loafle/openapi-generator
3
0
Fork 0
forked from loafle/openapi-generator-original
Code Pull Requests Activity

[Go] Address Gosec vulnerabilities in Go client mustache template (#12540)

Browse Source 
* Fix potential file inclusion via variable

* Fix deferring unsafe method "Close" on type "*os.File"

* Update samples

* Correction to use existing variable

* Correction generated samples
This commit is contained in:
Beppe Catanese
2022-06-11 03:10:48 +02:00
committed by GitHub
parent 45f430f5c8
commit aeb40ab0ae
4 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
samples/openapi3/client/petstore/go/go-petstore/client.go
View File

@@ -430,11 +430,14 @@ func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err err
// Add a file to the multipart request
func addFile(w *multipart.Writer, fieldName, path string) error {
file, err := os.Open(path)
file, err := os.Open(filepath.Clean(path))
if err != nil {
return err
}
defer file.Close()
err = file.Close()
if err != nil {
return err
}
part, err := w.CreateFormFile(fieldName, filepath.Base(path))
if err != nil {