Added security test script and performed test

Author: Kahncode

bin/security/ue4cpp-petstore.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+SCRIPT="$0"
+
+while [ -h "$SCRIPT" ] ; do
+  ls=`ls -ld "$SCRIPT"`
+  link=`expr "$ls" : '.*-> \(.*\)$'`
+  if expr "$link" : '/.*' > /dev/null; then
+    SCRIPT="$link"
+  else
+    SCRIPT=`dirname "$SCRIPT"`/"$link"
+  fi
+done
+
+if [ ! -d "${APP_DIR}" ]; then
+  APP_DIR=`dirname "$SCRIPT"`/..
+  APP_DIR=`cd "${APP_DIR}"; pwd`
+fi
+
+executable="./modules/swagger-codegen-cli/target/swagger-codegen-cli.jar"
+
+if [ ! -f "$executable" ]
+then
+  mvn clean package
+fi
+
+# if you've executed sbt assembly previously it will use that instead.
+export JAVA_OPTS="${JAVA_OPTS} -XX:MaxPermSize=256M -Xmx1024M -DloggerPath=conf/log4j.properties"
+ags="$@ generate -t modules/swagger-codegen/src/main/resources/ue4cpp -i modules/swagger-codegen/src/test/resources/2_0/petstore-security-test.yaml -l ue4cpp -o samples/client/petstore-security-test/ue4cpp"
+
+java $JAVA_OPTS -jar $executable $ags

samples/client/petstore-security-test/ue4cpp/.swagger-codegen-ignore

@@ -0,0 +1,23 @@
+# Swagger Codegen Ignore
+# Generated by swagger-codegen https://github.com/swagger-api/swagger-codegen
+
+# Use this file to prevent files from being overwritten by the generator.
+# The patterns follow closely to .gitignore or .dockerignore.
+
+# As an example, the C# client generator defines ApiClient.cs.
+# You can make changes and tell Swagger Codgen to ignore just this file by uncommenting the following line:
+#ApiClient.cs
+
+# You can match any string of characters against a directory, file or extension with a single asterisk (*):
+#foo/*/qux
+# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux
+
+# You can recursively match patterns against a directory, file or extension with a double asterisk (**):
+#foo/**/qux
+# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux
+
+# You can also negate patterns with an exclamation (!).
+# For example, you can ignore all files in a docs folder with the file extension .md:
+#docs/*.md
+# Then explicitly reverse the ignore rule for a single file:
+#!docs/README.md

samples/client/petstore-security-test/ue4cpp/.swagger-codegen/VERSION

@@ -0,0 +1 @@
+2.4.15-SNAPSHOT

samples/client/petstore-security-test/ue4cpp/Private/SwaggerBaseModel.cpp

@@ -0,0 +1,27 @@
+/**
+ * Swagger Petstore *_/ ' \" =end -- \\r\\n \\n \\r
+ * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\  *_/ ' \" =end --       
+ *
+ * OpenAPI spec version: 1.0.0 *_/ ' \" =end -- \\r\\n \\n \\r
+ * Contact: [email protected] *_/ ' \" =end -- \\r\\n \\n \\r
+ *
+ * NOTE: This class is auto generated by the swagger code generator program.
+ * https://github.com/swagger-api/swagger-codegen.git
+ * Do not edit the class manually.
+ */
+#include "SwaggerBaseModel.h"
+
+namespace Swagger 
+{
+
+void Response::SetHttpResponseCode(EHttpResponseCodes::Type InHttpResponseCode)
+{
+    ResponseCode = InHttpResponseCode;
+    SetSuccessful(EHttpResponseCodes::IsOk(InHttpResponseCode));
+    if(InHttpResponseCode == EHttpResponseCodes::RequestTimeout)
+    {
+        SetResponseString(TEXT("Request Timeout"));
+    }
+}
+
+}

