Parsing OpenAPI definitions results in error
14 views
Skip to first unread message
Blaž Ocepek
Feb 3, 2026, 7:31:56 AM (10 days ago) Feb 3
to ZAP User Group
Hello
I have a strange issue when importing OpenAPI definition for our server when passing it via http://localhost:60000/swagger/v1/swagger.json an error is thrown:
[ZAP-Import-OpenAPI-1] WARN org.zaproxy.zap.extension.openapi.ExtensionOpenApi - class io.swagger.v3.oas.models.media.JsonSchema cannot be cast to class io.swagger.v3.oas.models.media.ArraySchema (io.swagger.v3.oas.models.media.JsonSchema and io.swagger.v3.oas.models.media.ArraySchema are in unnamed module of loader org.zaproxy.zap.control.AddOnClassLoader @4559cdc2)
java.lang.ClassCastException: class io.swagger.v3.oas.models.media.JsonSchema cannot be cast to class io.swagger.v3.oas.models.media.ArraySchema (io.swagger.v3.oas.models.media.JsonSchema and io.swagger.v3.oas.models.media.ArraySchema are in unnamed module of loader org.zaproxy.zap.control.AddOnClassLoader @4559cdc2)
at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generateArrayValue(DataGenerator.java:153)
at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generateParam(DataGenerator.java:136)
at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generate(DataGenerator.java:75)
at org.zaproxy.zap.extension.openapi.generators.PathGenerator.generateFullPath(PathGenerator.java:43)
at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.generatePath(RequestModelConverter.java:60)
at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.convert(RequestModelConverter.java:46)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.convertToRequest(SwaggerConverter.java:208)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.getRequestModels(SwaggerConverter.java:202)
at org.zaproxy.zap.extension.openapi.ExtensionOpenApi$1.run(ExtensionOpenApi.java:427)
It took me a while to find the difference if i cppy te content of swagger.json and imoprt as a file there are no issues.
The difference i found tis this part :
NOT FAILING WITH FILE :
"/api/....." : {
"get" : {
"tags" : [ "...." ],
"summary" : "...",
"parameters" : [ {
"name" : "code",
"in" : "path",
"description" : "Code desc",
"required" : true,
"schema" : {
"type" : "string"
}
}, {
"name" : "previewSizes",
"in" : "query",
"description" : "Preview size desc",
"schema" : {
"type" : "array",
"items" : {
"type" : "string"
}
}
}, {
"name" : "attachmentIds",
"in" : "query",
"description" : "Attachemnt id desc",
"schema" : {
"type" : "array",
"items" : {
"type" : "string",
"format" : "uuid"
}
}
} ],
"responses" : {...}
}
FAILING WHEN IMPORTING FOMR URI:
[ZAP-Import-OpenAPI-1] WARN org.zaproxy.zap.extension.openapi.ExtensionOpenApi - class io.swagger.v3.oas.models.media.JsonSchema cannot be cast to class io.swagger.v3.oas.models.media.ArraySchema (io.swagger.v3.oas.models.media.JsonSchema and io.swagger.v3.oas.models.media.ArraySchema are in unnamed module of loader org.zaproxy.zap.control.AddOnClassLoader @4559cdc2)
java.lang.ClassCastException: class io.swagger.v3.oas.models.media.JsonSchema cannot be cast to class io.swagger.v3.oas.models.media.ArraySchema (io.swagger.v3.oas.models.media.JsonSchema and io.swagger.v3.oas.models.media.ArraySchema are in unnamed module of loader org.zaproxy.zap.control.AddOnClassLoader @4559cdc2)
at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generateArrayValue(DataGenerator.java:153)
at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generateParam(DataGenerator.java:136)
at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generate(DataGenerator.java:75)
at org.zaproxy.zap.extension.openapi.generators.PathGenerator.generateFullPath(PathGenerator.java:43)
at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.generatePath(RequestModelConverter.java:60)
at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.convert(RequestModelConverter.java:46)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.convertToRequest(SwaggerConverter.java:208)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.getRequestModels(SwaggerConverter.java:202)
at org.zaproxy.zap.extension.openapi.ExtensionOpenApi$1.run(ExtensionOpenApi.java:427)
It took me a while to find the difference if i cppy te content of swagger.json and imoprt as a file there are no issues.
The difference i found tis this part :
NOT FAILING WITH FILE :
"/api/....." : {
"get" : {
"tags" : [ "...." ],
"summary" : "...",
"parameters" : [ {
"name" : "code",
"in" : "path",
"description" : "Code desc",
"required" : true,
"schema" : {
"type" : "string"
}
}, {
"name" : "previewSizes",
"in" : "query",
"description" : "Preview size desc",
"schema" : {
"type" : "array",
"items" : {
"type" : "string"
}
}
}, {
"name" : "attachmentIds",
"in" : "query",
"description" : "Attachemnt id desc",
"schema" : {
"type" : "array",
"items" : {
"type" : "string",
"format" : "uuid"
}
}
} ],
"responses" : {...}
}
FAILING WHEN IMPORTING FOMR URI:
"/api/...": {
"get": {
"tags": ["..."],
"summary": "...",
"parameters": [{
"name": "code",
"in": "path",
"description": "Code desc",
"required": true,
"style": "simple",
"explode": false,
"schema": {}
}, {
"name": "previewSizes",
"in": "query",
"description": "Preview size desc",
"required": false,
"style": "form",
"explode": true,
"schema": {
"items": {}
}
}, {
"name": "attachmentIds",
"in": "query",
"description": "Attachemnt id desc",
"required": false,
"style": "form",
"explode": true,
"schema": {
"items": {
"format": "uuid"
}
}
}],
"responses": {...}
}
},
The important part is the `previewSize` parameter the difference in schema definition.
How I got to this JSON output is this additional line to openApi add-on attached photo
"get": {
"tags": ["..."],
"summary": "...",
"parameters": [{
"name": "code",
"in": "path",
"description": "Code desc",
"required": true,
"style": "simple",
"explode": false,
"schema": {}
}, {
"name": "previewSizes",
"in": "query",
"description": "Preview size desc",
"required": false,
"style": "form",
"explode": true,
"schema": {
"items": {}
}
}, {
"name": "attachmentIds",
"in": "query",
"description": "Attachemnt id desc",
"required": false,
"style": "form",
"explode": true,
"schema": {
"items": {
"format": "uuid"
}
}
}],
"responses": {...}
}
},
The important part is the `previewSize` parameter the difference in schema definition.
How I got to this JSON output is this additional line to openApi add-on attached photo
Simon Bennetts
Feb 12, 2026, 7:13:59 AM (yesterday) Feb 12
to ZAP User Group
Hiya,
Can you provide a full OpenAPI example file which shows this problem?
If we can reproduce it then we can look at fixing it :)
In theory would could recreate full examples from fragments, but this takes time and so might not be something we get around to quickly.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages