Skip to content

Commit

Permalink
Merge pull request from GHSA-hpv8-9rq5-hq7w
Browse files Browse the repository at this point in the history 
security: fix CWE-378 CWE-200 CWE-732 - use java.nio.files
  • Loading branch information
@frantuma
frantuma committed Mar 2, 2021
2 parents 987ea7a + 33a1ef4 commit 35adbd5
Show file tree
Hide file tree
Showing 159 changed files with 178 additions and 12,652 deletions.
1 change: 0 additions & 1 deletion bin/java-petstore-all.sh
View file
Expand Up @@ -12,7 +12,6 @@
./bin/java-petstore-retrofit2rx2.sh
./bin/java8-petstore-jersey2.sh
./bin/java-petstore-retrofit2-play24.sh
./bin/java-petstore-jersey2-java6.sh
./bin/java-petstore-resttemplate.sh
./bin/java-petstore-resttemplate-withxml.sh
./bin/java-petstore-resteasy.sh
Expand Down
34 changes: 0 additions & 34 deletions bin/java-petstore-jersey2-java6.sh
View file

This file was deleted.

2 changes: 1 addition & 1 deletion modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/AbstractJavaCodegen.java
View file
Expand Up @@ -198,7 +198,7 @@ public void processOpts() {
super.processOpts();

if (additionalProperties.containsKey(SUPPORT_JAVA6)) {
this.setSupportJava6(Boolean.valueOf(additionalProperties.get(SUPPORT_JAVA6).toString()));
this.setSupportJava6(false); // JAVA 6 not supported
}
additionalProperties.put(SUPPORT_JAVA6, supportJava6);

Expand Down
1 change: 0 additions & 1 deletion modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavaClientCodegen.java
View file
Expand Up @@ -69,7 +69,6 @@ public JavaClientCodegen() {
cliOptions.add(CliOption.newBoolean(PARCELABLE_MODEL, "Whether to generate models for Android that implement Parcelable with the okhttp-gson library."));
cliOptions.add(CliOption.newBoolean(USE_PLAY_WS, "Use Play! Async HTTP client (Play WS API)"));
cliOptions.add(CliOption.newString(PLAY_VERSION, "Version of Play! Framework (possible values \"play24\", \"play25\")"));
cliOptions.add(CliOption.newBoolean(SUPPORT_JAVA6, "Whether to support Java6 with the Jersey1 library."));
cliOptions.add(CliOption.newBoolean(USE_BEANVALIDATION, "Use BeanValidation API annotations"));
cliOptions.add(CliOption.newBoolean(PERFORM_BEANVALIDATION, "Perform BeanValidation"));
cliOptions.add(CliOption.newBoolean(USE_GZIP_FEATURE, "Send gzip-encoded requests"));
Expand Down
7 changes: 3 additions & 4 deletions ...s/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavaJerseyServerCodegen.java
View file
Expand Up @@ -13,7 +13,7 @@ public class JavaJerseyServerCodegen extends AbstractJavaJAXRSServerCodegen {

protected static final String LIBRARY_JERSEY1 = "jersey1";
protected static final String LIBRARY_JERSEY2 = "jersey2";

/**
* Default library template to use. (Default:{@value #DEFAULT_LIBRARY})
*/
Expand Down Expand Up @@ -48,7 +48,6 @@ public JavaJerseyServerCodegen() {
library.setDefault(DEFAULT_LIBRARY);

cliOptions.add(library);
cliOptions.add(CliOption.newBoolean(SUPPORT_JAVA6, "Whether to support Java6 with the Jersey1/2 library."));
cliOptions.add(CliOption.newBoolean(USE_TAGS, "use tags for creating interface and controller classnames"));
}

Expand Down Expand Up @@ -89,11 +88,11 @@ public void processOpts() {
if (StringUtils.isEmpty(library)) {
setLibrary(DEFAULT_LIBRARY);
}

if ( additionalProperties.containsKey(CodegenConstants.IMPL_FOLDER)) {
implFolder = (String) additionalProperties.get(CodegenConstants.IMPL_FOLDER);
}

if (additionalProperties.containsKey(USE_TAGS)) {
this.setUseTags(Boolean.valueOf(additionalProperties.get(USE_TAGS).toString()));
}
Expand Down
7 changes: 4 additions & 3 deletions modules/swagger-codegen/src/main/resources/Java/libraries/jersey2/ApiClient.mustache
View file
Expand Up @@ -25,6 +25,7 @@ import java.io.InputStream;

