openapi: address Gemini review findings (items 3-5)

- Sanitize operation name defensively in requestBody description:
  replaceAll non-word/non-safe chars to '_'; Axis2 NCNames are already
  safe but guards against malformed deployment descriptors (item 3)
- Replace fragile jsonSpec.length() > 3000 size assertion with
  content-key checks ("openapi", "paths") in Http2OpenApiBasicTest (item 4)
- Add visible SKIPPED warning instead of silent return when
  financial-api-schema.json is absent from classpath (item 5)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: robertlazarski

modules/openapi/src/main/java/org/apache/axis2/openapi/OpenApiSpecGenerator.java

@@ -422,7 +422,11 @@ private Operation generateOperation(AxisService service, AxisOperation axisOpera
         // Swagger UI to render a Try-It-Out editor and for clients to know a body is required.
         RequestBody requestBody = new RequestBody();
         requestBody.setRequired(true);
-        requestBody.setDescription("JSON request body for " + axisOperation.getName().getLocalPart());
+        // Sanitize operation name: Axis2 QName local parts follow XML NCName rules and
+        // cannot contain angle brackets or control characters, but sanitize defensively
+        // in case a malformed deployment descriptor produces unexpected characters.
+        String safeOpName = axisOperation.getName().getLocalPart().replaceAll("[^\\w.\\-]", "_");
+        requestBody.setDescription("JSON request body for " + safeOpName);
         Content requestContent = new Content();
         MediaType requestMediaType = new MediaType();
         Schema requestSchema = new Schema();

modules/openapi/src/test/java/org/apache/axis2/openapi/Http2OpenApiBasicTest.java

@@ -160,7 +160,9 @@ public void testLargeServiceCatalogDocumentation() throws Exception {
         // Validate large catalog handling
         assertNotNull("Should generate large OpenAPI spec", openApi);
         assertTrue("Should document many services", openApi.getPaths().size() >= 20);
-        assertTrue("Should generate substantial JSON", jsonSpec.length() > 3000); // >3KB (nulls no longer inflating output)
+        // Assert on content rather than byte count — size is fragile across platforms/JVM versions
+        assertTrue("JSON spec must contain openapi version key", jsonSpec.contains("\"openapi\""));
+        assertTrue("JSON spec must contain paths key", jsonSpec.contains("\"paths\""));
 
         // Performance validation
         assertTrue("Spec generation should be efficient", specTime < 2000);

modules/openapi/src/test/java/org/apache/axis2/openapi/OpenApiSpecGeneratorTest.java

@@ -481,7 +481,11 @@ public void testFinancialApiSchemaAdvancedFeatures() throws Exception {
             java.io.File schemaFile = new java.io.File(
                 "../../samples/swagger-server/src/main/resources/openapi/financial-api-schema.json");
             if (!schemaFile.exists()) {
-                // Skip gracefully when running outside the full repo checkout
+                // File lives in the swagger-server module; skip with a visible warning
+                // when this test runs outside the full multi-module checkout.
+                System.out.println("SKIPPED testFinancialApiSchemaAdvancedFeatures: " +
+                        "financial-api-schema.json not found at " + schemaFile.getAbsolutePath() +
+                        " — run from the repo root to include this assertion.");
                 return;
             }
             is = new java.io.FileInputStream(schemaFile);