Merge branch 'master' into security-issues-for-swagger-codegen

daniel-kmiecik · djankows · commit e791cb85c8b0 · 2025-09-26T11:42:35.000+02:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -12,6 +12,10 @@
 name: "CodeQL"
 
 on:
+  pull_request:
+    branches: [ "master" ]
+  push:
+    branches: [ "master" ]
   schedule:
     - cron: '16 04 * * 2'
 
diff --git a/modules/swagger-generator/src/main/java/io/swagger/generator/resource/SwaggerResource.java b/modules/swagger-generator/src/main/java/io/swagger/generator/resource/SwaggerResource.java
@@ -60,12 +60,12 @@ public Response downloadFile(@PathParam("fileId") String fileId) throws Exceptio
         System.out.println("looking for fileId " + fileId);
         System.out.println("got filename " + g.getFilename());
         if (g.getFilename() != null) {
-            SecureFileUtils.validatePath(g.getFilename());
+//            SecureFileUtils.validatePath(g.getFilename());
             File file = new java.io.File(g.getFilename());
             byte[] bytes = org.apache.commons.io.FileUtils.readFileToByteArray(file);
 
             try {
-                SecureFileUtils.validatePath(file.getParentFile());
+//                SecureFileUtils.validatePath(file.getParentFile());
                 FileUtils.deleteDirectory(file.getParentFile());
             } catch (Exception e) {
                 System.out.println("failed to delete file " + file.getAbsolutePath());
@@ -94,7 +94,7 @@ public Response generateClient(
             throws Exception {
 
         String filename = Generator.generateClient(language, opts);
-        String host = getHost(request);        
+        String host = getHost(request);
 
         if (filename != null) {
             String code = String.valueOf(UUID.randomUUID().toString());
