Swagger spec gen #159
Swagger spec gen #159
Conversation
| f.Close() | ||
| return err | ||
| } | ||
| defer f.Close() |
Check warning
Code scanning / SonarCloud
<!--SONAR_ISSUE_KEY:AYLPiw-sQ9IVopdsQzhY-->Deferring unsafe method "Close" on type "*os.File" <p>See more on <a href="https://sonarcloud.io/project/issues?id=projectdiscovery_proxify&issues=AYLPiw-sQ9IVopdsQzhY&open=AYLPiw-sQ9IVopdsQzhY&pullRequest=159">SonarCloud</a></p>
| return nil | ||
| } | ||
| // open file | ||
| f, err := os.Open(path) |
Check warning
Code scanning / SonarCloud
<!--SONAR_ISSUE_KEY:AYLPiw-sQ9IVopdsQzhV-->Potential file inclusion via variable <p>See more on <a href="https://sonarcloud.io/project/issues?id=projectdiscovery_proxify&issues=AYLPiw-sQ9IVopdsQzhV&open=AYLPiw-sQ9IVopdsQzhV&pullRequest=159">SonarCloud</a></p>
|
|
||
| requestResponseString := string(buf) | ||
|
|
||
| // split requestResponseString into request and response parts |
There was a problem hiding this comment.
I guess this can be done without splitting by first parsing the request with http.ReadRequest and then passing the generated requested as second argument to http.ReadResponse (ref. https://stackoverflow.com/questions/33963467/parse-http-requests-and-responses-from-text-file-in-go)
forgedhallpass
left a comment
There was a problem hiding this comment.
Please also make sure the generated files are valid, using the Swagger/OpenAPI editors:
| if err != nil { | ||
| return err | ||
| } | ||
| defer f.Close() |
Check warning
Code scanning / SonarCloud
<!--SONAR_ISSUE_KEY:AYMM3F2syReJwSTgeoCe-->Deferring unsafe method "Close" on type "*os.File" <p>See more on <a href="https://sonarcloud.io/project/issues?id=projectdiscovery_proxify&issues=AYMM3F2syReJwSTgeoCe&open=AYMM3F2syReJwSTgeoCe&pullRequest=159">SonarCloud</a></p>
| if err != nil { | ||
| return err | ||
| } | ||
| defer f.Close() |
Check warning
Code scanning / SonarCloud
<!--SONAR_ISSUE_KEY:AYLPiw-sQ9IVopdsQzhZ-->Deferring unsafe method "Close" on type "*os.File" <p>See more on <a href="https://sonarcloud.io/project/issues?id=projectdiscovery_proxify&issues=AYLPiw-sQ9IVopdsQzhZ&open=AYLPiw-sQ9IVopdsQzhZ&pullRequest=159">SonarCloud</a></p>
| // WriteSpec writes the spec to a yaml file | ||
| func (g *Generator) WriteSpec() error { | ||
| // create/open openapi specification yaml file | ||
| f, err := os.OpenFile(g.Options.outputSpec, os.O_CREATE|os.O_WRONLY, 0644) |
Check warning
Code scanning / SonarCloud
<!--SONAR_ISSUE_KEY:AYMX7KMqlwq2_6qjpiNj-->Expect file permissions to be 0600 or less <p>See more on <a href="https://sonarcloud.io/project/issues?id=projectdiscovery_proxify&issues=AYMX7KMqlwq2_6qjpiNj&open=AYMX7KMqlwq2_6qjpiNj&pullRequest=159">SonarCloud</a></p>
cmd/swaggergen/swaggergen.go
Outdated
| flagSet.SetDescription(`swaggergen generates a swagger specification from a directory of request/response logs`) | ||
|
|
||
| flagSet.StringVar(&options.logDir, "log-dir", "", "proxify output log directory") | ||
| flagSet.StringVarP(&options.api, "api-host", "api", "", "api host (example: api.example.com)") |
There was a problem hiding this comment.
I think we should have some sort of validation on the api-host input
There was a problem hiding this comment.
is there any specific validation that you would suggest?
There was a problem hiding this comment.
If we expect a specific type of input, like a host, then we need to make sure that we only accept those and provide a descriptive error message to the user.
new review requested
Mzack9999
left a comment
There was a problem hiding this comment.
What about moving the package into pkg/swaggergen and just instantiate it in cmd/swaggergen
|
SonarCloud Quality Gate failed. |
Proposed changes
Example
$ swaggergen --api example.com --spec openapi.yaml --log-dir /tmp/proxify/logsKnown Issue:
Checklist