forked from loafle/openapi-generator-original
fix security issue with filename for c# api client
This commit is contained in:
wing328
@@ -265,7 +265,7 @@ namespace IO.Swagger.Client
|
||||
var match = regex.Match(header.ToString());
|
||||
if (match.Success)
|
||||
{
|
||||
string fileName = filePath + match.Groups[1].Value.Replace("\"", "").Replace("'", "");
|
||||
string fileName = filePath + SanitizeFilename(match.Groups[1].Value.Replace("\"", "").Replace("'", ""));
|
||||
File.WriteAllBytes(fileName, data);
|
||||
return new FileStream(fileName, FileMode.Open);
|
||||
}
|
||||
@@ -426,6 +426,23 @@ namespace IO.Swagger.Client
|
||||
return sb.ToString();
|
||||
}
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// Sanitize filename by removing the path
|
||||
/// </summary>
|
||||
/// <param name="filename">Filename</param>
|
||||
/// <returns>Filename</returns>
|
||||
public static string SanitizeFilename(string filename)
|
||||
{
|
||||
Match match = Regex.Match(filename, @".*[/\\](.*)$");
|
||||
|
||||
if (match.Success)
|
||||
{
|
||||
return match.Groups[1].Value;
|
||||
}
|
||||
else
|
||||
{
|
||||
return filename;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -92,7 +92,8 @@ namespace IO.Swagger.Client
|
||||
|
||||
set
|
||||
{
|
||||
ApiClient.RestClient.Timeout = value;
|
||||
if (ApiClient != null)
|
||||
ApiClient.RestClient.Timeout = value;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -112,10 +112,10 @@ namespace IO.Swagger.Model
|
||||
// Suitable nullity checks etc, of course :)
|
||||
|
||||
if (this.Id != null)
|
||||
hash = hash * 57 + this.Id.GetHashCode();
|
||||
hash = hash * 59 + this.Id.GetHashCode();
|
||||
|
||||
if (this.Name != null)
|
||||
hash = hash * 57 + this.Name.GetHashCode();
|
||||
hash = hash * 59 + this.Name.GetHashCode();
|
||||
|
||||
return hash;
|
||||
}
|
||||
|
||||
@@ -165,22 +165,22 @@ namespace IO.Swagger.Model
|
||||
// Suitable nullity checks etc, of course :)
|
||||
|
||||
if (this.Id != null)
|
||||
hash = hash * 57 + this.Id.GetHashCode();
|
||||
hash = hash * 59 + this.Id.GetHashCode();
|
||||
|
||||
if (this.PetId != null)
|
||||
hash = hash * 57 + this.PetId.GetHashCode();
|
||||
hash = hash * 59 + this.PetId.GetHashCode();
|
||||
|
||||
if (this.Quantity != null)
|
||||
hash = hash * 57 + this.Quantity.GetHashCode();
|
||||
hash = hash * 59 + this.Quantity.GetHashCode();
|
||||
|
||||
if (this.ShipDate != null)
|
||||
hash = hash * 57 + this.ShipDate.GetHashCode();
|
||||
hash = hash * 59 + this.ShipDate.GetHashCode();
|
||||
|
||||
if (this.Status != null)
|
||||
hash = hash * 57 + this.Status.GetHashCode();
|
||||
hash = hash * 59 + this.Status.GetHashCode();
|
||||
|
||||
if (this.Complete != null)
|
||||
hash = hash * 57 + this.Complete.GetHashCode();
|
||||
hash = hash * 59 + this.Complete.GetHashCode();
|
||||
|
||||
return hash;
|
||||
}
|
||||
|
||||
@@ -165,22 +165,22 @@ namespace IO.Swagger.Model
|
||||
// Suitable nullity checks etc, of course :)
|
||||
|
||||
if (this.Id != null)
|
||||
hash = hash * 57 + this.Id.GetHashCode();
|
||||
hash = hash * 59 + this.Id.GetHashCode();
|
||||
|
||||
if (this.Category != null)
|
||||
hash = hash * 57 + this.Category.GetHashCode();
|
||||
hash = hash * 59 + this.Category.GetHashCode();
|
||||
|
||||
if (this.Name != null)
|
||||
hash = hash * 57 + this.Name.GetHashCode();
|
||||
hash = hash * 59 + this.Name.GetHashCode();
|
||||
|
||||
if (this.PhotoUrls != null)
|
||||
hash = hash * 57 + this.PhotoUrls.GetHashCode();
|
||||
hash = hash * 59 + this.PhotoUrls.GetHashCode();
|
||||
|
||||
if (this.Tags != null)
|
||||
hash = hash * 57 + this.Tags.GetHashCode();
|
||||
hash = hash * 59 + this.Tags.GetHashCode();
|
||||
|
||||
if (this.Status != null)
|
||||
hash = hash * 57 + this.Status.GetHashCode();
|
||||
hash = hash * 59 + this.Status.GetHashCode();
|
||||
|
||||
return hash;
|
||||
}
|
||||
|
||||
@@ -112,10 +112,10 @@ namespace IO.Swagger.Model
|
||||
// Suitable nullity checks etc, of course :)
|
||||
|
||||
if (this.Id != null)
|
||||
hash = hash * 57 + this.Id.GetHashCode();
|
||||
hash = hash * 59 + this.Id.GetHashCode();
|
||||
|
||||
if (this.Name != null)
|
||||
hash = hash * 57 + this.Name.GetHashCode();
|
||||
hash = hash * 59 + this.Name.GetHashCode();
|
||||
|
||||
return hash;
|
||||
}
|
||||
|
||||
@@ -191,28 +191,28 @@ namespace IO.Swagger.Model
|
||||
// Suitable nullity checks etc, of course :)
|
||||
|
||||
if (this.Id != null)
|
||||
hash = hash * 57 + this.Id.GetHashCode();
|
||||
hash = hash * 59 + this.Id.GetHashCode();
|
||||
|
||||
if (this.Username != null)
|
||||
