Merge pull request #3230 from wing328/security_fix_python

[Python] better code injection handling for Python
2016-06-28 20:09:40 +08:00
parent 56b2b4f2eb 3a41da42f0
commit 37e1de6d72
74 changed files with 3617 additions and 54 deletions
--- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PythonClientCodegen.java
+++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/PythonClientCodegen.java
@@ -590,5 +590,16 @@ public class PythonClientCodegen extends DefaultCodegen implements CodegenConfig
        p.example = example;
    }

+    @Override
+    public String escapeQuotationMark(String input) {
+        // remove ' to avoid code injection
+        return input.replace("'", "");
+    }
+
+    @Override
+    public String escapeUnsafeCharacters(String input) {
+        // remove multiline comment
+        return input.replace("'''", "");
+    }

 }