Add logs, remove unnecessary path validation in DefaultGenerator

djankows · djankows · commit 3fba44e3cbcc · 2025-09-26T15:06:11.000+02:00
diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/DefaultGenerator.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/DefaultGenerator.java
@@ -804,7 +804,6 @@ public Reader getTemplate(String name) {
                     .compile(template);
 
             writeToFile(adjustedOutputFilename, tmpl.execute(templateData));
-            SecureFileUtils.validatePath(adjustedOutputFilename);
             return new File(adjustedOutputFilename);
         }
 
diff --git a/modules/swagger-codegen/src/main/java/io/swagger/codegen/utils/SecureFileUtils.java b/modules/swagger-codegen/src/main/java/io/swagger/codegen/utils/SecureFileUtils.java
@@ -3,19 +3,24 @@
 import java.io.File;
 import java.io.IOException;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 
 /**
  * Utility class for secure file operations that prevent path traversal attacks.
  * Uses a simplified approach focusing on canonical path validation and allowlist-based security.
  */
 public class SecureFileUtils {
+    private static final Logger LOGGER = LoggerFactory.getLogger(SecureFileUtils.class);
 
     private SecureFileUtils() {
         // Utility class
     }
 
     public static void validatePath(File file) {
         if (file == null) {
+            LOGGER.error("File cannot be null");
             throw new IllegalArgumentException("File cannot be null");
         }
 
@@ -24,24 +29,29 @@ public static void validatePath(File file) {
             String canonicalPath = file.getCanonicalPath();
 
             if (absolutePath.contains("..") || absolutePath.contains("\0")) {
+                LOGGER.error("Path contains suspicious characters: {}", absolutePath);
                 throw new SecurityException("Path contains suspicious characters: " + absolutePath);
             }
 
             if (canonicalPath.contains("..") || canonicalPath.contains("\0")) {
+                LOGGER.error("Path contains suspicious characters: {}", canonicalPath);
                 throw new SecurityException("Path contains suspicious characters: " + canonicalPath);
             }
 
         } catch (IOException e) {
+            LOGGER.error("Unable to resolve canonical path for: {}, error: {}", file.getAbsolutePath(), e.getMessage());
             throw new SecurityException("Unable to resolve canonical path for: " + file.getAbsolutePath(), e);
         }
     }
 
     public static void validatePath(String path) {
         if (path == null || path.trim().isEmpty()) {
+            LOGGER.error("Path cannot be null or empty");
             throw new IllegalArgumentException("Path cannot be null or empty");
         }
 
         if (path.contains("..") || path.contains("\0")) {
+            LOGGER.error("Path contains suspicious characters: {}", path);
             throw new SecurityException("Path contains suspicious characters: " + path);
         }
 

Original file line number	Diff line number	Diff line change
`@@ -804,7 +804,6 @@ public Reader getTemplate(String name) {`
`804`	`804`	`.compile(template);`
`805`	`805`
`806`	`806`	`writeToFile(adjustedOutputFilename, tmpl.execute(templateData));`
`807`		`- SecureFileUtils.validatePath(adjustedOutputFilename);`
`808`	`807`	`return new File(adjustedOutputFilename);`
`809`	`808`	`}`
`810`	`809`
Original file line number	Diff line number	Diff line change
`@@ -3,19 +3,24 @@`
`3`	`3`	`import java.io.File;`
`4`	`4`	`import java.io.IOException;`
`5`	`5`
	`6`	`+import org.slf4j.Logger;`
	`7`	`+import org.slf4j.LoggerFactory;`
	`8`	`+`
`6`	`9`
`7`	`10`	`/**`
`8`	`11`	`* Utility class for secure file operations that prevent path traversal attacks.`
`9`	`12`	`* Uses a simplified approach focusing on canonical path validation and allowlist-based security.`
`10`	`13`	`*/`
`11`	`14`	`public class SecureFileUtils {`
	`15`	`+ private static final Logger LOGGER = LoggerFactory.getLogger(SecureFileUtils.class);`
`12`	`16`
`13`	`17`	`private SecureFileUtils() {`
`14`	`18`	`// Utility class`
`15`	`19`	`}`
`16`	`20`
`17`	`21`	`public static void validatePath(File file) {`
`18`	`22`	`if (file == null) {`
	`23`	`+ LOGGER.error("File cannot be null");`
`19`	`24`	`throw new IllegalArgumentException("File cannot be null");`
`20`	`25`	`}`
`21`	`26`
`@@ -24,24 +29,29 @@ public static void validatePath(File file) {`
`24`	`29`	`String canonicalPath = file.getCanonicalPath();`
`25`	`30`
`26`	`31`	`if (absolutePath.contains("..") \|\| absolutePath.contains("\0")) {`
	`32`	`+ LOGGER.error("Path contains suspicious characters: {}", absolutePath);`
`27`	`33`	`throw new SecurityException("Path contains suspicious characters: " + absolutePath);`
`28`	`34`	`}`
`29`	`35`
`30`	`36`	`if (canonicalPath.contains("..") \|\| canonicalPath.contains("\0")) {`
	`37`	`+ LOGGER.error("Path contains suspicious characters: {}", canonicalPath);`
`31`	`38`	`throw new SecurityException("Path contains suspicious characters: " + canonicalPath);`
`32`	`39`	`}`
`33`	`40`
`34`	`41`	`} catch (IOException e) {`
	`42`	`+ LOGGER.error("Unable to resolve canonical path for: {}, error: {}", file.getAbsolutePath(), e.getMessage());`
`35`	`43`	`throw new SecurityException("Unable to resolve canonical path for: " + file.getAbsolutePath(), e);`
`36`	`44`	`}`
`37`	`45`	`}`
`38`	`46`
`39`	`47`	`public static void validatePath(String path) {`
`40`	`48`	`if (path == null \|\| path.trim().isEmpty()) {`
	`49`	`+ LOGGER.error("Path cannot be null or empty");`
`41`	`50`	`throw new IllegalArgumentException("Path cannot be null or empty");`
`42`	`51`	`}`
`43`	`52`
`44`	`53`	`if (path.contains("..") \|\| path.contains("\0")) {`
	`54`	`+ LOGGER.error("Path contains suspicious characters: {}", path);`
`45`	`55`	`throw new SecurityException("Path contains suspicious characters: " + path);`
`46`	`56`	`}`
`47`	`57`