swagger-api/swagger-codegen

password in toString in generated model

Open

#2662 aperta il 20 apr 2016

Vedi su GitHub
 (11 commenti) (6 reazioni) (0 assegnatari)HTML (5474 fork)batch import
Enhancement: Generalhelp wanted

Metriche repository

Star
 (12.701 star)
Metriche merge PR
 (Nessuna PR mergiata in 30 g)

Descrizione

When using format "password", e.g.

  credentials:
    type: object
    properties:
      username:
        type: string
      password:
        type: string
        format: password
    required:
    - username
    - password

the field "password" is contained in the toString method of the generated model class.

In my opinion, that's a security issue (you don't want client passwords appearing in log files etc.)

Would it make sense to change the corresponding line in toString to:

sb.append(" password: ").append("<protected>").append("\n");

whenever the format "password" is used?

Guida contributor