[Slim] Injection into host or basePath breaks server
Created by: ybelenko
Description
Injection into host
and basePath
breaks Slim server.
openapi-generator version
3.2.1-SNAPSHOT
OpenAPI declaration file content or url
host: petstore.swagger.io */ ' " =end -- \r\n \n \r
basePath: /v2 */ ' " =end -- \r\n \n \r
tags:
- name: fake
description: Everything about your Pets */ ' " =end -- \r\n \n \r
externalDocs:
description: Find out more */ ' " =end -- \r\n \n \r
url: 'https://openapis.org'
schemes:
- http */ ' " =end -- \r\n \n \r
Command line used for generation
$ bin/security/php-slim-server-petstore.sh
Steps to reproduce
$ bin/security/php-slim-server-petstore.sh
then
$ php -l samples/server/petstore-security-test/php-slim/lib/SlimRouter.php
Parse error: syntax error, unexpected '\' (T_NS_SEPARATOR), expecting ',' or ')' in samples/
server/petstore-security-test/php-slim/lib/SlimRouter.php on line 71
Errors parsing samples/server/petstore-security-test/php-slim/lib/SlimRouter.php
Related issues/PRs
Suggest a fix/enhancement
Any solution could work:
- Escape quotes in
{{{basePathWithoutHost}}}
and{{{path}}}
- Strip out quotes from
{{{basePathWithoutHost}}}
and{{{path}}}
- Throw warning when
{{{basePathWithoutHost}}}
and{{{path}}}
contains invalid chars