rimskij/swagger-tools
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
15 commits 5 branches 4 tags 172 KiB
Commit graph

2 commits

Author SHA1 Message Date
rimskij
58c91615b9 feat: add OpenAPI 3.1 TypeScript generation support 
- Handle type arrays: type: ['string', 'null'] → string | null
- Handle const keyword: const: "active" → 'active' literal type
- Handle nullable (OpenAPI 3.0 backward compatibility)
- Extract and display webhook count in metadata
- Add security escaping for string literals and JSDoc comments
- Add OpenAPI 3.1 test fixture and 12 unit tests

Fixes #365

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-12 21:20:13 +01:00
rimskij
d7f354b37d feat: add security hardening for ReDoS, path traversal, and SSRF 
- Add input-validation.ts with regex, path, and URL validation utilities
- Validate regex patterns before RegExp creation to prevent ReDoS
- Block dangerous nested quantifiers (a+)+, (a*)+, etc.
- Prevent path traversal with directory escape detection
- Block localhost, private IPs, and non-http/https protocols for SSRF
- Add SecurityOptions for configurable validation (allowPrivateIPs, etc.)
- Include 33 security tests (unit + integration)

Fixes #362

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-12 18:20:26 +01:00