Update

Author: linxGnu

modules/openapi-generator/src/main/java/org/openapitools/codegen/languages/RustAxumServerCodegen.java

@@ -1000,6 +1000,22 @@ public void postProcessModelProperty(CodegenModel model, CodegenProperty propert
             property.dataType = objectType;
             property.isNullable = false;
         }
+
+        if (property.dataType.startsWith(vecType + "<String")) {
+            property.vendorExtensions.put("is-vec-string", true);
+        } else if (property.dataType.startsWith(vecType + "<models::")) {
+            property.vendorExtensions.put("is-vec-nested", true);
+        } else if (property.dataType.startsWith(mapType + "<String, String")) {
+            property.vendorExtensions.put("is-map-string", true);
+        } else if (property.dataType.startsWith(mapType + "<String, models::")) {
+            property.vendorExtensions.put("is-map-nested", true);
+        } else if (property.dataType.startsWith(mapType + "<String")) {
+            property.vendorExtensions.put("is-map", true);
+        } else if (property.dataType.startsWith("models::")) {
+            property.vendorExtensions.put("is-nested", true);
+        } else if (stringType.equals(property.dataType)) {
+            property.vendorExtensions.put("is-string", true);
+        }
     }
 
     @Override

modules/openapi-generator/src/main/resources/rust-axum/Cargo.mustache

@@ -39,6 +39,7 @@ conversion = [
 ]
 
 [dependencies]
+ammonia = "4"
 async-trait = "0.1"
 axum = { version = "0.8", features = ["multipart"] }
 axum-extra = { version = "0.10", features = ["cookie", "query"] }

modules/openapi-generator/src/main/resources/rust-axum/models.mustache

@@ -17,6 +17,7 @@ conversion = [
 ]
 
 [dependencies]
+ammonia = "4"
 async-trait = "0.1"
 axum = { version = "0.8", features = ["multipart"] }
 axum-extra = { version = "0.10", features = ["cookie", "query"] }

samples/server/petstore/rust-axum/output/apikey-authorization/Cargo.toml

@@ -7,6 +7,60 @@ use validator::Validate;
 use crate::header;
 use crate::{models, types::*};
 
+#[allow(dead_code)]
+pub fn check_xss_string(v: &str) -> std::result::Result<(), validator::ValidationError> {
+    if ammonia::is_html(v) {
+        std::result::Result::Err(validator::ValidationError::new("xss detected"))
+    } else {
+        std::result::Result::Ok(())
+    }
+}
+
+#[allow(dead_code)]
+pub fn check_xss_vec_string(v: &[String]) -> std::result::Result<(), validator::ValidationError> {
+    if v.iter().any(|i| ammonia::is_html(i)) {
+        std::result::Result::Err(validator::ValidationError::new("xss detected"))
+    } else {
+        std::result::Result::Ok(())
+    }
+}
+
+#[allow(dead_code)]
+pub fn check_xss_map_string(
+    v: &std::collections::HashMap<String, String>,
+) -> std::result::Result<(), validator::ValidationError> {
+    if v.keys().any(|k| ammonia::is_html(k)) || v.values().any(|v| ammonia::is_html(v)) {
+        std::result::Result::Err(validator::ValidationError::new("xss detected"))
+    } else {
+        std::result::Result::Ok(())
+    }
+}
+
+#[allow(dead_code)]
+pub fn check_xss_map_nested<T>(
+    v: &std::collections::HashMap<String, T>,
+) -> std::result::Result<(), validator::ValidationError>
+where
+    T: validator::Validate,
+{
+    if v.keys().any(|k| ammonia::is_html(k)) || v.values().any(|v| v.validate().is_err()) {
+        std::result::Result::Err(validator::ValidationError::new("xss detected"))
+    } else {
+        std::result::Result::Ok(())
+    }
+}
+
+#[allow(dead_code)]
+pub fn check_xss_map<T>(
+    v: &std::collections::HashMap<String, T>,
+) -> std::result::Result<(), validator::ValidationError> {
+    if v.keys().any(|k| ammonia::is_html(k)) {
+        std::result::Result::Err(validator::ValidationError::new("xss detected"))
+    } else {
+        std::result::Result::Ok(())
+    }
+}
+
 #[derive(Debug, Clone, PartialEq, serde::Serialize, serde::Deserialize, validator::Validate)]
 #[cfg_attr(feature = "conversion", derive(frunk::LabelledGeneric))]
 pub struct GetPaymentMethodByIdPathParams {
@@ -19,7 +73,7 @@ pub struct GetPaymentMethodByIdPathParams {
 pub struct Amount {
     /// The three-character [ISO currency code](https://docs.adyen.com/development-resources/currency-codes).
     #[serde(rename = "currency")]
-    #[validate(length(min = 3, max = 3))]
+    #[validate(length(min = 3, max = 3), custom(function = "check_xss_string"))]
     pub currency: String,
 
