Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -680,7 +680,16 @@ class ApiClient:
:param auth_setting: auth settings for the endpoint
"""
if auth_setting['in'] == 'cookie':
headers['Cookie'] = auth_setting['value']
if not 'Cookie' in headers:
headers['Cookie'] = ""
else:
headers['Cookie'] += "; "
# Account for cookie value containing spaces and special characters
cookie_value = str(auth_setting['value'])
if not re.match("^\".*\"$", cookie_value):
cookie_value = cookie_value.replace("\"", "\\\"")
cookie_value = f"\"{cookie_value}\""
headers['Cookie'] += f"{auth_setting['key']}={cookie_value}"
elif auth_setting['in'] == 'header':
if auth_setting['type'] != 'http-signature':
headers[auth_setting['key']] = auth_setting['value']
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -673,7 +673,16 @@ def _apply_auth_params(
:param auth_setting: auth settings for the endpoint
"""
if auth_setting['in'] == 'cookie':
headers['Cookie'] = auth_setting['value']
if not 'Cookie' in headers:
headers['Cookie'] = ""
else:
headers['Cookie'] += "; "
# Account for cookie value containing spaces and special characters
cookie_value = str(auth_setting['value'])
if not re.match("^\".*\"$", cookie_value):
cookie_value = cookie_value.replace("\"", "\\\"")
cookie_value = f"\"{cookie_value}\""
Comment on lines +680 to +684

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: Cookie authentication values that contain spaces, semicolons, commas, or backslashes can produce malformed Cookie headers after this change. The new block replaces urllib.parse.quote with simple double-quote wrapping, but Cookie header parsing typically splits on ; and , regardless of surrounding quotes, and raw control characters or non-ASCII bytes can cause request failures or header-injection issues. To safely handle special characters in generated cookie values, consider retaining percent-encoding (e.g. quote(str(auth_setting['value']), safe='+/=')) rather than relying on quoting alone.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/echo_api/python-disallowAdditionalPropertiesIfNotPresent/openapi_client/api_client.py, line 680:

<comment>Cookie authentication values that contain spaces, semicolons, commas, or backslashes can produce malformed `Cookie` headers after this change. The new block replaces `urllib.parse.quote` with simple double-quote wrapping, but Cookie header parsing typically splits on `;` and `,` regardless of surrounding quotes, and raw control characters or non-ASCII bytes can cause request failures or header-injection issues. To safely handle special characters in generated cookie values, consider retaining percent-encoding (e.g. `quote(str(auth_setting['value']), safe='+/=')`) rather than relying on quoting alone.</comment>

<file context>
@@ -677,8 +677,11 @@ def _apply_auth_params(
                 headers['Cookie'] += "; "
-            # Account for cookie value containing spaces and special characters, excluding base64 delimiters
-            cookie_value = quote(str(auth_setting['value']), safe='+/=')
+            # Account for cookie value containing spaces and special characters
+            cookie_value = str(auth_setting['value'])
+            if not re.match("^\".*\"$", cookie_value):
</file context>
Suggested change
# Account for cookie value containing spaces and special characters
cookie_value = str(auth_setting['value'])
if not re.match("^\".*\"$", cookie_value):
cookie_value = cookie_value.replace("\"", "\\\"")
cookie_value = f"\"{cookie_value}\""
# Account for cookie value containing spaces and special characters, excluding base64 delimiters
cookie_value = quote(str(auth_setting['value']), safe='+/=')

