emann
diff --git a/‎CHANGELOG.md
Lines changed: 9 additions & 1 deletion b/‎CHANGELOG.md
Lines changed: 9 additions & 1 deletion
diff --git a/‎end_to_end_tests/fastapi_app/__init__.py
Lines changed: 21 additions & 3 deletions b/‎end_to_end_tests/fastapi_app/__init__.py
Lines changed: 21 additions & 3 deletions
diff --git a/‎end_to_end_tests/fastapi_app/openapi.json
Lines changed: 152 additions & 2 deletions b/‎end_to_end_tests/fastapi_app/openapi.json
Lines changed: 152 additions & 2 deletions
diff --git a/‎end_to_end_tests/golden-master/my_test_api_client/api/tests.py
Lines changed: 82 additions & 4 deletions b/‎end_to_end_tests/golden-master/my_test_api_client/api/tests.py
Lines changed: 82 additions & 4 deletions
@@ -5,7 +5,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
-## 0.5.3 - Unrelease
+## 0.5.3 - Unreleased
+### Security
+- All values that become file/directory names are sanitized to address path traversal vulnerabilities (CVE-2020-15141)
+- All values that get placed into python files (everything from enum names, to endpoint descriptions, to default values) are validated and/or saniziatied to address arbitrary code execution vulnerabilities (CVE-2020-15142)
+
+### Changes
+- Due to security concerns/implementation complexities, default values are temporarily unsupported for any `RefProperty` that doesn't refer to an enum.
+- Defaults for properties must now be valid values for their respective type (e.g. "example string" is an invalid default for an `integer` type property, and the function for an endpoint using it would fail to generate and be skipped). 
+
 ### Additions
 - Added support for header parameters (#117)
 
 
@@ -5,7 +5,7 @@
 from pathlib import Path
 from typing import Any, Dict, List, Union
 
-from fastapi import APIRouter, FastAPI, File, Header, Query, UploadFile
+from fastapi import APIRouter, Body, FastAPI, File, Header, Query, UploadFile
 from pydantic import BaseModel
 
 app = FastAPI(title="My Test API", description="An API for testing openapi-python-client",)
@@ -43,13 +43,15 @@ class AModel(BaseModel):
 
     an_enum_value: AnEnum
     nested_list_of_enums: List[List[DifferentEnum]] = []
-    some_dict: Dict[str, str] = {}
+    some_dict: Dict[str, str]
     aCamelDateTime: Union[datetime, date]
     a_date: date
 
 
 @test_router.get("/", response_model=List[AModel], operation_id="getUserList")
-def get_list(an_enum_value: List[AnEnum] = Query(...), some_date: Union[date, datetime] = Query(...)):
+def get_list(
+    an_enum_value: List[AnEnum] = Query(...), some_date: Union[date, datetime] = Query(...),
+):
     """ Get a list of things """
     return
 
@@ -67,6 +69,22 @@ def json_body(body: AModel):
     return
 
 
+@test_router.post("/test_defaults")
+def test_defaults(
+    string_prop: str = Query(default="the default string"),
+    datetime_prop: datetime = Query(default=datetime(1010, 10, 10)),
+    date_prop: date = Query(default=date(1010, 10, 10)),
+    float_prop: float = Query(default=3.14),
+    int_prop: int = Query(default=7),
+    boolean_prop: bool = Query(default=False),
+    list_prop: List[AnEnum] = Query(default=[AnEnum.FIRST_VALUE, AnEnum.SECOND_VALUE]),
+    union_prop: Union[float, str] = Query(default="not a float"),
+    enum_prop: AnEnum = Query(default=AnEnum.FIRST_VALUE),
+    dict_prop: Dict[str, str] = Body(default={"key": "val"}),
+):
+    return
+
+
 app.include_router(test_router, prefix="/tests", tags=["tests"])
 
 
 
