swagger.io ' \" =end + * OpenAPI spec version: 1.0.0 *_/ ' \" =end + * Contact: apiteam@swagger.io *_/ ' \" =end * Generated by: https://github.com/swagger-api/swagger-codegen.git * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Configuration.php b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Configuration.php index 3308e3c582..a5838d9c81 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Configuration.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Configuration.php @@ -11,12 +11,12 @@ */ /** - * Swagger Petstore ' \" =end + * Swagger Petstore *_/ ' \" =end * - * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end + * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end * - * OpenAPI spec version: 1.0.0 ' \" =end - * Contact: apiteam@swagger.io ' \" =end + * OpenAPI spec version: 1.0.0 *_/ ' \" =end + * Contact: apiteam@swagger.io *_/ ' \" =end * Generated by: https://github.com/swagger-api/swagger-codegen.git * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -102,7 +102,7 @@ class Configuration * * @var string */ - protected $host = 'https://petstore.swagger.io ' \" =end/v2 ' \" =end'; + protected $host = 'https://petstore.swagger.io *_/ ' \" =end/v2 *_/ ' \" =end'; /** * Timeout (second) of the HTTP request, by default set to 0, no timeout @@ -522,7 +522,7 @@ class Configuration $report = 'PHP SDK (Swagger\Client) Debug Report:' . PHP_EOL; $report .= ' OS: ' . php_uname() . PHP_EOL; $report .= ' PHP Version: ' . phpversion() . PHP_EOL; - $report .= ' OpenAPI Spec Version: 1.0.0 ' \" =end' . PHP_EOL; + $report .= ' OpenAPI Spec Version: 1.0.0 *_/ ' \" =end' . PHP_EOL; $report .= ' Temp Folder Path: ' . self::getDefaultConfiguration()->getTempFolderPath() . PHP_EOL; return $report; diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Model/ModelReturn.php b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Model/ModelReturn.php index e633896f43..eeaf6ff927 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Model/ModelReturn.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/Model/ModelReturn.php @@ -12,12 +12,12 @@ */ /** - * Swagger Petstore ' \" =end + * Swagger Petstore *_/ ' \" =end * - * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end + * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end * - * OpenAPI spec version: 1.0.0 ' \" =end - * Contact: apiteam@swagger.io ' \" =end + * OpenAPI spec version: 1.0.0 *_/ ' \" =end + * Contact: apiteam@swagger.io *_/ ' \" =end * Generated by: https://github.com/swagger-api/swagger-codegen.git * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -47,7 +47,7 @@ use \ArrayAccess; * ModelReturn Class Doc Comment * * @category Class */ - // @description Model for testing reserved words ' \" =end + // @description Model for testing reserved words *_/ ' \" =end /** * @package Swagger\Client * @author http://github.com/swagger-api/swagger-codegen @@ -167,7 +167,7 @@ class ModelReturn implements ArrayAccess /** * Sets return - * @param int $return property description ' \" =end + * @param int $return property description *_/ ' \" =end * @return $this */ public function setReturn($return) diff --git a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ObjectSerializer.php b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ObjectSerializer.php index ca518c99c8..7ee21f8bd6 100644 --- a/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ObjectSerializer.php +++ b/samples/client/petstore-security-test/php/SwaggerClient-php/lib/ObjectSerializer.php @@ -12,12 +12,12 @@ */ /** - * Swagger Petstore ' \" =end + * Swagger Petstore *_/ ' \" =end * - * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ ' \" =end + * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\ *_/ ' \" =end * - * OpenAPI spec version: 1.0.0 ' \" =end - * Contact: apiteam@swagger.io ' \" =end + * OpenAPI spec version: 1.0.0 *_/ ' \" =end + * Contact: apiteam@swagger.io *_/ ' \" =end * Generated by: https://github.com/swagger-api/swagger-codegen.git * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -264,7 +264,7 @@ class ObjectSerializer } else { return null; } - } elseif (in_array($class, array('void', 'bool', 'string', 'double', 'byte', 'mixed', 'integer', 'float', 'int', 'DateTime', 'number', 'boolean', 'object'))) { + } elseif (in_array($class, array('integer', 'int', 'void', 'number', 'object', 'double', 'float', 'byte', 'DateTime', 'string', 'mixed', 'boolean', 'bool'))) { settype($data, $class); return $data; } elseif ($class === '\SplFileObject') {