Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
This tool was superseeded by caffoa.net. Use caffoa.net as nuget tool to create your open api files.
Tool to autogenerate azure function templates for .NET from openapi declaration. Instead of generating stubs, the goal is to be able to change the api and re-generate the files without overwriting your code.
Currently considered alpha state. If something does not work that you feel should work, create a ticket with your openapi spec.
It uses prance for parsing the openapi spec.
As code generation needs a lot of configuration, all configuration is done using a config file in yaml format.
The minimal config file is as follows:
config:
version: 2
services:
- apiPath: my-service.openapi.yml
function:
name: MyClassName
namespace: MyNamespace
targetFolder: ./output
model:
namespace: MyNamespace.Model
targetFolder: ./output/Model
You can add multiple services. Also, you can omit either model
or function
if you do not need one of them.
Then, call the tool:
python3 -m caffoa --config path_to_config.yml
If you specified the function
part in the config file,
the tool will create two files in the specified target folder:
Your job now is to create an implementation for the IMyClassNameService
interface.
Furthermore, you need Dependency Injection to pass your implementation to the constructor of the function.
Now implement all the logic in your implementation of the interface. You can now change your API, and regenerate the generated files without overwriting your code.
If you specified the model
part in the config file, the tool will generate a file for each schema defined in the components section of the openapi definition. The filename will be the schema name converted to UpperCamelCase with generated.cs added to the end (Example: user
will create a class User
defined in the file User.generated.cs
).
The file will contain a shared class, with all properties of the schema. You can implement a shared class in a different file to add logic to these objects.
There are multiple optional configuration options that you can use:
config:
clearGeneratedFiles: true # default is false, removes all files below the working directory, that end in .generated.cs
version: 2 # 1 (legacy, default), 2 (current), 3 (experimental)
useFactory: false # version 2+ if set to true, a factory interface is created additionally to the Service interface. Useful if you need to have different behaviors based on headers.
prefix: "Pre" # A prefix that is added to all model classes
suffix: "Suf" # A suffix that is added to all model classes
errorFolder: ./output/errors # version 3+ only. Folder where ClientError Exceptions are generated
errorNamespace: MyErrorNamespace # # version 3+ only. Namespace for ClientError Exceptions are generated
imports: # a list of imports that will be added to most generated classes
- MySpecialNamespace
services:
- apiPath: userservice.openapi.yml
config:
prefix: # overrides the config element from the global config
suffix: # overrides the config element from the global config
useFactory: # overrides the config element from the global config
errorFolder: # overrides the config element from the global config
errorNamespace: # overrides the config element from the global config
imports: # overrides the imports from the global config
function:
name: MyClassName
namespace: MyNamespace
targetFolder: ./output
functionsName: MyFunctions # name of the functions class. defaults to {name}Functions
interfaceName: IMyInterface # name of the interface class. defaults to I{name}Service.
interfaceNamespace: MyInterfaceNamespace # defaults to 'namespace'. If given, the interface uses this namespace
interfaceTargetFolder: ./output/shared # defaults to 'targetFolder'. If given, the interface is written to this folder
## for version 1 and 2, you can add boilerplate code to each invocation.
## you can add placeholders: {BASE} for the full invocation code, or {CALL} for just the function call.
## {BASE} will be replaced with "return await Service(req, log).{CALL};"
## {CALL} will be replaced with 'FunctionName(params)'
boilerplate: |
try {
{BASE}
catch(SomethingNotFoundException e) {
return new HttpResponseMessage(HttpStatusCode.NotFound)
{
Content = new StringContent(err.Message)
};
}
## if you need specific imports for your boilerplate, add them here:
imports: # overrides the imports from the config section
- MyNamespace.Exceptions.SomethingNotFoundException
model:
namespace: MyNamespace.Model
targetFolder: ./output/Model
# you can exclude objects from generation:
excludes:
- objectToExclude
# you can also generate only some classes
include:
- objectToInclude
- otherObjectToInclude
imports: # overrides the imports from the global config
- someImport
prefix: # (Deprecated for version 3+) override prefix from the config section
suffix: # (Deprecated for version 3+) override suffix from the config section
If you have a well specified openapi doc, use only json request bodies and returns, and you want strict rules what you get to work with and what you return, you can try out version 3.
Version 3 parses the return and requestBody specifications, and handles the object wrapping for you.
Version 3 takes over a lot of boilerplate code for you. Furthermore, it forces you to not cut corners, as you cannot return a different object than the specification calls for.
FAQs
Create Azure Functions From Open Api (for C#)
We found that caffoa demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.