Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/rws-github/go-swagger
This package contains a golang implementation of Swagger 2.0 (aka OpenAPI 2.0): it knows how to serialize and deserialize swagger specifications.
Swagger is a simple yet powerful representation of your RESTful API.
Swagger in a nutshell
With the largest ecosystem of API tooling on the planet, thousands of developers are supporting Swagger in almost every modern programming language and deployment environment.
With a Swagger-enabled API, you get interactive documentation, client SDK generation and discoverability. We created Swagger to help fulfill the promise of APIs.
Swagger helps companies like Apigee, Getty Images, Intuit, LivingSocial, McKesson, Microsoft, Morningstar, and PayPal build the best possible services with RESTful APIs. Now in version 2.0, Swagger is more enabling than ever. And it's 100% open source software.
go-swagger
brings to the go community a complete suite of fully-featured, high-performance, API components to work with a Swagger API: server, client and data model.
Our focus with code generation is to produce idiomatic, fast go code, which plays nice with golint, go vet etc.
go-swagger
is now feature complete and has stabilized its API.
Most features and building blocks are now in a stable state, with a rich set of CI tests.
The go-openapi community actively continues bringing fixes and enhancements to this code base.
There is still much room for improvement: contributors and PR's are welcome. You may also get in touch with maintainers on our slack channel.
Q&A contributed by the community:
tl;dr The main difference at this moment is that this one actually works...
The swagger-codegen project only generates a workable go client and even there it will only support flat models. Further, the go server generated by swagger-codegen is mostly a stub.
Motivation Why is this not done as a part of the swagger-codegen project? Because:
- I don't really know java very well and so I'd be learning both java and the object model of the codegen which was in heavy flux as opposed to doing go and I really wanted to go experience of designing a large codebase with it.
- Go's super limited type system makes it so that it doesn't fit well in the model of swagger-codegen
- Go's idea of polymorphism doesn't reconcile very well with a solution designed for languages that actually have inheritance and so forth.
- For supporting types like
[][][]map[string][][]int64
I don't think it's possible with mustacheI gravely underestimated the amount of work that would be involved in making something useful out of it. My personal mission: I want the jvm to go away, it was great way back when now it's just silly (vm in container on vm in vm in container)
Here is an outline of available features (see the full list here):
There is more to that...
go-swagger
is available as binary or docker releases as well as from source: more details.
The main package of the toolkit, go-swagger/go-swagger, provides command line tools to help working with swagger.
The toolkit is highly customizable and allows endless possibilities to work with OpenAPI2.0 specifications.
Beside the go-swagger CLI tool and generator, the go-openapi packages provide modular functionality to build custom solutions on top of OpenAPI.
The CLI supports shell autocompletion utilities: see here.
Most basic use-case: serve a UI for your spec:
swagger serve https://raw.githubusercontent.com/swagger-api/swagger-spec/master/examples/v2.0/json/petstore-expanded.json
To validate a Swagger specification:
swagger validate https://raw.githubusercontent.com/swagger-api/swagger-spec/master/examples/v2.0/json/petstore-expanded.json
To generate a server for a swagger spec document:
swagger generate server [-f ./swagger.json] -A [application-name [--principal [principal-name]]
To generate a client for a swagger spec document:
swagger generate client [-f ./swagger.json] -A [application-name [--principal [principal-name]]
To generate a swagger spec document for a go application:
swagger generate spec -o ./swagger.json
To generate model structures and validators exposed by the API:
swagger generate model --spec={spec}
There are several commands allowing you to transform your spec.
Resolve and expand $ref's in your spec as inline definitions:
swagger expand {spec}
Flatten your spec: all external $ref's are imported into the main document and inline schemas reorganized as definitions.
swagger flatten {spec}
Merge specifications (composition):
swagger mixin {spec1} {spec2}
Try go-swagger
in a free online workspace using Gitpod:
The toolkit itself is licensed as Apache Software License 2.0. Just like swagger, this does not cover code generated by the toolkit. That code is entirely yours to license however you see fit.
To name but a few... (feel free to sign in there if you are using this project):
In the list below, we tried to figure out the public repos where you'll find examples on how to use
go-swagger
andgo-openapi
:
3DSIM
Alibaba PouchAPI
CheckR
Cilium
CoreOS
DigitalOcean
EVE Central
Iron.io
JaegerTracing
Kubernetes-Helm
Kubernetes
ManifoldCo
Metaparticle.io
Netlify
Nutanix
OAS2
OVH API
RackHD
ScaleFT
StratoScale
VMWare
...
Because 0.5.0 and master have diverged significantly, you should checkout the tag 0.5.0 for go-swagger when you use the currently released version.
You will have to rename some imports:
github.com/go-swagger/go-swagger/httpkit/validate to github.com/go-openapi/validate
github.com/go-swagger/go-swagger/httpkit to github.com/go-openapi/runtime
github.com/naoina/denco to github.com/go-openapi/runtime/middleware/denco
github.com/go-swagger/go-swagger to github.com/go-openapi
Spec flattening and $ref resolution brought breaking changes in model generation, since all complex things generate their own definitions.
Generated servers no more import the following package (replaced by go1.8 native functionality):
github.com/tylerb/graceful
Spec flattening now defaults to minimal changes to models and should be workable for 0.12 users.
Users who prefer to stick to 0.13 and 0.14 default flattening mode may now use the --with-flatten=full
option.
Note that the --skip-flatten
option has been phased out and replaced by the more explicit --with-expand
option.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.