swagger-api/swagger-codegen

password in toString in generated model

Open

#2 662 ouverte le 20 avr. 2016

Voir sur GitHub
 (11 commentaires) (6 réactions) (0 assignés)HTML (5 474 forks)batch import
Enhancement: Generalhelp wanted

Métriques du dépôt

Stars
 (12 701 stars)
Métriques de merge PR
 (Aucune PR mergée en 30 j)

Description

When using format "password", e.g.

  credentials:
    type: object
    properties:
      username:
        type: string
      password:
        type: string
        format: password
    required:
    - username
    - password

the field "password" is contained in the toString method of the generated model class.

In my opinion, that's a security issue (you don't want client passwords appearing in log files etc.)

Would it make sense to change the corresponding line in toString to:

sb.append(" password: ").append("<protected>").append("\n");

whenever the format "password" is used?

Guide contributeur