Skip to content

Commit

Permalink
[Java][WebClient]remove the dead code from java ApiClient.mustache (#…
Browse files Browse the repository at this point in the history
…6556)

* remove the dead code

Remove the dead code from ApiClient
The code is not used and it contains vulnerability of Log Forgery when it writes unvalidated http header to the log. An attacker could take advantage of this behaviour to forge log entries or inject malicious content into the log.

* update Petstore samples

* whitespace
  • Loading branch information
grzegorz-moto authored Jul 2, 2020
1 parent eaa3c73 commit 23f57a7
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 104 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -647,56 +647,4 @@ public class ApiClient {

return collectionFormat.collectionToString(values);
}

private class ApiClientHttpRequestInterceptor implements ClientHttpRequestInterceptor {
private final Log log = LogFactory.getLog(ApiClientHttpRequestInterceptor.class);
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
logRequest(request, body);
ClientHttpResponse response = execution.execute(request, body);
logResponse(response);
return response;
}

private void logRequest(HttpRequest request, byte[] body) throws UnsupportedEncodingException {
log.info("URI: " + request.getURI());
log.info("HTTP Method: " + request.getMethod());
log.info("HTTP Headers: " + headersToString(request.getHeaders()));
log.info("Request Body: " + new String(body, StandardCharsets.UTF_8));
}

private void logResponse(ClientHttpResponse response) throws IOException {
log.info("HTTP Status Code: " + response.getRawStatusCode());
log.info("Status Text: " + response.getStatusText());
log.info("HTTP Headers: " + headersToString(response.getHeaders()));
log.info("Response Body: " + bodyToString(response.getBody()));
}

private String headersToString(HttpHeaders headers) {
StringBuilder builder = new StringBuilder();
for(Entry<String, List<String>> entry : headers.entrySet()) {
builder.append(entry.getKey()).append("=[");
for(String value : entry.getValue()) {
builder.append(value).append(",");
}
builder.setLength(builder.length() - 1); // Get rid of trailing comma
builder.append("],");
}
builder.setLength(builder.length() - 1); // Get rid of trailing comma
return builder.toString();
}

private String bodyToString(InputStream body) throws IOException {
StringBuilder builder = new StringBuilder();
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(body, StandardCharsets.UTF_8));
String line = bufferedReader.readLine();
while (line != null) {
builder.append(line).append(System.lineSeparator());
line = bufferedReader.readLine();
}
bufferedReader.close();
return builder.toString();
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -643,56 +643,4 @@ public String collectionPathParameterToString(CollectionFormat collectionFormat,

return collectionFormat.collectionToString(values);
}

private class ApiClientHttpRequestInterceptor implements ClientHttpRequestInterceptor {
private final Log log = LogFactory.getLog(ApiClientHttpRequestInterceptor.class);

@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
logRequest(request, body);
ClientHttpResponse response = execution.execute(request, body);
logResponse(response);
return response;
}

private void logRequest(HttpRequest request, byte[] body) throws UnsupportedEncodingException {
log.info("URI: " + request.getURI());
log.info("HTTP Method: " + request.getMethod());
log.info("HTTP Headers: " + headersToString(request.getHeaders()));
log.info("Request Body: " + new String(body, StandardCharsets.UTF_8));
}

private void logResponse(ClientHttpResponse response) throws IOException {
log.info("HTTP Status Code: " + response.getRawStatusCode());
log.info("Status Text: " + response.getStatusText());
log.info("HTTP Headers: " + headersToString(response.getHeaders()));
log.info("Response Body: " + bodyToString(response.getBody()));
}

private String headersToString(HttpHeaders headers) {
StringBuilder builder = new StringBuilder();
for(Entry<String, List<String>> entry : headers.entrySet()) {
builder.append(entry.getKey()).append("=[");
for(String value : entry.getValue()) {
builder.append(value).append(",");
}
builder.setLength(builder.length() - 1); // Get rid of trailing comma
builder.append("],");
}
builder.setLength(builder.length() - 1); // Get rid of trailing comma
return builder.toString();
}

private String bodyToString(InputStream body) throws IOException {
StringBuilder builder = new StringBuilder();
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(body, StandardCharsets.UTF_8));
String line = bufferedReader.readLine();
while (line != null) {
builder.append(line).append(System.lineSeparator());
line = bufferedReader.readLine();
}
bufferedReader.close();
return builder.toString();
}
}
}

0 comments on commit 23f57a7

Please sign in to comment.