headers['Cookie'] += f"{auth_setting['key']}={cookie_value}"
elif auth_setting['in'] == 'header':
if auth_setting['type'] != 'http-signature':
headers[auth_setting['key']] = auth_setting['value']
Expand Down
11 changes: 10 additions & 1 deletion samples/client/echo_api/python/openapi_client/api_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -673,7 +673,16 @@ def _apply_auth_params(
:param auth_setting: auth settings for the endpoint
"""
if auth_setting['in'] == 'cookie':
headers['Cookie'] = auth_setting['value']
if not 'Cookie' in headers:
headers['Cookie'] = ""
else:
headers['Cookie'] += "; "
# Account for cookie value containing spaces and special characters
cookie_value = str(auth_setting['value'])
if not re.match("^\".*\"$", cookie_value):
cookie_value = cookie_value.replace("\"", "\\\"")
cookie_value = f"\"{cookie_value}\""
headers['Cookie'] += f"{auth_setting['key']}={cookie_value}"
elif auth_setting['in'] == 'header':
if auth_setting['type'] != 'http-signature':
headers[auth_setting['key']] = auth_setting['value']
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -675,7 +675,16 @@ def _apply_auth_params(
:param auth_setting: auth settings for the endpoint
"""
if auth_setting['in'] == 'cookie':
headers['Cookie'] = auth_setting['value']
if not 'Cookie' in headers:
headers['Cookie'] = ""
else:
headers['Cookie'] += "; "
# Account for cookie value containing spaces and special characters
cookie_value = str(auth_setting['value'])
if not re.match("^\".*\"$", cookie_value):
cookie_value = cookie_value.replace("\"", "\\\"")
cookie_value = f"\"{cookie_value}\""
headers['Cookie'] += f"{auth_setting['key']}={cookie_value}"
elif auth_setting['in'] == 'header':
if auth_setting['type'] != 'http-signature':
headers[auth_setting['key']] = auth_setting['value']
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -675,7 +675,16 @@ def _apply_auth_params(
:param auth_setting: auth settings for the endpoint
"""
if auth_setting['in'] == 'cookie':
headers['Cookie'] = auth_setting['value']
if not 'Cookie' in headers:
headers['Cookie'] = ""
else:
headers['Cookie'] += "; "
# Account for cookie value containing spaces and special characters
cookie_value = str(auth_setting['value'])
if not re.match("^\".*\"$", cookie_value):
cookie_value = cookie_value.replace("\"", "\\\"")
cookie_value = f"\"{cookie_value}\""
headers['Cookie'] += f"{auth_setting['key']}={cookie_value}"
elif auth_setting['in'] == 'header':
if auth_setting['type'] != 'http-signature':
headers[auth_setting['key']] = auth_setting['value']
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -675,7 +675,16 @@ def _apply_auth_params(
:param auth_setting: auth settings for the endpoint
"""
if auth_setting['in'] == 'cookie':
headers['Cookie'] = auth_setting['value']
if not 'Cookie' in headers:
headers['Cookie'] = ""
else:
headers['Cookie'] += "; "
# Account for cookie value containing spaces and special characters
cookie_value = str(auth_setting['value'])
if not re.match("^\".*\"$", cookie_value):
cookie_value = cookie_value.replace("\"", "\\\"")
cookie_value = f"\"{cookie_value}\""
headers['Cookie'] += f"{auth_setting['key']}={cookie_value}"
elif auth_setting['in'] == 'header':
if auth_setting['type'] != 'http-signature':
headers[auth_setting['key']] = auth_setting['value']
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -672,7 +672,16 @@ def _apply_auth_params(
:param auth_setting: auth settings for the endpoint
"""
if auth_setting['in'] == 'cookie':
headers['Cookie'] = auth_setting['value']
if not 'Cookie' in headers:
headers['Cookie'] = ""
else:
headers['Cookie'] += "; "
# Account for cookie value containing spaces and special characters
cookie_value = str(auth_setting['value'])
if not re.match("^\".*\"$", cookie_value):
cookie_value = cookie_value.replace("\"", "\\\"")
cookie_value = f"\"{cookie_value}\""
headers['Cookie'] += f"{auth_setting['key']}={cookie_value}"
elif auth_setting['in'] == 'header':
if auth_setting['type'] != 'http-signature':
headers[auth_setting['key']] = auth_setting['value']
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -672,7 +672,16 @@ def _apply_auth_params(
:param auth_setting: auth settings for the endpoint
"""
if auth_setting['in'] == 'cookie':
headers['Cookie'] = auth_setting['value']
if not 'Cookie' in headers:
headers['Cookie'] = ""
else:
headers['Cookie'] += "; "
# Account for cookie value containing spaces and special characters
cookie_value = str(auth_setting['value'])
if not re.match("^\".*\"$", cookie_value):
cookie_value = cookie_value.replace("\"", "\\\"")
cookie_value = f"\"{cookie_value}\""
headers['Cookie'] += f"{auth_setting['key']}={cookie_value}"
elif auth_setting['in'] == 'header':
if auth_setting['type'] != 'http-signature':
headers[auth_setting['key']] = auth_setting['value']
Expand Down
Loading