     /// The amount of the transaction, in [minor units](https://docs.adyen.com/development-resources/currency-codes).
@@ -171,10 +225,12 @@ impl std::convert::TryFrom<HeaderValue> for header::IntoHeaderValue<Amount> {
 pub struct CheckoutError {
     /// Error code
     #[serde(rename = "code")]
+    #[validate(custom(function = "check_xss_string"))]
     pub code: String,
 
     /// User-friendly message
     #[serde(rename = "message")]
+    #[validate(custom(function = "check_xss_string"))]
     pub message: String,
 }
 
@@ -321,20 +377,25 @@ impl std::convert::TryFrom<HeaderValue> for header::IntoHeaderValue<CheckoutErro
 #[cfg_attr(feature = "conversion", derive(frunk::LabelledGeneric))]
 pub struct Payment {
     #[serde(rename = "paymentMethod")]
+    #[validate(nested)]
     pub payment_method: models::PaymentMethod,
 
     #[serde(rename = "amount")]
+    #[validate(nested)]
     pub amount: models::Amount,
 
     #[serde(rename = "merchantAccount")]
+    #[validate(custom(function = "check_xss_string"))]
     pub merchant_account: String,
 
     #[serde(rename = "reference")]
+    #[validate(custom(function = "check_xss_string"))]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub reference: Option<String>,
 
     /// Note: inline enums are not fully supported by openapi-generator
     #[serde(rename = "channel")]
+    #[validate(custom(function = "check_xss_string"))]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub channel: Option<String>,
 }
@@ -525,11 +586,13 @@ pub struct PaymentMethod {
     /// Name of the payment method
     /// Note: inline enums are not fully supported by openapi-generator
     #[serde(rename = "name")]
+    #[validate(custom(function = "check_xss_string"))]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub name: Option<String>,
 
     /// Type of the payment method
     #[serde(rename = "type")]
+    #[validate(custom(function = "check_xss_string"))]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub r#type: Option<String>,
 }
@@ -675,11 +738,13 @@ impl std::convert::TryFrom<HeaderValue> for header::IntoHeaderValue<PaymentMetho
 pub struct PaymentResult {
     /// PSP ref
     #[serde(rename = "pspReference")]
+    #[validate(custom(function = "check_xss_string"))]
     pub psp_reference: String,
 
     /// Result code
     /// Note: inline enums are not fully supported by openapi-generator
     #[serde(rename = "resultCode")]
+    #[validate(custom(function = "check_xss_string"))]
     pub result_code: String,
 }
 

samples/server/petstore/rust-axum/output/apikey-authorization/src/models.rs

@@ -17,6 +17,7 @@ conversion = [
 ]
 
 [dependencies]
+ammonia = "4"
 async-trait = "0.1"
 axum = { version = "0.8", features = ["multipart"] }
 axum-extra = { version = "0.10", features = ["cookie", "query"] }

samples/server/petstore/rust-axum/output/apikey-auths/Cargo.toml

@@ -7,6 +7,60 @@ use validator::Validate;
 use crate::header;
 use crate::{models, types::*};
 
