This is an automated email from the ASF dual-hosted git repository. robertlazarski pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git
commit 916cd85d77914e746adf87d89b65829247a16f1a Author: Robert Lazarski <[email protected]> AuthorDate: Sun Apr 5 17:06:19 2026 -1000 openapi: address Gemini review findings (items 3-5) - Sanitize operation name defensively in requestBody description: replaceAll non-word/non-safe chars to '_'; Axis2 NCNames are already safe but guards against malformed deployment descriptors (item 3) - Replace fragile jsonSpec.length() > 3000 size assertion with content-key checks ("openapi", "paths") in Http2OpenApiBasicTest (item 4) - Add visible SKIPPED warning instead of silent return when financial-api-schema.json is absent from classpath (item 5) Co-Authored-By: Claude Sonnet 4.6 <[email protected]> --- .../main/java/org/apache/axis2/openapi/OpenApiSpecGenerator.java | 6 +++++- .../test/java/org/apache/axis2/openapi/Http2OpenApiBasicTest.java | 4 +++- .../java/org/apache/axis2/openapi/OpenApiSpecGeneratorTest.java | 6 +++++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/modules/openapi/src/main/java/org/apache/axis2/openapi/OpenApiSpecGenerator.java b/modules/openapi/src/main/java/org/apache/axis2/openapi/OpenApiSpecGenerator.java index a3f16faa7a..0ea1a3224d 100644 --- a/modules/openapi/src/main/java/org/apache/axis2/openapi/OpenApiSpecGenerator.java +++ b/modules/openapi/src/main/java/org/apache/axis2/openapi/OpenApiSpecGenerator.java @@ -422,7 +422,11 @@ public class OpenApiSpecGenerator { // Swagger UI to render a Try-It-Out editor and for clients to know a body is required. RequestBody requestBody = new RequestBody(); requestBody.setRequired(true); - requestBody.setDescription("JSON request body for " + axisOperation.getName().getLocalPart()); + // Sanitize operation name: Axis2 QName local parts follow XML NCName rules and + // cannot contain angle brackets or control characters, but sanitize defensively + // in case a malformed deployment descriptor produces unexpected characters. + String safeOpName = axisOperation.getName().getLocalPart().replaceAll("[^\\w.\\-]", "_"); + requestBody.setDescription("JSON request body for " + safeOpName); Content requestContent = new Content(); MediaType requestMediaType = new MediaType(); Schema requestSchema = new Schema(); diff --git a/modules/openapi/src/test/java/org/apache/axis2/openapi/Http2OpenApiBasicTest.java b/modules/openapi/src/test/java/org/apache/axis2/openapi/Http2OpenApiBasicTest.java index 33e78ec225..0b56aa776d 100644 --- a/modules/openapi/src/test/java/org/apache/axis2/openapi/Http2OpenApiBasicTest.java +++ b/modules/openapi/src/test/java/org/apache/axis2/openapi/Http2OpenApiBasicTest.java @@ -160,7 +160,9 @@ public class Http2OpenApiBasicTest extends TestCase { // Validate large catalog handling assertNotNull("Should generate large OpenAPI spec", openApi); assertTrue("Should document many services", openApi.getPaths().size() >= 20); - assertTrue("Should generate substantial JSON", jsonSpec.length() > 3000); // >3KB (nulls no longer inflating output) + // Assert on content rather than byte count — size is fragile across platforms/JVM versions + assertTrue("JSON spec must contain openapi version key", jsonSpec.contains("\"openapi\"")); + assertTrue("JSON spec must contain paths key", jsonSpec.contains("\"paths\"")); // Performance validation assertTrue("Spec generation should be efficient", specTime < 2000); diff --git a/modules/openapi/src/test/java/org/apache/axis2/openapi/OpenApiSpecGeneratorTest.java b/modules/openapi/src/test/java/org/apache/axis2/openapi/OpenApiSpecGeneratorTest.java index fe08d1c01b..08e80b3e2b 100644 --- a/modules/openapi/src/test/java/org/apache/axis2/openapi/OpenApiSpecGeneratorTest.java +++ b/modules/openapi/src/test/java/org/apache/axis2/openapi/OpenApiSpecGeneratorTest.java @@ -481,7 +481,11 @@ public class OpenApiSpecGeneratorTest extends TestCase { java.io.File schemaFile = new java.io.File( "../../samples/swagger-server/src/main/resources/openapi/financial-api-schema.json"); if (!schemaFile.exists()) { - // Skip gracefully when running outside the full repo checkout + // File lives in the swagger-server module; skip with a visible warning + // when this test runs outside the full multi-module checkout. + System.out.println("SKIPPED testFinancialApiSchemaAdvancedFeatures: " + + "financial-api-schema.json not found at " + schemaFile.getAbsolutePath() + + " — run from the repo root to include this assertion."); return; } is = new java.io.FileInputStream(schemaFile);
