Skip to content

Commit c9f7af7

Browse files
icubbonicubbon
authored
Verify Path params that fall into the string bucket are supplied (#17032)
1 parent ec3c484 commit c9f7af7

File tree

7 files changed

+52
-0
lines changed

7 files changed

+52
-0
lines changed

modules/openapi-generator/src/main/resources/go-server/controller-api.mustache

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -183,6 +183,10 @@ func (c *{{classname}}Controller) {{nickname}}(w http.ResponseWriter, r *http.Re
183183
{{^isDateTime}}
184184
{{^isEnumOrRef}}
185185
{{paramName}}Param := {{#routers}}{{#mux}}params["{{baseName}}"]{{/mux}}{{#chi}}chi.URLParam(r, "{{baseName}}"){{/chi}}{{/routers}}
186+
if {{paramName}}Param == "" {
187+
c.errorHandler(w, r, &RequiredError{"{{baseName}}"}, nil)
188+
return
189+
}
186190
{{/isEnumOrRef}}
187191
{{#isEnumOrRef}}
188192
{{paramName}}Param, err := New{{dataType}}FromValue({{#routers}}{{#mux}}params["{{baseName}}"]{{/mux}}{{#chi}}chi.URLParam(r, "{{baseName}}"){{/chi}}{{/routers}})

samples/openapi3/server/petstore/go/go-petstore/go/api_store.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,10 @@ func (c *StoreAPIController) Routes() Routes {
7676
// DeleteOrder - Delete purchase order by ID
7777
func (c *StoreAPIController) DeleteOrder(w http.ResponseWriter, r *http.Request) {
7878
orderIdParam := chi.URLParam(r, "orderId")
79+
if orderIdParam == "" {
80+
c.errorHandler(w, r, &RequiredError{"orderId"}, nil)
81+
return
82+
}
7983
result, err := c.service.DeleteOrder(r.Context(), orderIdParam)
8084
// If an error occurred, encode the error with the status code
8185
if err != nil {

samples/openapi3/server/petstore/go/go-petstore/go/api_user.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -174,6 +174,10 @@ func (c *UserAPIController) CreateUsersWithListInput(w http.ResponseWriter, r *h
174174
func (c *UserAPIController) DeleteUser(w http.ResponseWriter, r *http.Request) {
175175
query := r.URL.Query()
176176
usernameParam := chi.URLParam(r, "username")
177+
if usernameParam == "" {
178+
c.errorHandler(w, r, &RequiredError{"username"}, nil)
179+
return
180+
}
177181
booleanTestParam, err := parseBoolParameter(
178182
query.Get("boolean_test"),
179183
WithParse[bool](parseBool),
@@ -195,6 +199,10 @@ func (c *UserAPIController) DeleteUser(w http.ResponseWriter, r *http.Request) {
195199
// GetUserByName - Get user by user name
196200
func (c *UserAPIController) GetUserByName(w http.ResponseWriter, r *http.Request) {
197201
usernameParam := chi.URLParam(r, "username")
202+
if usernameParam == "" {
203+
c.errorHandler(w, r, &RequiredError{"username"}, nil)
204+
return
205+
}
198206
result, err := c.service.GetUserByName(r.Context(), usernameParam)
199207
// If an error occurred, encode the error with the status code
200208
if err != nil {
@@ -275,6 +283,10 @@ func (c *UserAPIController) LogoutUser(w http.ResponseWriter, r *http.Request) {
275283
// UpdateUser - Updated user
276284
func (c *UserAPIController) UpdateUser(w http.ResponseWriter, r *http.Request) {
277285
usernameParam := chi.URLParam(r, "username")
286+
if usernameParam == "" {
287+
c.errorHandler(w, r, &RequiredError{"username"}, nil)
288+
return
289+
}
278290
userParam := User{}
279291
d := json.NewDecoder(r.Body)
280292
d.DisallowUnknownFields()

samples/server/petstore/go-api-server/go/api_store.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,10 @@ func (c *StoreAPIController) Routes() Routes {
7777
func (c *StoreAPIController) DeleteOrder(w http.ResponseWriter, r *http.Request) {
7878
params := mux.Vars(r)
7979
orderIdParam := params["orderId"]
80+
if orderIdParam == "" {
81+
c.errorHandler(w, r, &RequiredError{"orderId"}, nil)
82+
return
83+
}
8084
result, err := c.service.DeleteOrder(r.Context(), orderIdParam)
8185
// If an error occurred, encode the error with the status code
8286
if err != nil {

