From 23f57a7290b31d0a89256a36476edfdf7941e5ee Mon Sep 17 00:00:00 2001 From: grzegorz-moto <60603738+grzegorz-moto@users.noreply.github.com> Date: Thu, 2 Jul 2020 12:34:28 +0200 Subject: [PATCH] [Java][WebClient]remove the dead code from java ApiClient.mustache (#6556) * remove the dead code Remove the dead code from ApiClient The code is not used and it contains vulnerability of Log Forgery when it writes unvalidated http header to the log. An attacker could take advantage of this behaviour to forge log entries or inject malicious content into the log. * update Petstore samples * whitespace --- .../libraries/webclient/ApiClient.mustache | 52 ------------------- .../org/openapitools/client/ApiClient.java | 52 ------------------- 2 files changed, 104 deletions(-) diff --git a/modules/openapi-generator/src/main/resources/Java/libraries/webclient/ApiClient.mustache b/modules/openapi-generator/src/main/resources/Java/libraries/webclient/ApiClient.mustache index 72b80bac81a..f38a9b8c450 100644 --- a/modules/openapi-generator/src/main/resources/Java/libraries/webclient/ApiClient.mustache +++ b/modules/openapi-generator/src/main/resources/Java/libraries/webclient/ApiClient.mustache @@ -647,56 +647,4 @@ public class ApiClient { return collectionFormat.collectionToString(values); } - - private class ApiClientHttpRequestInterceptor implements ClientHttpRequestInterceptor { - private final Log log = LogFactory.getLog(ApiClientHttpRequestInterceptor.class); - - @Override - public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException { - logRequest(request, body); - ClientHttpResponse response = execution.execute(request, body); - logResponse(response); - return response; - } - - private void logRequest(HttpRequest request, byte[] body) throws UnsupportedEncodingException { - log.info("URI: " + request.getURI()); - log.info("HTTP Method: " + request.getMethod()); - log.info("HTTP Headers: " + headersToString(request.getHeaders())); - log.info("Request Body: " + new String(body, StandardCharsets.UTF_8)); - } - - private void logResponse(ClientHttpResponse response) throws IOException { - log.info("HTTP Status Code: " + response.getRawStatusCode()); - log.info("Status Text: " + response.getStatusText()); - log.info("HTTP Headers: " + headersToString(response.getHeaders())); - log.info("Response Body: " + bodyToString(response.getBody())); - } - - private String headersToString(HttpHeaders headers) { - StringBuilder builder = new StringBuilder(); - for(Entry> entry : headers.entrySet()) { - builder.append(entry.getKey()).append("=["); - for(String value : entry.getValue()) { - builder.append(value).append(","); - } - builder.setLength(builder.length() - 1); // Get rid of trailing comma - builder.append("],"); - } - builder.setLength(builder.length() - 1); // Get rid of trailing comma - return builder.toString(); - } - - private String bodyToString(InputStream body) throws IOException { - StringBuilder builder = new StringBuilder(); - BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(body, StandardCharsets.UTF_8)); - String line = bufferedReader.readLine(); - while (line != null) { - builder.append(line).append(System.lineSeparator()); - line = bufferedReader.readLine(); - } - bufferedReader.close(); - return builder.toString(); - } - } } diff --git a/samples/client/petstore/java/webclient/src/main/java/org/openapitools/client/ApiClient.java b/samples/client/petstore/java/webclient/src/main/java/org/openapitools/client/ApiClient.java index 27f55dfdbcc..a69349fef84 100644 --- a/samples/client/petstore/java/webclient/src/main/java/org/openapitools/client/ApiClient.java +++ b/samples/client/petstore/java/webclient/src/main/java/org/openapitools/client/ApiClient.java @@ -643,56 +643,4 @@ public class ApiClient { return collectionFormat.collectionToString(values); } - - private class ApiClientHttpRequestInterceptor implements ClientHttpRequestInterceptor { - private final Log log = LogFactory.getLog(ApiClientHttpRequestInterceptor.class); - - @Override - public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException { - logRequest(request, body); - ClientHttpResponse response = execution.execute(request, body); - logResponse(response); - return response; - } - - private void logRequest(HttpRequest request, byte[] body) throws UnsupportedEncodingException { - log.info("URI: " + request.getURI()); - log.info("HTTP Method: " + request.getMethod()); - log.info("HTTP Headers: " + headersToString(request.getHeaders())); - log.info("Request Body: " + new String(body, StandardCharsets.UTF_8)); - } - - private void logResponse(ClientHttpResponse response) throws IOException { - log.info("HTTP Status Code: " + response.getRawStatusCode()); - log.info("Status Text: " + response.getStatusText()); - log.info("HTTP Headers: " + headersToString(response.getHeaders())); - log.info("Response Body: " + bodyToString(response.getBody())); - } - - private String headersToString(HttpHeaders headers) { - StringBuilder builder = new StringBuilder(); - for(Entry> entry : headers.entrySet()) { - builder.append(entry.getKey()).append("=["); - for(String value : entry.getValue()) { - builder.append(value).append(","); - } - builder.setLength(builder.length() - 1); // Get rid of trailing comma - builder.append("],"); - } - builder.setLength(builder.length() - 1); // Get rid of trailing comma - return builder.toString(); - } - - private String bodyToString(InputStream body) throws IOException { - StringBuilder builder = new StringBuilder(); - BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(body, StandardCharsets.UTF_8)); - String line = bufferedReader.readLine(); - while (line != null) { - builder.append(line).append(System.lineSeparator()); - line = bufferedReader.readLine(); - } - bufferedReader.close(); - return builder.toString(); - } - } }