Merge pull request #3231 from wing328/security_fix_ruby

[Ruby] better code injection handling for Ruby API client
2016-06-28 20:09:55 +08:00
parent 37e1de6d72 f1f01041ed
commit 07a852fe78
61 changed files with 2356 additions and 71 deletions
--- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/RubyClientCodegen.java
+++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/RubyClientCodegen.java
@@ -712,4 +712,15 @@ public class RubyClientCodegen extends DefaultCodegen implements CodegenConfig {
        //
        //return super.shouldOverwrite(filename) && !filename.endsWith("_spec.rb");
    }
+
+    @Override
+    public String escapeQuotationMark(String input) {
+        // remove ' to avoid code injection
+        return input.replace("'", "");
+    }
+
+    @Override
+    public String escapeUnsafeCharacters(String input) {
+        return input.replace("=end", "");
+    }
 }