swagger-api/swagger-codegen

password in toString in generated model

Open

#2,662 创建于 2016年4月20日

在 GitHub 查看
 (11 评论) (6 反应) (0 负责人)HTML (5,474 fork)batch import
Enhancement: Generalhelp wanted

仓库指标

Star
 (12,701 star)
PR 合并指标
 (30 天内没有已合并 PR)

描述

When using format "password", e.g.

  credentials:
    type: object
    properties:
      username:
        type: string
      password:
        type: string
        format: password
    required:
    - username
    - password

the field "password" is contained in the toString method of the generated model class.

In my opinion, that's a security issue (you don't want client passwords appearing in log files etc.)

Would it make sense to change the corresponding line in toString to:

sb.append(" password: ").append("<protected>").append("\n");

whenever the format "password" is used?

贡献者指南