hash = hash * 57 + this.Username.GetHashCode();
|
||||
hash = hash * 59 + this.Username.GetHashCode();
|
||||
|
||||
if (this.FirstName != null)
|
||||
hash = hash * 57 + this.FirstName.GetHashCode();
|
||||
hash = hash * 59 + this.FirstName.GetHashCode();
|
||||
|
||||
if (this.LastName != null)
|
||||
hash = hash * 57 + this.LastName.GetHashCode();
|
||||
hash = hash * 59 + this.LastName.GetHashCode();
|
||||
|
||||
if (this.Email != null)
|
||||
hash = hash * 57 + this.Email.GetHashCode();
|
||||
hash = hash * 59 + this.Email.GetHashCode();
|
||||
|
||||
if (this.Password != null)
|
||||
hash = hash * 57 + this.Password.GetHashCode();
|
||||
hash = hash * 59 + this.Password.GetHashCode();
|
||||
|
||||
if (this.Phone != null)
|
||||
hash = hash * 57 + this.Phone.GetHashCode();
|
||||
hash = hash * 59 + this.Phone.GetHashCode();
|
||||
|
||||
if (this.UserStatus != null)
|
||||
hash = hash * 57 + this.UserStatus.GetHashCode();
|
||||
hash = hash * 59 + this.UserStatus.GetHashCode();
|
||||
|
||||
return hash;
|
||||
}
|
||||
|
||||
@@ -95,6 +95,22 @@ namespace SwaggerClientTest.TestApiClient
|
||||
DateTime dateUtc = DateTime.Parse("2009-06-15 20:45:30Z", null, System.Globalization.DateTimeStyles.RoundtripKind);
|
||||
Assert.AreEqual("15/06/09 20:45:30", api.ParameterToString(dateUtc));
|
||||
}
|
||||
|
||||
[Test ()]
|
||||
public void TestSanitizeFilename ()
|
||||
{
|
||||
Assert.AreEqual("sun.gif", ApiClient.SanitizeFilename("sun.gif"));
|
||||
Assert.AreEqual("sun.gif", ApiClient.SanitizeFilename("../sun.gif"));
|
||||
Assert.AreEqual("sun.gif", ApiClient.SanitizeFilename("/var/tmp/sun.gif"));
|
||||
Assert.AreEqual("sun.gif", ApiClient.SanitizeFilename("./sun.gif"));
|
||||
|
||||
Assert.AreEqual("sun", ApiClient.SanitizeFilename("sun"));
|
||||
Assert.AreEqual("sun.gif", ApiClient.SanitizeFilename("..\\sun.gif"));
|
||||
Assert.AreEqual("sun.gif", ApiClient.SanitizeFilename("\\var\\tmp\\sun.gif"));
|
||||
Assert.AreEqual("sun.gif", ApiClient.SanitizeFilename("c:\\var\\tmp\\sun.gif"));
|
||||
Assert.AreEqual("sun.gif", ApiClient.SanitizeFilename(".\\sun.gif"));
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Binary file not shown.
Binary file not shown.
@@ -1,9 +1,9 @@
|
||||
/Users/williamcheng/Code/tmp/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/obj/Debug/.NETFramework,Version=v4.5.AssemblyAttribute.cs
|
||||
/Users/williamcheng/Code/tmp/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/obj/Debug/SwaggerClientTest.swagger-logo.png
|
||||
/Users/williamcheng/Code/tmp/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/bin/Debug/SwaggerClientTest.dll.mdb
|
||||
/Users/williamcheng/Code/tmp/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/bin/Debug/SwaggerClientTest.dll
|
||||
/Users/williamcheng/Code/tmp/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/obj/Debug/SwaggerClientTest.dll
|
||||
/Users/williamcheng/Code/tmp/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/obj/Debug/SwaggerClientTest.dll.mdb
|
||||
/Users/williamcheng/Code/tmp/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/bin/Debug/Newtonsoft.Json.dll
|
||||
/Users/williamcheng/Code/tmp/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/bin/Debug/nunit.framework.dll
|
||||
/Users/williamcheng/Code/tmp/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/bin/Debug/RestSharp.dll
|
||||
/Users/williamcheng/Code/wing328/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/obj/Debug/.NETFramework,Version=v4.5.AssemblyAttribute.cs
|
||||
/Users/williamcheng/Code/wing328/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/obj/Debug/SwaggerClientTest.swagger-logo.png
|
||||
/Users/williamcheng/Code/wing328/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/bin/Debug/SwaggerClientTest.dll.mdb
|
||||
/Users/williamcheng/Code/wing328/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/bin/Debug/SwaggerClientTest.dll
|
||||
/Users/williamcheng/Code/wing328/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/obj/Debug/SwaggerClientTest.dll
|
||||
/Users/williamcheng/Code/wing328/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/obj/Debug/SwaggerClientTest.dll.mdb
|
||||
/Users/williamcheng/Code/wing328/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/bin/Debug/Newtonsoft.Json.dll
|
||||
/Users/williamcheng/Code/wing328/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/bin/Debug/nunit.framework.dll
|
||||
/Users/williamcheng/Code/wing328/swagger-codegen/samples/client/petstore/csharp/SwaggerClientTest/bin/Debug/RestSharp.dll
|
||||
|
||||
Binary file not shown.
Reference in New Issue
Block a user