samples/server/petstore/go-api-server/go/api_user.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -175,6 +175,10 @@ func (c *UserAPIController) DeleteUser(w http.ResponseWriter, r *http.Request) {
175175
params := mux.Vars(r)
176176
query := r.URL.Query()
177177
usernameParam := params["username"]
178+
if usernameParam == "" {
179+
c.errorHandler(w, r, &RequiredError{"username"}, nil)
180+
return
181+
}
178182
booleanTestParam, err := parseBoolParameter(
179183
query.Get("boolean_test"),
180184
WithParse[bool](parseBool),
@@ -197,6 +201,10 @@ func (c *UserAPIController) DeleteUser(w http.ResponseWriter, r *http.Request) {
197201
func (c *UserAPIController) GetUserByName(w http.ResponseWriter, r *http.Request) {
198202
params := mux.Vars(r)
199203
usernameParam := params["username"]
204+
if usernameParam == "" {
205+
c.errorHandler(w, r, &RequiredError{"username"}, nil)
206+
return
207+
}
200208
result, err := c.service.GetUserByName(r.Context(), usernameParam)
201209
// If an error occurred, encode the error with the status code
202210
if err != nil {
@@ -246,6 +254,10 @@ func (c *UserAPIController) LogoutUser(w http.ResponseWriter, r *http.Request) {
246254
func (c *UserAPIController) UpdateUser(w http.ResponseWriter, r *http.Request) {
247255
params := mux.Vars(r)
248256
usernameParam := params["username"]
257+
if usernameParam == "" {
258+
c.errorHandler(w, r, &RequiredError{"username"}, nil)
259+
return
260+
}
249261
userParam := User{}
250262
d := json.NewDecoder(r.Body)
251263
d.DisallowUnknownFields()

samples/server/petstore/go-chi-server/go/api_store.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,10 @@ func (c *StoreAPIController) Routes() Routes {
7676
// DeleteOrder - Delete purchase order by ID
7777
func (c *StoreAPIController) DeleteOrder(w http.ResponseWriter, r *http.Request) {
7878
orderIdParam := chi.URLParam(r, "orderId")
79+
if orderIdParam == "" {
80+
c.errorHandler(w, r, &RequiredError{"orderId"}, nil)
81+
return
82+
}
7983
result, err := c.service.DeleteOrder(r.Context(), orderIdParam)
8084
// If an error occurred, encode the error with the status code
8185
if err != nil {

samples/server/petstore/go-chi-server/go/api_user.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -174,6 +174,10 @@ func (c *UserAPIController) CreateUsersWithListInput(w http.ResponseWriter, r *h
174174
func (c *UserAPIController) DeleteUser(w http.ResponseWriter, r *http.Request) {
175175
query := r.URL.Query()
176176
usernameParam := chi.URLParam(r, "username")
177+
if usernameParam == "" {
178+
c.errorHandler(w, r, &RequiredError{"username"}, nil)
179+
return
180+
}
177181
booleanTestParam, err := parseBoolParameter(
178182
query.Get("boolean_test"),
179183
WithParse[bool](parseBool),
@@ -195,6 +199,10 @@ func (c *UserAPIController) DeleteUser(w http.ResponseWriter, r *http.Request) {
195199
// GetUserByName - Get user by user name
196200
func (c *UserAPIController) GetUserByName(w http.ResponseWriter, r *http.Request) {
197201
usernameParam := chi.URLParam(r, "username")
202+
if usernameParam == "" {
203+
c.errorHandler(w, r, &RequiredError{"username"}, nil)
204+
return
205+
}
198206
result, err := c.service.GetUserByName(r.Context(), usernameParam)
199207
// If an error occurred, encode the error with the status code
200208
if err != nil {
@@ -243,6 +251,10 @@ func (c *UserAPIController) LogoutUser(w http.ResponseWriter, r *http.Request) {
243251
// UpdateUser - Updated user
244252
func (c *UserAPIController) UpdateUser(w http.ResponseWriter, r *http.Request) {
245253
usernameParam := chi.URLParam(r, "username")
254+
if usernameParam == "" {
255+
c.errorHandler(w, r, &RequiredError{"username"}, nil)
256+
return
257+
}
246258
userParam := User{}
247259
d := json.NewDecoder(r.Body)
248260
d.DisallowUnknownFields()

0 commit comments

Comments
 (0)