swagger-api/swagger-codegen

password in toString in generated model

Open

#2,662 建立於 2016年4月20日

在 GitHub 查看
 (11 留言) (6 反應) (0 負責人)HTML (5,474 fork)batch import
Enhancement: Generalhelp wanted

倉庫指標

Star
 (12,701 star)
PR 合併指標
 (30 天內沒有已合併 PR)

描述

When using format "password", e.g.

  credentials:
    type: object
    properties:
      username:
        type: string
      password:
        type: string
        format: password
    required:
    - username
    - password

the field "password" is contained in the toString method of the generated model class.

In my opinion, that's a security issue (you don't want client passwords appearing in log files etc.)

Would it make sense to change the corresponding line in toString to:

sb.append(" password: ").append("<protected>").append("\n");

whenever the format "password" is used?

貢獻者指南