swagger-api/swagger-codegen

password in toString in generated model

Open

#2.662 geöffnet am 20. Apr. 2016

Auf GitHub ansehen
 (11 Kommentare) (6 Reaktionen) (0 zugewiesene Personen)HTML (5.474 Forks)batch import
Enhancement: Generalhelp wanted

Repository-Metriken

Stars
 (12.701 Stars)
PR-Merge-Metriken
 (Keine gemergten PRs in 30 T)

Beschreibung

When using format "password", e.g.

  credentials:
    type: object
    properties:
      username:
        type: string
      password:
        type: string
        format: password
    required:
    - username
    - password

the field "password" is contained in the toString method of the generated model class.

In my opinion, that's a security issue (you don't want client passwords appearing in log files etc.)

Would it make sense to change the corresponding line in toString to:

sb.append(" password: ").append("<protected>").append("\n");

whenever the format "password" is used?

Contributor Guide