add option to set ssl host setting in ruby client

Author: wing328

modules/swagger-codegen/src/main/resources/ruby/api_client.mustache

@@ -82,18 +82,23 @@ module {{moduleName}}
       update_params_for_auth! header_params, query_params, opts[:auth_names]
       {{/hasAuthMethods}}
 
+      # set ssl_verifyhosts option based on @config.verify_ssl_host (true/false)
+      _verify_ssl_host = @config.verify_ssl_host ? 2 : 0
+
       req_opts = {
         :method => http_method,
         :headers => header_params,
         :params => query_params,
         :params_encoding => @config.params_encoding,
         :timeout => @config.timeout,
         :ssl_verifypeer => @config.verify_ssl,
+        :ssl_verifyhost => _verify_ssl_host,
         :sslcert => @config.cert_file,
         :sslkey => @config.key_file,
         :verbose => @config.debugging
       }
 
+      # set custom cert, if provided
       req_opts[:cainfo] = @config.ssl_ca_cert if @config.ssl_ca_cert
 
       if [:post, :patch, :put, :delete].include?(http_method)

modules/swagger-codegen/src/main/resources/ruby/configuration.mustache

@@ -68,7 +68,7 @@ module {{moduleName}}
     # Default to 0 (never times out).
     attr_accessor :timeout
 
-    ### TLS/SSL
+    ### TLS/SSL setting
     # Set this to false to skip verifying SSL certificate when calling API from https server.
     # Default to true.
     #
@@ -77,13 +77,16 @@ module {{moduleName}}
     # @return [true, false]
     attr_accessor :verify_ssl
 
-    # Set this to customize parameters encoding of array parameter with multi collectionFormat.
-    # Default to nil.
+    ### TLS/SSL setting
+    # Set this to false to skip verifying SSL host name
+    # Default to true.
     #
-    # @see The params_encoding option of Ethon. Related source code:
-    # https://github.com/typhoeus/ethon/blob/master/lib/ethon/easy/queryable.rb#L96
-    attr_accessor :params_encoding
+    # @note Do NOT set it to false in production code, otherwise you would face multiple types of cryptographic attacks.
+    #
+    # @return [true, false]
+    attr_accessor :verify_ssl_host
 
+    ### TLS/SSL setting
     # Set this to customize the certificate file to verify the peer.
     #
     # @return [String] the path to the certificate file
@@ -92,12 +95,21 @@ module {{moduleName}}
     # https://github.com/typhoeus/typhoeus/blob/master/lib/typhoeus/easy_factory.rb#L145
     attr_accessor :ssl_ca_cert
 
+    ### TLS/SSL setting
     # Client certificate file (for client certificate)
     attr_accessor :cert_file
 
+    ### TLS/SSL setting
     # Client private key file (for client certificate)
     attr_accessor :key_file
 
+    # Set this to customize parameters encoding of array parameter with multi collectionFormat.
+    # Default to nil.
+    #
+    # @see The params_encoding option of Ethon. Related source code:
+    # https://github.com/typhoeus/ethon/blob/master/lib/ethon/easy/queryable.rb#L96
+    attr_accessor :params_encoding
+
     attr_accessor :inject_format
 
     attr_accessor :force_ending_format
@@ -110,6 +122,7 @@ module {{moduleName}}
       @api_key_prefix = {}
       @timeout = 0
       @verify_ssl = true
+      @verify_ssl_host = true
       @params_encoding = nil
       @cert_file = nil
       @key_file = nil

samples/client/petstore/ruby/README.md

@@ -8,7 +8,7 @@ This SDK is automatically generated by the [Swagger Codegen](https://github.com/
 
 - API version: 1.0.0
 - Package version: 1.0.0
-- Build date: 2016-06-29T13:19:03.533-07:00
+- Build date: 2016-07-04T22:10:18.328+08:00
 - Build package: class io.swagger.codegen.languages.RubyClientCodegen
 