+#[allow(dead_code)]
+pub fn check_xss_string(v: &str) -> std::result::Result<(), validator::ValidationError> {
+    if ammonia::is_html(v) {
+        std::result::Result::Err(validator::ValidationError::new("xss detected"))
+    } else {
+        std::result::Result::Ok(())
+    }
+}
+
+#[allow(dead_code)]
+pub fn check_xss_vec_string(v: &[String]) -> std::result::Result<(), validator::ValidationError> {
+    if v.iter().any(|i| ammonia::is_html(i)) {
+        std::result::Result::Err(validator::ValidationError::new("xss detected"))
+    } else {
+        std::result::Result::Ok(())
+    }
+}
+
+#[allow(dead_code)]
+pub fn check_xss_map_string(
+    v: &std::collections::HashMap<String, String>,
+) -> std::result::Result<(), validator::ValidationError> {
+    if v.keys().any(|k| ammonia::is_html(k)) || v.values().any(|v| ammonia::is_html(v)) {
+        std::result::Result::Err(validator::ValidationError::new("xss detected"))
+    } else {
+        std::result::Result::Ok(())
+    }
+}
+
+#[allow(dead_code)]
+pub fn check_xss_map_nested<T>(
+    v: &std::collections::HashMap<String, T>,
+) -> std::result::Result<(), validator::ValidationError>
+where
+    T: validator::Validate,
+{
+    if v.keys().any(|k| ammonia::is_html(k)) || v.values().any(|v| v.validate().is_err()) {
+        std::result::Result::Err(validator::ValidationError::new("xss detected"))
+    } else {
+        std::result::Result::Ok(())
+    }
+}
+
+#[allow(dead_code)]
+pub fn check_xss_map<T>(
+    v: &std::collections::HashMap<String, T>,
+) -> std::result::Result<(), validator::ValidationError> {
+    if v.keys().any(|k| ammonia::is_html(k)) {
+        std::result::Result::Err(validator::ValidationError::new("xss detected"))
+    } else {
+        std::result::Result::Ok(())
+    }
+}
+
 #[derive(Debug, Clone, PartialEq, serde::Serialize, serde::Deserialize, validator::Validate)]
 #[cfg_attr(feature = "conversion", derive(frunk::LabelledGeneric))]
 pub struct GetPaymentMethodByIdPathParams {
@@ -19,7 +73,7 @@ pub struct GetPaymentMethodByIdPathParams {
 pub struct Amount {
     /// The three-character [ISO currency code](https://docs.adyen.com/development-resources/currency-codes).
     #[serde(rename = "currency")]
-    #[validate(length(min = 3, max = 3))]
+    #[validate(length(min = 3, max = 3), custom(function = "check_xss_string"))]
     pub currency: String,
 
     /// The amount of the transaction, in [minor units](https://docs.adyen.com/development-resources/currency-codes).
@@ -171,10 +225,12 @@ impl std::convert::TryFrom<HeaderValue> for header::IntoHeaderValue<Amount> {
 pub struct CheckoutError {
     /// Error code
     #[serde(rename = "code")]
+    #[validate(custom(function = "check_xss_string"))]
     pub code: String,
 
     /// User-friendly message
     #[serde(rename = "message")]
+    #[validate(custom(function = "check_xss_string"))]
     pub message: String,
 }
 
@@ -321,20 +377,25 @@ impl std::convert::TryFrom<HeaderValue> for header::IntoHeaderValue<CheckoutErro
 #[cfg_attr(feature = "conversion", derive(frunk::LabelledGeneric))]
 pub struct Payment {
     #[serde(rename = "paymentMethod")]
+    #[validate(nested)]
     pub payment_method: models::PaymentMethod,
 
     #[serde(rename = "amount")]
+    #[validate(nested)]
     pub amount: models::Amount,
 
     #[serde(rename = "merchantAccount")]
+    #[validate(custom(function = "check_xss_string"))]
     pub merchant_account: String,
 
     #[serde(rename = "reference")]
+    #[validate(custom(function = "check_xss_string"))]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub reference: Option<String>,
 
     /// Note: inline enums are not fully supported by openapi-generator
     #[serde(rename = "channel")]
+    #[validate(custom(function = "check_xss_string"))]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub channel: Option<String>,
 }
@@ -525,11 +586,13 @@ pub struct PaymentMethod {
     /// Name of the payment method
     /// Note: inline enums are not fully supported by openapi-generator
     #[serde(rename = "name")]
+    #[validate(custom(function = "check_xss_string"))]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub name: Option<String>,
 
     /// Type of the payment method
     #[serde(rename = "type")]
+    #[validate(custom(function = "check_xss_string"))]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub r#type: Option<String>,
 }
@@ -675,11 +738,13 @@ impl std::convert::TryFrom<HeaderValue> for header::IntoHeaderValue<PaymentMetho
 pub struct PaymentResult {
     /// PSP ref
     #[serde(rename = "pspReference")]
+    #[validate(custom(function = "check_xss_string"))]
     pub psp_reference: String,
 
     /// Result code
     /// Note: inline enums are not fully supported by openapi-generator
     #[serde(rename = "resultCode")]
+    #[validate(custom(function = "check_xss_string"))]
     pub result_code: String,
 }
 

samples/server/petstore/rust-axum/output/apikey-auths/src/models.rs

@@ -17,6 +17,7 @@ conversion = [
 ]
 
 [dependencies]
+ammonia = "4"
 async-trait = "0.1"
 axum = { version = "0.8", features = ["multipart"] }
 axum-extra = { version = "0.10", features = ["cookie", "query"] }