Do not sanitize body keys in OpenAPI 3 (#1008)

* Remove the unused "query_sanitazion" fixture

* Test whether no sanitization is performed in the request body

* Do not perform sanitization on request body keys in OpenAPI v3

The deserialized JSON form of the request body
needs to be passed to the client applications
* without further modification *
so that they can work directly with objects
that have been received over the network.
The only names for which sanitization makes sense
are the ones which are used as Python identifiers.

Keys of the top-level JSON object within the request payload
are never used by Connexion as Python identifiers.

Also, no such sanitization of keys within request body
is performed in OpenAPI v2.

Closes issue #835.

tests/api/test_parameters.py

@@ -403,6 +403,22 @@ def test_param_sanitization(simple_app):
     assert resp.status_code == 200
     assert json.loads(resp.data.decode('utf-8', 'replace')) == body
 
+def test_no_sanitization_in_request_body(simple_app):
+    app_client = simple_app.app.test_client()
+    data = {
+        'name': 'John',
+        '$surname': 'Doe',
+        '1337': True,
+        '!#/bin/sh': False,
+        '(1/0)': 'division by zero',
+        's/$/EOL/': 'regular expression',
+        '@8am': 'time',
+    }
+    response = app_client.post('/v1.0/forward', json=data)
+
+    assert response.status_code == 200
+    assert response.json == data
+
 def test_parameters_snake_case(snake_case_app):
     app_client = snake_case_app.app.test_client()
     headers = {'Content-type': 'application/json'}