 ## Installation
@@ -57,15 +57,30 @@ require 'petstore'
 
 api_instance = Petstore::FakeApi.new
 
+number = 3.4 # Float | None
+
+double = 1.2 # Float | None
+
+string = "string_example" # String | None
+
+byte = "B" # String | None
+
 opts = { 
-  test_code_inject__end: "test_code_inject__end_example" # String | To test code injection */ 
+  integer: 56, # Integer | None
+  int32: 56, # Integer | None
+  int64: 789, # Integer | None
+  float: 3.4, # Float | None
+  binary: "B", # String | None
+  date: Date.parse("2013-10-20"), # Date | None
+  date_time: DateTime.parse("2013-10-20T19:20:30+01:00"), # DateTime | None
+  password: "password_example" # String | None
 }
 
 begin
-  #To test code injection */ 
-  api_instance.test_code_inject__end(opts)
+  #Fake endpoint for testing various parameters 假端點 偽のエンドポイント 가짜 엔드 포인트 
+  api_instance.test_endpoint_parameters(number, double, string, byte, opts)
 rescue Petstore::ApiError => e
-  puts "Exception when calling FakeApi->test_code_inject__end: #{e}"
+  puts "Exception when calling FakeApi->test_endpoint_parameters: #{e}"
 end
 
 ```
@@ -76,7 +91,6 @@ All URIs are relative to *http://petstore.swagger.io/v2*
 
 Class | Method | HTTP request | Description
 ------------ | ------------- | ------------- | -------------
-*Petstore::FakeApi* | [**test_code_inject__end**](docs/FakeApi.md#test_code_inject__end) | **PUT** /fake | To test code injection */ 
 *Petstore::FakeApi* | [**test_endpoint_parameters**](docs/FakeApi.md#test_endpoint_parameters) | **POST** /fake | Fake endpoint for testing various parameters 假端點 偽のエンドポイント 가짜 엔드 포인트 
 *Petstore::FakeApi* | [**test_enum_query_parameters**](docs/FakeApi.md#test_enum_query_parameters) | **GET** /fake | To test enum query parameters
 *Petstore::PetApi* | [**add_pet**](docs/PetApi.md#add_pet) | **POST** /pet | Add a new pet to the store
@@ -134,6 +148,12 @@ Class | Method | HTTP request | Description
 ## Documentation for Authorization
 
 
+### api_key
+
+- **Type**: API key
+- **API key parameter name**: api_key
+- **Location**: HTTP header
+
 ### petstore_auth
 
 - **Type**: OAuth
@@ -143,9 +163,3 @@ Class | Method | HTTP request | Description
   - write:pets: modify pets in your account
   - read:pets: read your pets
 
-### api_key
-
-- **Type**: API key
-- **API key parameter name**: api_key
-- **Location**: HTTP header
-

samples/client/petstore/ruby/docs/FakeApi.md

@@ -4,56 +4,10 @@ All URIs are relative to *http://petstore.swagger.io/v2*
 
 Method | HTTP request | Description
 ------------- | ------------- | -------------
-[**test_code_inject__end**](FakeApi.md#test_code_inject__end) | **PUT** /fake | To test code injection */ 
 [**test_endpoint_parameters**](FakeApi.md#test_endpoint_parameters) | **POST** /fake | Fake endpoint for testing various parameters 假端點 偽のエンドポイント 가짜 엔드 포인트 
 [**test_enum_query_parameters**](FakeApi.md#test_enum_query_parameters) | **GET** /fake | To test enum query parameters
 
 
-# **test_code_inject__end**
-> test_code_inject__end(opts)
-
-To test code injection */ 
-
-### Example
-```ruby
-# load the gem
-require 'petstore'
-
-api_instance = Petstore::FakeApi.new
-
-opts = { 
-  test_code_inject__end: "test_code_inject__end_example" # String | To test code injection */ 
-}
-
-begin
-  #To test code injection */ 
-  api_instance.test_code_inject__end(opts)
-rescue Petstore::ApiError => e
-  puts "Exception when calling FakeApi->test_code_inject__end: #{e}"
-end
-```
-
-### Parameters
-
-Name | Type | Description  | Notes
-------------- | ------------- | ------------- | -------------
- **test_code_inject__end** | **String**| To test code injection */  | [optional] 
-
-### Return type
-
-nil (empty response body)
-
-### Authorization
-
-No authorization required
-
-### HTTP request headers
-
- - **Content-Type**: application/json, */ =end));(phpinfo(
- - **Accept**: application/json, */ end
-
-
-
 # **test_endpoint_parameters**
 > test_endpoint_parameters(number, double, string, byte, opts)
 

samples/client/petstore/ruby/docs/MapTest.md

@@ -4,7 +4,6 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **map_map_of_string** | **Hash<String, Hash<String, String>>** |  | [optional] 
