swagger-api / swagger-codegen

swagger-codegen contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
http://swagger.io
Apache License 2.0
17.09k stars 6.03k forks source link

[PHP] Quotes in enum values are not escaped #8599

Open ossinkine opened 6 years ago

ossinkine commented 6 years ago
Description

If enum values contain single quotes the codegen generates not valid PHP code.

Swagger-codegen version

2.4.0

Swagger declaration file content or url
{
  "swagger":"2.0",
  "info": {
    "title": "Foo",
    "version": "1.0.0"
  },
  "paths": {
  },
  "definitions": {
    "Foo": {
      "type": "object",
      "properties": {
        "type": {
          "type": "string",
          "enum": [
            "Foo 'bar'"
          ]
        }
      }
    }
  }
}
Command line used for generation
docker run --rm --volume=$PWD:/app --workdir=/app swaggerapi/swagger-codegen-cli generate \
    --input-spec ./swagger.json \
    --lang php
Generated PHP-file contains syntax error
<?php

namespace Swagger\Client\Model;

class Foo implements ModelInterface, ArrayAccess
{
    ...

    const TYPE_FOO_BAR = 'Foo 'bar''; // unescaped quotes

    ...
}
neclimdul commented 4 years ago

If I'm ready things right this is the problem in toEnumValue

return "\'" + escapeText(value)+ "\'";

I'm not sure I tracked down the scope correctly on what implementation of escapeText is used but if I did its the java version and its targeting double quoted strings which causes some problems.

The first is what we see here, single quotes aren't escaped so they're parsed by the interpreter. The second probably double quoted strings being escaped when they shouldn't be as well.

I was tempted to move to double quotes but $ is not escaped so that could lead to some even weirder problems... Tricky bug I guess i'll have to hack around in the short term.