Parsing OpenAPI definitions results in error
45 views
Skip to first unread message
Blaž Ocepek
Feb 3, 2026, 7:31:56 AMFeb 3
to ZAP User Group
Hello
I have a strange issue when importing OpenAPI definition for our server when passing it via http://localhost:60000/swagger/v1/swagger.json an error is thrown:
[ZAP-Import-OpenAPI-1] WARN org.zaproxy.zap.extension.openapi.ExtensionOpenApi - class io.swagger.v3.oas.models.media.JsonSchema cannot be cast to class io.swagger.v3.oas.models.media.ArraySchema (io.swagger.v3.oas.models.media.JsonSchema and io.swagger.v3.oas.models.media.ArraySchema are in unnamed module of loader org.zaproxy.zap.control.AddOnClassLoader @4559cdc2)
java.lang.ClassCastException: class io.swagger.v3.oas.models.media.JsonSchema cannot be cast to class io.swagger.v3.oas.models.media.ArraySchema (io.swagger.v3.oas.models.media.JsonSchema and io.swagger.v3.oas.models.media.ArraySchema are in unnamed module of loader org.zaproxy.zap.control.AddOnClassLoader @4559cdc2)
at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generateArrayValue(DataGenerator.java:153)
at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generateParam(DataGenerator.java:136)
at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generate(DataGenerator.java:75)
at org.zaproxy.zap.extension.openapi.generators.PathGenerator.generateFullPath(PathGenerator.java:43)
at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.generatePath(RequestModelConverter.java:60)
at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.convert(RequestModelConverter.java:46)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.convertToRequest(SwaggerConverter.java:208)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.getRequestModels(SwaggerConverter.java:202)
at org.zaproxy.zap.extension.openapi.ExtensionOpenApi$1.run(ExtensionOpenApi.java:427)
It took me a while to find the difference if i cppy te content of swagger.json and imoprt as a file there are no issues.
The difference i found tis this part :
NOT FAILING WITH FILE :
"/api/....." : {
"get" : {
"tags" : [ "...." ],
"summary" : "...",
"parameters" : [ {
"name" : "code",
"in" : "path",
"description" : "Code desc",
"required" : true,
"schema" : {
"type" : "string"
}
}, {
"name" : "previewSizes",
"in" : "query",
"description" : "Preview size desc",
"schema" : {
"type" : "array",
"items" : {
"type" : "string"
}
}
}, {
"name" : "attachmentIds",
"in" : "query",
"description" : "Attachemnt id desc",
"schema" : {
"type" : "array",
"items" : {
"type" : "string",
"format" : "uuid"
}
}
} ],
"responses" : {...}
}
FAILING WHEN IMPORTING FOMR URI:
[ZAP-Import-OpenAPI-1] WARN org.zaproxy.zap.extension.openapi.ExtensionOpenApi - class io.swagger.v3.oas.models.media.JsonSchema cannot be cast to class io.swagger.v3.oas.models.media.ArraySchema (io.swagger.v3.oas.models.media.JsonSchema and io.swagger.v3.oas.models.media.ArraySchema are in unnamed module of loader org.zaproxy.zap.control.AddOnClassLoader @4559cdc2)
java.lang.ClassCastException: class io.swagger.v3.oas.models.media.JsonSchema cannot be cast to class io.swagger.v3.oas.models.media.ArraySchema (io.swagger.v3.oas.models.media.JsonSchema and io.swagger.v3.oas.models.media.ArraySchema are in unnamed module of loader org.zaproxy.zap.control.AddOnClassLoader @4559cdc2)
at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generateArrayValue(DataGenerator.java:153)
at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generateParam(DataGenerator.java:136)
at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generate(DataGenerator.java:75)
at org.zaproxy.zap.extension.openapi.generators.PathGenerator.generateFullPath(PathGenerator.java:43)
at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.generatePath(RequestModelConverter.java:60)
at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.convert(RequestModelConverter.java:46)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.convertToRequest(SwaggerConverter.java:208)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.getRequestModels(SwaggerConverter.java:202)
at org.zaproxy.zap.extension.openapi.ExtensionOpenApi$1.run(ExtensionOpenApi.java:427)
It took me a while to find the difference if i cppy te content of swagger.json and imoprt as a file there are no issues.
