Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/jackspirou/go-swagger
Development of this toolkit is sponsored by VMware:
Contains an implementation of Swagger 2.0. It knows how to serialize and deserialize swagger specifications.
Swagger is a simple yet powerful representation of your RESTful API.
With the largest ecosystem of API tooling on the planet, thousands of developers are supporting Swagger in almost every modern programming language and deployment environment.
With a Swagger-enabled API, you get interactive documentation, client SDK generation and discoverability. We created Swagger to help fulfill the promise of APIs.
Swagger helps companies like Apigee, Getty Images, Intuit, LivingSocial, McKesson, Microsoft, Morningstar, and PayPal build the best possible services with RESTful APIs. Now in version 2.0, Swagger is more enabling than ever. And it's 100% open source software.
Because 0.5.0 and master have diverged significantly, you should checkout the tag 0.5.0 for go-swagger when you use the currently released version.
You will have to rename some imports:
github.com/go-swagger/go-swagger/httpkit/validate to github.com/go-openapi/validate
github.com/go-swagger/go-swagger/httpkit to github.com/go-openapi/runtime
github.com/naoina/denco to github.com/go-openapi/runtime/middleware/denco
github.com/go-swagger/go-swagger to github.com/go-openapi
go-swagger is distributed as binaries that are built of signed tags. It is published as github release, rpm, deb and docker image.
docker pull quay.io/goswagger/swagger
alias swagger="docker run --rm -it -v $HOME:$HOME -w $(pwd) quay.io/goswagger/swagger"
swagger version
brew tap go-swagger/go-swagger
brew install go-swagger
You can download a binary for your platform from github:
https://github.com/go-swagger/go-swagger/releases/latest
latestv=$(curl -s https://api.github.com/repos/go-swagger/go-swagger/releases/latest | jq -r .tag_name)
curl -o /usr/local/bin/swagger -L'#' https://github.com/go-swagger/go-swagger/releases/download/$latestv/swagger_$(echo `uname`|tr '[:upper:]' '[:lower:]')_amd64
chmod +x /usr/local/bin/swagger
This repo will work for any debian, the only file it contains gets copied to /usr/bin
echo "deb https://dl.bintray.com/go-swagger/goswagger-debian ubuntu main" | sudo tee -a /etc/apt/sources.list
This repo should work on any distro that wants rpm packages, the only file it contains gets copied to /usr/bin/
wget https://bintray.com/go-swagger/goswagger-rpm/rpm -O bintray-go-swagger-goswagger-rpm.repo
Install or update from source:
go get -u github.com/go-swagger/go-swagger/cmd/swagger
The implementation also provides a number of command line tools to help working with swagger.
Currently there is a spec validator tool:
swagger validate https://raw.githubusercontent.com/swagger-api/swagger-spec/master/examples/v2.0/json/petstore-expanded.json
To generate a server for a swagger spec document:
swagger generate server [-f ./swagger.json] -A [application-name [--principal [principal-name]]
To generate a client for a swagger spec document:
swagger generate client [-f ./swagger.json] -A [application-name [--principal [principal-name]]
To generate a swagger spec document for a go application:
swagger generate spec -o ./swagger.json
The toolkit itself is licensed as Apache Software License 2.0. Just like swagger, this does not cover code generated by the toolkit. That code is entirely yours to license however you see fit.
For a V1 I want to have this feature set completed:
Documentation site
Play nice with golint, go vet etc.
An object model that serializes to swagger yaml or json
A tool to work with swagger:
validate a swagger spec document:
validate against jsonschema
validate extra rules outlined here
/path/{}
is not valid) (Error)name
and in
combination (Error)operationId
(Error)array
(Error)serve swagger UI for any swagger spec file
code generation
generate api based on swagger spec
generate go client from a swagger spec
spec generation
generate spec document based on the code
Middlewares:
serve spec
routing
validation
additional validation through an interface
authorization
swagger docs UI
Typed JSON Schema implementation
extended string formats
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.