{{^supportJava6}}
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import org.glassfish.jersey.logging.LoggingFeature;
{{/supportJava6}}
Expand Down Expand Up @@ -296,7 +297,7 @@ public class ApiClient {
public int getReadTimeout() {
return readTimeout;
}

/**
* Set the read timeout (in milliseconds).
* A value of 0 means no timeout, otherwise values must be between 1 and
Expand Down Expand Up @@ -628,9 +629,9 @@ public class ApiClient {
}

if (tempFolderPath == null)
return File.createTempFile(prefix, suffix);
return Files.createTempFile(prefix, suffix).toFile();
else
return File.createTempFile(prefix, suffix, new File(tempFolderPath));
return Files.createTempFile(Paths.get(tempFolderPath), prefix, suffix).toFile();
}

/**
Expand Down
8 changes: 5 additions & 3 deletions modules/swagger-codegen/src/main/resources/Java/libraries/okhttp-gson/ApiClient.mustache
View file
Expand Up @@ -24,6 +24,8 @@ import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.lang.reflect.Type;
import java.net.URLConnection;
import java.net.URLEncoder;
Expand Down Expand Up @@ -829,9 +831,9 @@ public class ApiClient {
}

if (tempFolderPath == null)
return File.createTempFile(prefix, suffix);
return Files.createTempFile(prefix, suffix).toFile();
else
return File.createTempFile(prefix, suffix, new File(tempFolderPath));
return Files.createTempFile(Paths.get(tempFolderPath), prefix, suffix).toFile();
}

/**
Expand Down Expand Up @@ -981,7 +983,7 @@ public class ApiClient {
* @param formParams The form parameters
* @param authNames The authentications to apply
* @param progressRequestListener Progress request listener
* @return The HTTP request
* @return The HTTP request
* @throws ApiException If fail to serialize the request body object
*/
public Request buildRequest(String path, String method, List<Pair> queryParams, List<Pair> collectionQueryParams, Object body, Map<String, String> headerParams, Map<String, Object> formParams, String[] authNames, ProgressRequestBody.ProgressRequestListener progressRequestListener) throws ApiException {
Expand Down
7 changes: 4 additions & 3 deletions modules/swagger-codegen/src/main/resources/Java/libraries/resteasy/ApiClient.mustache
View file
Expand Up @@ -8,6 +8,7 @@ import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
Expand Down Expand Up @@ -446,7 +447,7 @@ public class ApiClient {
public Entity<?> serialize(Object obj, Map<String, Object> formParams, String contentType) throws ApiException {
Entity<?> entity = null;
if (contentType.startsWith("multipart/form-data")) {
MultipartFormDataOutput multipart = new MultipartFormDataOutput();
MultipartFormDataOutput multipart = new MultipartFormDataOutput();
//MultiPart multiPart = new MultiPart();
for (Entry<String, Object> param: formParams.entrySet()) {
if (param.getValue() instanceof File) {
Expand Down Expand Up @@ -552,9 +553,9 @@ public class ApiClient {
}

if (tempFolderPath == null)
return File.createTempFile(prefix, suffix);
return Files.createTempFile(prefix, suffix).toFile();
else
return File.createTempFile(prefix, suffix, new File(tempFolderPath));
return Files.createTempFile(Paths.get(tempFolderPath), prefix, suffix).toFile();
}

/**
Expand Down
4 changes: 3 additions & 1 deletion modules/swagger-codegen/src/main/resources/finch/api.mustache
View file
Expand Up @@ -16,6 +16,8 @@ import com.twitter.util.Future
import com.twitter.io.Buf
import io.finch._, items._
import java.io.File
import java.nio.file.Files
import java.nio.file.Paths
import java.time._

object {{classname}} {
Expand Down Expand Up @@ -81,7 +83,7 @@ object {{classname}} {
}