samples/client/petstore-security-test/ue4cpp/Private/SwaggerFakeApi.cpp

@@ -0,0 +1,122 @@
+/**
+ * Swagger Petstore *_/ ' \" =end -- \\r\\n \\n \\r
+ * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\  *_/ ' \" =end --       
+ *
+ * OpenAPI spec version: 1.0.0 *_/ ' \" =end -- \\r\\n \\n \\r
+ * Contact: [email protected] *_/ ' \" =end -- \\r\\n \\n \\r
+ *
+ * NOTE: This class is auto generated by the swagger code generator program.
+ * https://github.com/swagger-api/swagger-codegen.git
+ * Do not edit the class manually.
+ */
+#include "SwaggerFakeApi.h"
+
+#include "SwaggerFakeApiOperations.h"
+#include "SwaggerModule.h"
+
+#include "HttpModule.h"
+#include "Serialization/JsonSerializer.h"
+
+namespace Swagger 
+{
+
+SwaggerFakeApi::SwaggerFakeApi() 
+: Url(TEXT("https://petstore.swagger.io *_/ ' \" =end -- \\r\\n \\n \\r/v2 *_/ ' \" =end -- \\r\\n \\n \\r"))
+{
+}
+
+SwaggerFakeApi::~SwaggerFakeApi() {}
+
+void SwaggerFakeApi::SetURL(const FString& InUrl)
+{
+	Url = InUrl;
+}
+
+void SwaggerFakeApi::AddHeaderParam(const FString& Key, const FString& Value)
+{
+	AdditionalHeaderParams.Add(Key, Value);
+}
+
+void SwaggerFakeApi::ClearHeaderParams()
+{
+	AdditionalHeaderParams.Reset();
+}
+
+bool SwaggerFakeApi::IsValid() const
+{
+	if (Url.IsEmpty())
+	{
+		UE_LOG(LogSwagger, Error, TEXT("SwaggerFakeApi: Endpoint Url is not set, request cannot be performed"));
+		return false;
+	}
+
+	return true;
+}
+
+void SwaggerFakeApi::HandleResponse(FHttpResponsePtr HttpResponse, bool bSucceeded, Response& InOutResponse) const
+{
+	InOutResponse.SetHttpResponse(HttpResponse);
+	InOutResponse.SetSuccessful(bSucceeded);
+
+	if (bSucceeded && HttpResponse.IsValid())
+	{
+		InOutResponse.SetHttpResponseCode((EHttpResponseCodes::Type)HttpResponse->GetResponseCode());
+		FString ContentType = HttpResponse->GetContentType();
+		FString Content;
+
+		if (ContentType == TEXT("application/json"))
+		{
+			Content = HttpResponse->GetContentAsString();
+
+			TSharedPtr<FJsonValue> JsonValue;
+			auto Reader = TJsonReaderFactory<>::Create(Content);
+
+			if (FJsonSerializer::Deserialize(Reader, JsonValue) && JsonValue.IsValid())
+			{
+				if (InOutResponse.FromJson(JsonValue))
+					return; // Successfully parsed
+			}
+		}
+		else if(ContentType == TEXT("text/plain"))
+		{
+			Content = HttpResponse->GetContentAsString();
+			InOutResponse.SetResponseString(Content);
+			return; // Successfully parsed
+		}
+
+		// Report the parse error but do not mark the request as unsuccessful. Data could be partial or malformed, but the request succeeded.
+		UE_LOG(LogSwagger, Error, TEXT("Failed to deserialize Http response content (type:%s):\n%s"), *ContentType , *Content);
+		return;
+	}
+
+	// By default, assume we failed to establish connection
+	InOutResponse.SetHttpResponseCode(EHttpResponseCodes::RequestTimeout);
+}
+
+bool SwaggerFakeApi::TestCodeInjectEndRnNR(const TestCodeInjectEndRnNRRequest& Request, const FTestCodeInjectEndRnNRDelegate& Delegate /*= FTestCodeInjectEndRnNRDelegate()*/) const
+{
+	if (!IsValid())
+		return false;
+
+	TSharedRef<IHttpRequest> HttpRequest = FHttpModule::Get().CreateRequest();
+	HttpRequest->SetURL(*(Url + Request.ComputePath()));
+
+	for(const auto& It : AdditionalHeaderParams)
+	{
+		HttpRequest->SetHeader(It.Key, It.Value);
+	}
+
+	Request.SetupHttpRequest(HttpRequest);
+	
+	HttpRequest->OnProcessRequestComplete().BindRaw(this, &SwaggerFakeApi::OnTestCodeInjectEndRnNRResponse, Delegate);
+	return HttpRequest->ProcessRequest();
+}
+
+void SwaggerFakeApi::OnTestCodeInjectEndRnNRResponse(FHttpRequestPtr HttpRequest, FHttpResponsePtr HttpResponse, bool bSucceeded, FTestCodeInjectEndRnNRDelegate Delegate) const
+{
+	TestCodeInjectEndRnNRResponse Response;
+	HandleResponse(HttpResponse, bSucceeded, Response);
+	Delegate.ExecuteIfBound(Response);
+}
+
+}

samples/client/petstore-security-test/ue4cpp/Private/SwaggerFakeApiOperations.cpp