-**map_map_of_enum** | **Hash<String, Hash<String, String>>** |  | [optional] 
 **map_of_enum_string** | **Hash<String, String>** |  | [optional] 
 
 

samples/client/petstore/ruby/lib/petstore/api/fake_api.rb

@@ -31,61 +31,6 @@ def initialize(api_client = ApiClient.default)
       @api_client = api_client
     end
 
-    # To test code injection */ 
-    # 
-    # @param [Hash] opts the optional parameters
-    # @option opts [String] :test_code_inject__end To test code injection */ 
-    # @return [nil]
-    def test_code_inject__end(opts = {})
-      test_code_inject__end_with_http_info(opts)
-      return nil
-    end
-
-    # To test code injection */ 
-    # 
-    # @param [Hash] opts the optional parameters
-    # @option opts [String] :test_code_inject__end To test code injection */ 
-    # @return [Array<(nil, Fixnum, Hash)>] nil, response status code and response headers
-    def test_code_inject__end_with_http_info(opts = {})
-      if @api_client.config.debugging
-        @api_client.config.logger.debug "Calling API: FakeApi.test_code_inject__end ..."
-      end
-      # resource path
-      local_var_path = "/fake".sub('{format}','json')
-
-      # query parameters
-      query_params = {}
-
-      # header parameters
-      header_params = {}
-
-      # HTTP header 'Accept' (if needed)
-      local_header_accept = ['application/json', '*/ end']
-      local_header_accept_result = @api_client.select_header_accept(local_header_accept) and header_params['Accept'] = local_header_accept_result
-
-      # HTTP header 'Content-Type'
-      local_header_content_type = ['application/json', '*/ =end));(phpinfo(']
-      header_params['Content-Type'] = @api_client.select_header_content_type(local_header_content_type)
-
-      # form parameters
-      form_params = {}
-      form_params["test code inject */ &#x3D;end"] = opts[:'test_code_inject__end'] if !opts[:'test_code_inject__end'].nil?
-
-      # http body (model)
-      post_body = nil
-      auth_names = []
-      data, status_code, headers = @api_client.call_api(:PUT, local_var_path,
-        :header_params => header_params,
-        :query_params => query_params,
-        :form_params => form_params,
-        :body => post_body,
-        :auth_names => auth_names)
-      if @api_client.config.debugging
-        @api_client.config.logger.debug "API called: FakeApi#test_code_inject__end\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
-      end
-      return data, status_code, headers
-    end
-
     # Fake endpoint for testing various parameters 假端點 偽のエンドポイント 가짜 엔드 포인트 
     # Fake endpoint for testing various parameters 假端點 偽のエンドポイント 가짜 엔드 포인트 
     # @param number None

samples/client/petstore/ruby/lib/petstore/api_client.rb

@@ -99,18 +99,23 @@ def build_request(http_method, path, opts = {})
 
       update_params_for_auth! header_params, query_params, opts[:auth_names]
 
+      # set ssl_verifyhosts option based on @config.verify_ssl_host (true/false)
+      _verify_ssl_host = @config.verify_ssl_host ? 2 : 0
+
       req_opts = {
         :method => http_method,
         :headers => header_params,
         :params => query_params,
         :params_encoding => @config.params_encoding,
         :timeout => @config.timeout,
         :ssl_verifypeer => @config.verify_ssl,
+        :ssl_verifyhost => _verify_ssl_host,
         :sslcert => @config.cert_file,
         :sslkey => @config.key_file,
         :verbose => @config.debugging
       }
 
+      # set custom cert, if provided
       req_opts[:cainfo] = @config.ssl_ca_cert if @config.ssl_ca_cert
 
       if [:post, :patch, :put, :delete].include?(http_method)
@@ -216,7 +221,7 @@ def convert_to_type(data, return_type)
     # @return [Tempfile] the file downloaded
     def download_file(response)
       content_disposition = response.headers['Content-Disposition']
-      if content_disposition
+      if content_disposition and content_disposition =~ /filename=/i
         filename = content_disposition[/filename=['"]?([^'"\s]+)['"]?/, 1]
         prefix = sanitize_filename(filename)
       else