private def bytesToFile(input: Array[Byte]): java.io.File = {
val file = File.createTempFile("tmp{{classname}}", null)
val file = Files.createTempFile("tmp{{classname}}", null).toFile()
val output = new FileOutputStream(file)
output.write(input)
file
Expand Down
15 changes: 8 additions & 7 deletions ...les/swagger-codegen/src/main/resources/kotlin-client/infrastructure/ApiClient.kt.mustache
View file
Expand Up @@ -3,6 +3,7 @@ package {{packageName}}.infrastructure
import okhttp3.*
import java.io.File
import java.io.IOException
import java.nio.file.Files;
import java.util.regex.Pattern

open class ApiClient(val baseUrl: String) {
Expand Down Expand Up @@ -64,15 +65,15 @@ open class ApiClient(val baseUrl: String) {
inline protected fun <reified T: Any?> responseBody(response: Response, mediaType: String = JsonMediaType): T? {
if(response.body() == null) return null
if(T::class.java == java.io.File::class.java){
return downloadFileFromResponse(response) as T
} else if(T::class == kotlin.Unit::class) {
return kotlin.Unit as T
}
var contentType = response.headers().get("Content-Type")
if(contentType == null) {
contentType = JsonMediaType
}
Expand All @@ -85,7 +86,7 @@ open class ApiClient(val baseUrl: String) {
TODO("Fill in more types!")
}
}
fun isJsonMime(mime: String?): Boolean {
val jsonMime = "(?i)^(application/json|[^;/ \t]+/[^;/ \t]+[+]json)[ \t]*(;.*)?$"
return mime != null && (mime.matches(jsonMime.toRegex()) || mime == "*/*")
Expand Down Expand Up @@ -162,7 +163,7 @@ open class ApiClient(val baseUrl: String) {
)
}
}
@Throws(IOException::class)
fun downloadFileFromResponse(response: Response): File {
val file = prepareDownloadFile(response)
Expand Down Expand Up @@ -206,6 +207,6 @@ open class ApiClient(val baseUrl: String) {
prefix = "download-"
}

return File.createTempFile(prefix, suffix);
return Files.createTempFile(prefix, suffix).toFile();
}
}
}
4 changes: 0 additions & 4 deletions modules/swagger-codegen/src/test/java/io/swagger/codegen/config/CodegenConfiguratorTest.java
View file
Expand Up @@ -162,14 +162,12 @@ public void testAdditionalProperties() throws Exception {

configurator.addAdditionalProperty("foo", "bar")
.addAdditionalProperty("hello", "world")
.addAdditionalProperty("supportJava6", false)
.addAdditionalProperty("useRxJava", true);

final ClientOptInput clientOptInput = setupAndRunGenericTest(configurator);

assertValueInMap(clientOptInput.getConfig().additionalProperties(), "foo", "bar");
assertValueInMap(clientOptInput.getConfig().additionalProperties(), "hello", "world");
assertValueInMap(clientOptInput.getConfig().additionalProperties(), "supportJava6", false);
assertValueInMap(clientOptInput.getConfig().additionalProperties(), "useRxJava", true);
}

Expand Down Expand Up @@ -250,13 +248,11 @@ public void testLibrary() throws Exception {
@Test
public void testDynamicProperties() throws Exception {
configurator.addDynamicProperty(CodegenConstants.LOCAL_VARIABLE_PREFIX, "_");
configurator.addDynamicProperty("supportJava6", false);
configurator.addDynamicProperty("useRxJava", true);

final ClientOptInput clientOptInput = setupAndRunGenericTest(configurator);

assertValueInMap(clientOptInput.getConfig().additionalProperties(), CodegenConstants.LOCAL_VARIABLE_PREFIX, "_");
assertValueInMap(clientOptInput.getConfig().additionalProperties(), "supportJava6", false);
assertValueInMap(clientOptInput.getConfig().additionalProperties(), "useRxJava", true);
}

