apply security fix to php lumne, silex, slim

2016-06-28 12:21:41 +08:00
parent f38c8373cc
commit ec2abe78e3
36 changed files with 1505 additions and 3 deletions
--- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/DefaultCodegen.java
+++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/DefaultCodegen.java
@@ -349,6 +349,7 @@ public class DefaultCodegen {
     * @return string with unsafe characters removed or escaped
     */
    public String escapeUnsafeCharacters(String input) {
+        LOGGER.warn("escapeUnsafeCharacters should be overriden in the code generator with proper logic to escape unsafe characters");
        // doing nothing by default and code generator should implement
        // the logic to prevent code injection
        // later we'll make this method abstract to make sure
@@ -362,7 +363,7 @@ public class DefaultCodegen {
     * @return string with quotation mark removed or escaped
     */
    public String escapeQuotationMark(String input) {
-        LOGGER.info("### calling default escapeText");
+        LOGGER.warn("escapeQuotationMark should be overriden in the code generator with proper logic to escape single/double quote");
        return input.replace("\"", "\\\"");
    }

--- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/LumenServerCodegen.java
+++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/LumenServerCodegen.java
@@ -215,4 +215,16 @@ public class LumenServerCodegen extends DefaultCodegen implements CodegenConfig
            type = swaggerType;
        return toModelName(type);
    }
+
+    @Override
+    public String escapeQuotationMark(String input) {
+        // remove ' to avoid code injection
+        return input.replace("'", "");
+    }
+
+    @Override
+    public String escapeUnsafeCharacters(String input) {
+        return input.replace("*/", "");
+    }
+
 }
--- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SilexServerCodegen.java
+++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SilexServerCodegen.java
@@ -200,4 +200,15 @@ public class SilexServerCodegen extends DefaultCodegen implements CodegenConfig
        return toModelName(name);
    }

+    @Override
+    public String escapeQuotationMark(String input) {
+        // remove ' to avoid code injection
+        return input.replace("'", "");
+    }
+
+    @Override
+    public String escapeUnsafeCharacters(String input) {
+        return input.replace("*/", "");
+    }
+
 }
--- a/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SlimFrameworkServerCodegen.java
+++ b/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/SlimFrameworkServerCodegen.java
@@ -225,4 +225,15 @@ public class SlimFrameworkServerCodegen extends DefaultCodegen implements Codege
        return toModelName(name);
    }

+    @Override
+    public String escapeQuotationMark(String input) {
+        // remove ' to avoid code injection
+        return input.replace("'", "");
+    }
+
+    @Override
+    public String escapeUnsafeCharacters(String input) {
+        return input.replace("*/", "");
+    }
+
 }