The difference i found tis this part :
NOT FAILING WITH FILE :
"/api/....." : {
"get" : {
"tags" : [ "...." ],
"summary" : "...",
"parameters" : [ {
"name" : "code",
"in" : "path",
"description" : "Code desc",
"required" : true,
"schema" : {
"type" : "string"
}
}, {
"name" : "previewSizes",
"in" : "query",
"description" : "Preview size desc",
"schema" : {
"type" : "array",
"items" : {
"type" : "string"
}
}
}, {
"name" : "attachmentIds",
"in" : "query",
"description" : "Attachemnt id desc",
"schema" : {
"type" : "array",
"items" : {
"type" : "string",
"format" : "uuid"
}
}
} ],
"responses" : {...}
}
FAILING WHEN IMPORTING FOMR URI:
"/api/...": {
"get": {
"tags": ["..."],
"summary": "...",
"parameters": [{
"name": "code",
"in": "path",
"description": "Code desc",
"required": true,
"style": "simple",
"explode": false,
"schema": {}
}, {
"name": "previewSizes",
"in": "query",
"description": "Preview size desc",
"required": false,
"style": "form",
"explode": true,
"schema": {
"items": {}
}
}, {
"name": "attachmentIds",
"in": "query",
"description": "Attachemnt id desc",
"required": false,
"style": "form",
"explode": true,
"schema": {
"items": {
"format": "uuid"
}
}
}],
"responses": {...}
}
},
The important part is the `previewSize` parameter the difference in schema definition.
How I got to this JSON output is this additional line to openApi add-on attached photo
"get": {
"tags": ["..."],
"summary": "...",
"parameters": [{
"name": "code",
"in": "path",
"description": "Code desc",
"required": true,
"style": "simple",
"explode": false,
"schema": {}
}, {
"name": "previewSizes",
"in": "query",
"description": "Preview size desc",
"required": false,
"style": "form",
"explode": true,
"schema": {
"items": {}
}
}, {
"name": "attachmentIds",
"in": "query",
"description": "Attachemnt id desc",
"required": false,
"style": "form",
"explode": true,
"schema": {
"items": {
"format": "uuid"
}
}
}],
"responses": {...}
}
},
The important part is the `previewSize` parameter the difference in schema definition.
How I got to this JSON output is this additional line to openApi add-on attached photo
Simon Bennetts
Feb 12, 2026, 7:13:59 AMFeb 12
to ZAP User Group
Hiya,
Can you provide a full OpenAPI example file which shows this problem?
If we can reproduce it then we can look at fixing it :)
In theory would could recreate full examples from fragments, but this takes time and so might not be something we get around to quickly.
Cheers,
Simon
Blaž Ocepek
Feb 14, 2026, 6:05:09 PMFeb 14
to zaprox...@googlegroups.com
Hello
The issue is that when I import the whole OpenPAI via file just copied from the server response there are no issues. When I am back in office I can try to create a valid OpenAPI definition that will reproduce the issue.
V V čet., 12. feb. 2026 ob 13:14 je oseba Simon Bennetts <psi...@gmail.com> napisala:
--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to a topic in the Google Groups "ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/RrGx4JHdJXo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/zaproxy-users/502ea132-5467-4567-9633-0f91140bcdb5n%40googlegroups.com.
--
Lep pozdrav
Blaž Ocepek
031-217-120
Blaž Ocepek
Feb 19, 2026, 6:45:32 AMFeb 19
to ZAP User Group
Hello sorry it took a while to prepare a nice example.
"info": {
"title": "API Documentation",
"description": "Broken open api definition.",
"version": "v1"
},
"paths": {
"/api/someApiEndpoint/attachments": {
"get": {
"parameters": [
{
"name": "parameterName",
"in": "query",
"schema": {
"type": "array",
"items": {
"type": "string"
}
}
}
]
}
}
}
}
This is the JSON Open Api definition.
{
"openapi": "3.1.1","info": {
"title": "API Documentation",
"description": "Broken open api definition.",
"version": "v1"
},
"paths": {
"/api/someApiEndpoint/attachments": {
"get": {
"parameters": [
{
"name": "parameterName",
"in": "query",
"schema": {
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
}
To reproduce service this json on a local server and then import that open api definition from the server.
In other words use the local server to import the open api definition like so:
Blaž Ocepek
Mar 9, 2026, 8:33:30 AM (yesterday) Mar 9
to ZAP User Group
Hello
Any update on this?
Any update on this?
Reply all
Reply to author
Forward
0 new messages