Expand Down
4 changes: 1 addition & 3 deletions modules/swagger-codegen/src/test/java/io/swagger/codegen/jaxrs/JaxRSServerOptionsTest.java
View file
Expand Up @@ -72,10 +72,8 @@ protected void setExpectations() {
times = 1;
clientCodegen.setDateLibrary("joda");
times = 1;
clientCodegen.setSupportJava6(false);
times = 1;
clientCodegen.setUseBeanValidation(Boolean.valueOf(JaxRSServerOptionsProvider.USE_BEANVALIDATION));
times = 1;
times = 1;
clientCodegen.setUseTags(Boolean.valueOf(JaxRSServerOptionsProvider.USE_TAGS));
times = 1;
}};
Expand Down
1 change: 0 additions & 1 deletion ...s/swagger-codegen/src/test/java/io/swagger/codegen/options/JavaClientOptionsProvider.java
View file
Expand Up @@ -21,7 +21,6 @@ public Map<String, String> createOptions() {
options.put(JavaClientCodegen.USE_PLAY_WS, "false");
options.put(JavaClientCodegen.PLAY_VERSION, JavaClientCodegen.PLAY_25);
options.put(JavaClientCodegen.PARCELABLE_MODEL, "false");
options.put(JavaClientCodegen.SUPPORT_JAVA6, "false");
options.put(JavaClientCodegen.USE_BEANVALIDATION, "false");
options.put(JavaClientCodegen.PERFORM_BEANVALIDATION, PERFORM_BEANVALIDATION);
options.put(JavaClientCodegen.USE_GZIP_FEATURE, "false");
Expand Down
1 change: 0 additions & 1 deletion .../swagger-codegen/src/test/java/io/swagger/codegen/options/JaxRSServerOptionsProvider.java
View file
Expand Up @@ -58,7 +58,6 @@ public Map<String, String> createOptions() {
ImmutableMap.Builder<String, String> builder = new ImmutableMap.Builder<String, String>();
builder.put(CodegenConstants.IMPL_FOLDER, IMPL_FOLDER_VALUE)
.put(JavaClientCodegen.DATE_LIBRARY, "joda") //java.lang.IllegalArgumentException: Multiple entries with same key: dateLibrary=joda and dateLibrary=joda
.put(JavaClientCodegen.SUPPORT_JAVA6, "false")
.put("title", "Test title")
.put(CodegenConstants.MODEL_PACKAGE, MODEL_PACKAGE_VALUE)
.put(CodegenConstants.API_PACKAGE, API_PACKAGE_VALUE)
Expand Down
5 changes: 3 additions & 2 deletions ...wagger-codegen/src/test/resources/2_0/templates/Java/libraries/jersey2/ApiClient.mustache
View file
Expand Up @@ -27,6 +27,7 @@ import java.io.InputStream;

{{^supportJava6}}
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
{{/supportJava6}}
{{#supportJava6}}
Expand Down Expand Up @@ -624,9 +625,9 @@ public class ApiClient {
}

if (tempFolderPath == null)
return File.createTempFile(prefix, suffix);
return Files.createTempFile(prefix, suffix).toFile();
else
return File.createTempFile(prefix, suffix, new File(tempFolderPath));
return Files.createTempFile(Paths.get(tempFolderPath), prefix, suffix).toFile();
}

/**
Expand Down
12 changes: 0 additions & 12 deletions pom.xml
View file
Expand Up @@ -408,18 +408,6 @@
<module>samples/client/petstore/java/jersey2</module>
</modules>
</profile>
<profile>
<id>java-client-jersey2-java6</id>
<activation>
<property>
<name>env</name>
<value>java</value>
</property>
</activation>
<modules>
<module>samples/client/petstore/java/jersey2-java6</module>
</modules>
</profile>
<profile>
<id>java-client-okhttp-gson</id>
<activation>
Expand Down
12 changes: 0 additions & 12 deletions pom.xml.bash
View file
Expand Up @@ -408,18 +408,6 @@
<module>samples/client/petstore/java/jersey2</module>
</modules>
</profile>
<profile>
<id>java-client-jersey2-java6</id>
<activation>
<property>
<name>env</name>
<value>java</value>
</property>
</activation>
<modules>
<module>samples/client/petstore/java/jersey2-java6</module>
</modules>
</profile>
<profile>
<id>java-client-okhttp-gson</id>
<activation>
Expand Down
12 changes: 0 additions & 12 deletions pom.xml.circleci
View file
Expand Up @@ -368,18 +368,6 @@
<module>samples/client/petstore/java/jersey2</module>
</modules>
</profile>
<profile>
<id>java-client-jersey2-java6</id>
<activation>
<property>
<name>env</name>
<value>java</value>
</property>
</activation>
<modules>
<module>samples/client/petstore/java/jersey2-java6</module>
</modules>
</profile>
<profile>
<id>java-client-okhttp-gson</id>
<activation>
Expand Down

0 comments on commit 35adbd5

Please sign in to comment.