OpenAPI Parse Error
270 views
Skip to first unread message
Johny White
Apr 26, 2023, 6:16:50 AM4/26/23
to OWASP ZAP User Group
Hi Simon!
I ran into a problem when importing swagger into AF. When I import a swagger that contains "$" in its methods, the import fails with an error Job openapi target: https://domain.com/swagger/... error: components.schemas.Schema name $somemethod-name doesn't adhere to regular expression ^[a-zA-Z0-9\.\-_]+$, after which the job fails, but the swagger url appears in the site tree. But still, it is not possible to continue the scan through AF, you can only manually start the active scan. Tell me, is it possible to get around this problem of falling in AF? Or is there some way to tell AF to continue other jobs after a ERROR?
Error after import swagger:
Detailed error:
But all urls (jsonrpc) added in site tree:
I am attaching a screenshot of the name with the $ sign.
Thanks
I ran into a problem when importing swagger into AF. When I import a swagger that contains "$" in its methods, the import fails with an error Job openapi target: https://domain.com/swagger/... error: components.schemas.Schema name $somemethod-name doesn't adhere to regular expression ^[a-zA-Z0-9\.\-_]+$, after which the job fails, but the swagger url appears in the site tree. But still, it is not possible to continue the scan through AF, you can only manually start the active scan. Tell me, is it possible to get around this problem of falling in AF? Or is there some way to tell AF to continue other jobs after a ERROR?
Error after import swagger:
Detailed error:
But all urls (jsonrpc) added in site tree:
I am attaching a screenshot of the name with the $ sign.
Thanks
Simon Bennetts
Apr 26, 2023, 6:28:01 AM4/26/23
to OWASP ZAP User Group
Hiya,
That looks like a problem with the openapi add-on.
Can you paste the full stacktrace here?
A snippet of an openapi definition including the "$" would be very useful as well.
Re the AF - the "env" section has a "failOnError" parameter - change that to "false" to ensure the AF keeps on going.
Cheers,
Simon
Johny White
Apr 26, 2023, 7:17:43 AM4/26/23
to OWASP ZAP User Group
That's all stacktrace for each of all API endpoints:
[main ] ERROR CommandLine - Job openapi target: https://our.domain.com error: components.schemas.Schema name $Infrastructure.JsonRpc.Common.Models.Id.IRpcId doesn't adhere to regular expression ^[a-zA-Z0-9\.\-_]+$
Yes, changing "failOnError" parameter to "false" helped, thanks!
[main ] ERROR CommandLine - Job openapi target: https://our.domain.com error: components.schemas.Schema name $Infrastructure.JsonRpc.Common.Models.Id.IRpcId doesn't adhere to regular expression ^[a-zA-Z0-9\.\-_]+$
Yes, changing "failOnError" parameter to "false" helped, thanks!
среда, 26 апреля 2023 г. в 13:28:01 UTC+3, psi...@gmail.com:
Simon Bennetts
Apr 26, 2023, 7:20:04 AM4/26/23
to OWASP ZAP User Group
Hopefully there will be more in the zap.log file: https://www.zaproxy.org/faq/somethings-not-working-what-should-i-do/#check-the-log-file
Johny White
Apr 26, 2023, 7:48:10 AM4/26/23
to OWASP ZAP User Group
Reply all
Reply to author
Forward
0 new messages