openapi-generator icon indicating copy to clipboard operation
openapi-generator copied to clipboard
verified publisher icon OpenAPITools

[BUG][JAVA][native] Bug: empty deepObject can produce invalid query

Open marcel-huber-ptv opened this issue 1 year ago • 0 comments

Bug Report Checklist

  • [x] Have you provided a full/minimal spec to reproduce the issue?
  • [x] Have you validated the input using an OpenAPI validator (example)?
  • [x] Have you tested with the latest master to confirm the issue still exists?
  • [x] Have you searched for related issues/PRs?
  • [x] What's the actual output vs expected output?
  • [ ] [Optional] Sponsorship to speed up the bug fix or feature request (example)
Description

Given a endpoint with a deep query object and at least one other parameter, it is possible to create an invalid query string, where multiple "&" are generated without parameters and values in between.

openapi-generator version

7.6.0, introduced in 6.3.0

OpenAPI declaration file content or url
openapi: 3.0.1
info:
  title: title
  version: 0.0.1
paths:
  /test:
    get:
      parameters:
        - name: deepObject
          in: query
          schema:
            $ref: '#/components/schemas/DeepObject'
          explode: true
          style: deepObject
        - name: bar
          in: query
          schema:
            type: string
      responses:
        204:
          description: no content
components:
  schemas:
    DeepObject:
      type: object
      properties:
        foo:
          type: string
Generation Details

This produces

    StringJoiner localVarQueryStringJoiner = new StringJoiner("&");
    String localVarQueryParameterBaseName;
    localVarQueryParameterBaseName = "deepObject";
    if (deepObject != null) {
      localVarQueryStringJoiner.add(deepObject.toUrlQueryString("deepObject"));
    }
    localVarQueryParameterBaseName = "bar";
    localVarQueryParams.addAll(ApiClient.parameterToPairs("bar", bar));

which may add empty strings to the localVarQueryStringJoiner.

This would be the case for example with

    defaultApi.testGet(new DeepObject(), "foo");

producing /test?&bar=foo

Instead I would expect something like

    StringJoiner localVarQueryStringJoiner = new StringJoiner("&");
    String localVarQueryParameterBaseName;
    localVarQueryParameterBaseName = "deepObject";
    if (deepObject != null) {
      String queryString = options.toUrlQueryString("deepObject");
      if (!queryString.isBlank()) {
        localVarQueryStringJoiner.add(queryString);
      }
    }
    localVarQueryParameterBaseName = "bar";
    localVarQueryParams.addAll(ApiClient.parameterToPairs("bar", bar));

to avoid such cases by not adding empty strings to the string builder.

Steps to reproduce

Generate the clients for the above openapi.yaml: java -jar modules/openapi-generator-cli/target/openapi-generator-cli.jar generate -i openapi.yaml -g java --library native -o out

Related issues/PRs

I couldn't find similar issure, but it seems to have been introduced with d269a2a09d86c461c1e586122980a5ba347dff83

Suggest a fix

Don't add the result of {{paramName}}.toUrlQueryString("{{baseName}}") to localVarQueryStringJoiner if it is an empty string (modules/openapi-generator/src/main/resources/Java/libraries/native/api.mustache:371)

marcel-huber-ptv avatar May 22 '24 13:05 marcel-huber-ptv