Failed to import OpenAPI file. Response: {"code":"content_type_not_supported","message":"!api.error.content_type_not_supported!"}
108 views
Skip to first unread message
Denis Putnam
Jul 10, 2023, 12:50:18 PM7/10/23
to OWASP ZAP User Group
Hi,
I am trying to send an openAPI target definition file to the zap proxy with the following code. I get the error exception in the subject line. The file is a json file.
Can someone tell me what I am doing wrong?
def send_target_def_file(self, target_def_file_name: str) -> str:
# Configure the remote Zap host address and port
zap_host = f'http://{self.zap_host}:{self.zap_port}'
# Specify the path to the OpenAPI file
openapi_file_path = str(pathlib.Path(target_def_file_name))
# Define the API endpoint for importing the OpenAPI file
import_endpoint = '/JSON/openapi/action/importUrl/'
# Read the contents of the OpenAPI file
with open(openapi_file_path, 'r') as file:
openapi_content = file.read()
openapi_data = json.loads(openapi_content)
try:
if local_flag is True:
self.proxy_utils.unset_proxy()
# Send a request to the Zap API to import the OpenAPI file
headers = {'accept': 'application/json','Content-Type': 'application/json'}
#response = requests.post(zap_host + import_endpoint, files={'file': openapi_content}, headers=headers)
#response = requests.post(zap_host + import_endpoint, json=openapi_data, headers=headers)
response = requests.post(zap_host + import_endpoint, headers=headers, data=openapi_data, verify=False)
# Check the response status code
if response.status_code == 200:
print('Successfully imported OpenAPI file')
else:
print('Failed to import OpenAPI file. Response:', response.text)
except Exception as err:
self.logger.error(f"{lineno()}.{__name__}.send_target_def_file(): Failed with err={str(err)}")
finally:
if local_flag is True:
self.proxy_utils.set_proxy()
# Configure the remote Zap host address and port
zap_host = f'http://{self.zap_host}:{self.zap_port}'
# Specify the path to the OpenAPI file
openapi_file_path = str(pathlib.Path(target_def_file_name))
# Define the API endpoint for importing the OpenAPI file
import_endpoint = '/JSON/openapi/action/importUrl/'
# Read the contents of the OpenAPI file
with open(openapi_file_path, 'r') as file:
openapi_content = file.read()
openapi_data = json.loads(openapi_content)
try:
if local_flag is True:
self.proxy_utils.unset_proxy()
# Send a request to the Zap API to import the OpenAPI file
headers = {'accept': 'application/json','Content-Type': 'application/json'}
#response = requests.post(zap_host + import_endpoint, files={'file': openapi_content}, headers=headers)
#response = requests.post(zap_host + import_endpoint, json=openapi_data, headers=headers)
response = requests.post(zap_host + import_endpoint, headers=headers, data=openapi_data, verify=False)
# Check the response status code
if response.status_code == 200:
print('Successfully imported OpenAPI file')
else:
print('Failed to import OpenAPI file. Response:', response.text)
except Exception as err:
self.logger.error(f"{lineno()}.{__name__}.send_target_def_file(): Failed with err={str(err)}")
finally:
if local_flag is True:
self.proxy_utils.set_proxy()
Denis Putnam
Jul 10, 2023, 3:23:24 PM7/10/23
to OWASP ZAP User Group
This is what the proxy zap is giving me on my localhost:
12928883 [ZAP-IO-EventExecutor-3-3] DEBUG org.zaproxy.zap.extension.api.API - handleApiRequest http://localhost:8080/JSON/openapi/action/importUrl/
12928884 [ZAP-IO-EventExecutor-3-3] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/openapi/action/importUrl/] from [127.0.0.1]:
org.zaproxy.zap.extension.api.ApiException: content_type_not_supported
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:481) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:100) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:74) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleMessage(ZapApiHandler.java:59) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:133) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:115) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:63) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:84) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.channelRead0(MainServerHandler.java:73) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.channelRead0(MainServerHandler.java:38) ~[?:?]
at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.access$600(AbstractChannelHandlerContext.java:61) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext$7.run(AbstractChannelHandlerContext.java:370) ~[?:?]
at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174) ~[?:?]
at io.netty.util.concurrent.DefaultEventExecutor.run(DefaultEventExecutor.java:66) ~[?:?]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[?:?]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
12928884 [ZAP-IO-EventExecutor-3-3] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/openapi/action/importUrl/] from [127.0.0.1]:
org.zaproxy.zap.extension.api.ApiException: content_type_not_supported
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:481) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:100) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:74) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleMessage(ZapApiHandler.java:59) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:133) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:115) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:63) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:84) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.channelRead0(MainServerHandler.java:73) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.channelRead0(MainServerHandler.java:38) ~[?:?]
at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.access$600(AbstractChannelHandlerContext.java:61) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext$7.run(AbstractChannelHandlerContext.java:370) ~[?:?]
at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174) ~[?:?]
at io.netty.util.concurrent.DefaultEventExecutor.run(DefaultEventExecutor.java:66) ~[?:?]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[?:?]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
thc...@gmail.com
Jul 10, 2023, 3:54:29 PM7/10/23
to zaprox...@googlegroups.com
The ZAP API does not suppport the content-type "application/json" it
needs to be "application/x-www-form-urlencoded".
To import an OpenAPI definition you either specify the URL or the file
system path, not directly the contents of the definition.
Best regards.
needs to be "application/x-www-form-urlencoded".
To import an OpenAPI definition you either specify the URL or the file
system path, not directly the contents of the definition.
Best regards.
Denis Putnam
Jul 10, 2023, 4:18:40 PM7/10/23
to OWASP ZAP User Group
So I am in a bit of a quandary. My python application is on a separate host from the zap proxy host. I need to 'feed' the openAPI file to the zap proxy from one container to another.
psiinon
Jul 11, 2023, 3:44:17 AM7/11/23
to zaprox...@googlegroups.com
I've raised an issue for this: https://github.com/zaproxy/zaproxy/issues/7943
If anyone fancies working on it then please comment in the issue.
Cheers,
Simon
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/8be86fcd-87a7-472e-a707-e40fa1427a9cn%40googlegroups.com.
--
OWASP ZAP Project leader
Reply all
Reply to author
Forward
0 new messages