@@ -184,6 +184,156 @@
                     }
                 }
             }
+        },
+        "/tests/test_defaults": {
+            "post": {
+                "tags": [
+                    "tests"
+                ],
+                "summary": "Test Defaults",
+                "operationId": "test_defaults_tests_test_defaults_post",
+                "parameters": [
+                    {
+                        "required": false,
+                        "schema": {
+                            "title": "String Prop",
+                            "type": "string",
+                            "default": "the default string"
+                        },
+                        "name": "string_prop",
+                        "in": "query"
+                    },
+                    {
+                        "required": false,
+                        "schema": {
+                            "title": "Datetime Prop",
+                            "type": "string",
+                            "format": "date-time",
+                            "default": "1010-10-10T00:00:00"
+                        },
+                        "name": "datetime_prop",
+                        "in": "query"
+                    },
+                    {
+                        "required": false,
+                        "schema": {
+                            "title": "Date Prop",
+                            "type": "string",
+                            "format": "date",
+                            "default": "1010-10-10"
+                        },
+                        "name": "date_prop",
+                        "in": "query"
+                    },
+                    {
+                        "required": false,
+                        "schema": {
+                            "title": "Float Prop",
+                            "type": "number",
+                            "default": 3.14
+                        },
+                        "name": "float_prop",
+                        "in": "query"
+                    },
+                    {
+                        "required": false,
+                        "schema": {
+                            "title": "Int Prop",
+                            "type": "integer",
+                            "default": 7
+                        },
+                        "name": "int_prop",
+                        "in": "query"
+                    },
+                    {
+                        "required": false,
+                        "schema": {
+                            "title": "Boolean Prop",
+                            "type": "boolean",
+                            "default": false
+                        },
+                        "name": "boolean_prop",
+                        "in": "query"
+                    },
+                    {
+                        "required": false,
+                        "schema": {
+                            "title": "List Prop",
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/components/schemas/AnEnum"
+                            },
+                            "default": [
+                                "FIRST_VALUE",
+                                "SECOND_VALUE"
+                            ]
+                        },
+                        "name": "list_prop",
+                        "in": "query"
+                    },
+                    {
+                        "required": false,
+                        "schema": {
+                            "title": "Union Prop",
+                            "anyOf": [
+                                {
+                                    "type": "number"
+                                },
+                                {
+                                    "type": "string"
+                                }
+                            ],
+                            "default": "not a float"
+                        },
+                        "name": "union_prop",
+                        "in": "query"
+                    },
+                    {
+                        "required": false,
+                        "schema": {
+                            "$ref": "#/components/schemas/AnEnum"
+                        },
+                        "name": "enum_prop",
+                        "in": "query"
+                    }
+                ],
+                "requestBody": {
+                    "content": {
+                        "application/json": {
+                            "schema": {
+                                "title": "Dict Prop",
+                                "type": "object",
+                                "additionalProperties": {
+                                    "type": "string"
+                                },
+                                "default": {
+                                    "key": "val"
+                                }
+                            }
+                        }
+                    }
+                },
+                "responses": {
+                    "200": {
+                        "description": "Successful Response",
+                        "content": {
+                            "application/json": {
+                                "schema": {}
+                            }
+                        }
+                    },
+                    "422": {
+                        "description": "Validation Error",
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "$ref": "#/components/schemas/HTTPValidationError"
+                                }
+                            }
+                        }
+                    }
+                }
+            }
         }
     },
     "components": {
@@ -192,6 +342,7 @@
                 "title": "AModel",
                 "required": [
                     "an_enum_value",
+                    "some_dict",
                     "aCamelDateTime",
                     "a_date"
                 ],
@@ -216,8 +367,7 @@
                         "type": "object",
                         "additionalProperties": {
                             "type": "string"
-                        },
-                        "default": {}
+                        }
                     },
                     "aCamelDateTime": {
                         "title": "Acameldatetime",
 