@@ -0,0 +1,86 @@
+/**
+ * Swagger Petstore *_/ ' \" =end -- \\r\\n \\n \\r
+ * This spec is mainly for testing Petstore server and contains fake endpoints, models. Please do not use this for any other purpose. Special characters: \" \\  *_/ ' \" =end --       
+ *
+ * OpenAPI spec version: 1.0.0 *_/ ' \" =end -- \\r\\n \\n \\r
+ * Contact: [email protected] *_/ ' \" =end -- \\r\\n \\n \\r
+ *
+ * NOTE: This class is auto generated by the swagger code generator program.
+ * https://github.com/swagger-api/swagger-codegen.git
+ * Do not edit the class manually.
+ */
+#include "SwaggerFakeApiOperations.h"
+
+#include "SwaggerModule.h"
+#include "SwaggerHelpers.h"
+
+#include "Dom/JsonObject.h"
+#include "Templates/SharedPointer.h"
+#include "HttpModule.h"
+#include "PlatformHttp.h"
+
+namespace Swagger 
+{
+
+FString SwaggerFakeApi::TestCodeInjectEndRnNRRequest::ComputePath() const
+{
+	FString Path(TEXT("/fake"));
+	return Path;
+}
+
+void SwaggerFakeApi::TestCodeInjectEndRnNRRequest::SetupHttpRequest(const TSharedRef<IHttpRequest>& HttpRequest) const
+{
+	static const TArray<FString> Consumes = { TEXT("application/json"), TEXT("*_/ '  =end --       ") };
+	//static const TArray<FString> Produces = { TEXT("application/json"), TEXT("*_/ '  =end --       ") };
+
+	HttpRequest->SetVerb(TEXT("PUT"));
+
+	// Default to Json Body request
+	if (Consumes.Num() == 0 || Consumes.Contains(TEXT("application/json")))
+	{
+		UE_LOG(LogSwagger, Error, TEXT("Form parameter (test code inject */ &#39; &quot; &#x3D;end -- \r\n \n \r) was ignored, cannot be used in JsonBody"));
+	}
+	else if (Consumes.Contains(TEXT("multipart/form-data")))
+	{
+		HttpMultipartFormData FormData;
+		if(TestCodeInjectEndRnNR.IsSet())
+		{
+			FormData.AddStringPart(TEXT("test code inject */ &#39; &quot; &#x3D;end -- \r\n \n \r"), *ToUrlString(TestCodeInjectEndRnNR.GetValue()));
+		}
+
+		FormData.SetupHttpRequest(HttpRequest);
+	}
+	else if (Consumes.Contains(TEXT("application/x-www-form-urlencoded")))
+	{
+		TArray<FString> FormParams;
+		if(TestCodeInjectEndRnNR.IsSet())
+		{
+			FormParams.Add(FString(TEXT("test code inject */ &#39; &quot; &#x3D;end -- \r\n \n \r=")) + ToUrlString(TestCodeInjectEndRnNR.GetValue()));
+		}
+		
+		HttpRequest->SetHeader(TEXT("Content-Type"), TEXT("application/x-www-form-urlencoded; charset=utf-8"));
+		HttpRequest->SetContentAsString(FString::Join(FormParams, TEXT("&")));
+	}
+	else
+	{
+		UE_LOG(LogSwagger, Error, TEXT("Request ContentType not supported (%s)"), *FString::Join(Consumes, TEXT(",")));
+	}
+}
+
+void SwaggerFakeApi::TestCodeInjectEndRnNRResponse::SetHttpResponseCode(EHttpResponseCodes::Type InHttpResponseCode)
+{
+	Response::SetHttpResponseCode(InHttpResponseCode);
+	switch ((int)InHttpResponseCode)
+	{
+	case 400:
+		SetResponseString(TEXT("To test code injection *_/ &#39; \&quot; &#x3D;end -- \\r\\n \\n \\r"));
+		break;
+	}
+}
+
+bool SwaggerFakeApi::TestCodeInjectEndRnNRResponse::FromJson(const TSharedPtr<FJsonValue>& JsonValue)
+{
+	return true;
+}
+
+}