better code injectino handling for perl client

2016-06-28 16:37:33 +08:00
parent 8dc22d2bda
commit 02864ed31a
71 changed files with 5616 additions and 96 deletions
--- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PerlClientCodegen.java
+++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PerlClientCodegen.java
@@ -373,7 +373,8 @@ public class PerlClientCodegen extends DefaultCodegen implements CodegenConfig {
            return underscore("call_" + operationId);
        }

-        return underscore(operationId);
+        //return underscore(operationId).replaceAll("[^A-Za-z0-9_]", "");
+        return underscore(sanitizeName(operationId));
    }

    public void setModuleName(String moduleName) {
@@ -403,4 +404,15 @@ public class PerlClientCodegen extends DefaultCodegen implements CodegenConfig {
        }

    }
+
+    @Override
+    public String escapeQuotationMark(String input) {
+        return input.replace("'", "");
+    }
+
+    @Override
+    public String escapeUnsafeCharacters(String input) {
+        // remove =end, =cut to avoid code injection
+        return input.replace("=end", "").replace("=cut", "");
+    }
 }