@@ -1,5 +1,5 @@
-from dataclasses import asdict
-from datetime import date, datetime
+import datetime
+from dataclasses import asdict, field
 from typing import Any, Dict, List, Optional, Union, cast
 
 import httpx
@@ -13,7 +13,7 @@
 
 
 def get_user_list(
-    *, client: Client, an_enum_value: List[AnEnum], some_date: Union[date, datetime],
+    *, client: Client, an_enum_value: List[AnEnum], some_date: Union[datetime.date, datetime.datetime],
 ) -> Union[
     List[AModel], HTTPValidationError,
 ]:
@@ -29,7 +29,7 @@ def get_user_list(
 
         json_an_enum_value.append(an_enum_value_item)
 
-    if isinstance(some_date, date):
+    if isinstance(some_date, datetime.date):
         json_some_date = some_date.isoformat()
 
     else:
@@ -94,3 +94,81 @@ def json_body_tests_json_body_post(
         return HTTPValidationError.from_dict(cast(Dict[str, Any], response.json()))
     else:
         raise ApiResponseError(response=response)
+
+
+def test_defaults_tests_test_defaults_post(
+    *,
+    client: Client,
+    json_body: Dict[Any, Any],
+    string_prop: Optional[str] = "the default string",
+    datetime_prop: Optional[datetime.datetime] = datetime.datetime(1010, 10, 10, 0, 0),
+    date_prop: Optional[datetime.date] = datetime.date(1010, 10, 10),
+    float_prop: Optional[float] = 3.14,
+    int_prop: Optional[int] = 7,
+    boolean_prop: Optional[bool] = False,
+    list_prop: Optional[List[AnEnum]] = field(
+        default_factory=lambda: cast(Optional[List[AnEnum]], [AnEnum.FIRST_VALUE, AnEnum.SECOND_VALUE])
+    ),
+    union_prop: Optional[Union[Optional[float], Optional[str]]] = "not a float",
+    enum_prop: Optional[AnEnum] = None,
+) -> Union[
+    None, HTTPValidationError,
+]:
+
+    """  """
+    url = "{}/tests/test_defaults".format(client.base_url)
+
+    headers: Dict[str, Any] = client.get_headers()
+
+    json_datetime_prop = datetime_prop.isoformat() if datetime_prop else None
+
+    json_date_prop = date_prop.isoformat() if date_prop else None
+
+    if list_prop is None:
+        json_list_prop = None
+    else:
+        json_list_prop = []
+        for list_prop_item_data in list_prop:
+            list_prop_item = list_prop_item_data.value
+
+            json_list_prop.append(list_prop_item)
+
+    if union_prop is None:
+        json_union_prop: Optional[Union[Optional[float], Optional[str]]] = None
+    elif isinstance(union_prop, float):
+        json_union_prop = union_prop
+    else:
+        json_union_prop = union_prop
+
+    json_enum_prop = enum_prop.value if enum_prop else None
+
+    params: Dict[str, Any] = {}
+    if string_prop is not None:
+        params["string_prop"] = string_prop
+    if datetime_prop is not None:
+        params["datetime_prop"] = json_datetime_prop
+    if date_prop is not None:
+        params["date_prop"] = json_date_prop
+    if float_prop is not None:
+        params["float_prop"] = float_prop
+    if int_prop is not None:
+        params["int_prop"] = int_prop
+    if boolean_prop is not None:
+        params["boolean_prop"] = boolean_prop
+    if list_prop is not None:
+        params["list_prop"] = json_list_prop
+    if union_prop is not None:
+        params["union_prop"] = json_union_prop
+    if enum_prop is not None:
+        params["enum_prop"] = json_enum_prop
+
+    json_json_body = json_body
+
+    response = httpx.post(url=url, headers=headers, json=json_json_body, params=params,)
+
+    if response.status_code == 200:
+        return None
+    if response.status_code == 422:
+        return HTTPValidationError.from_dict(cast(Dict[str, Any], response.json()))
+    else:
+        raise ApiResponseError(response=response)