aress31
OpenAPI Parser
Hi, hope you're doing good!!!
After the latest update from Burp the OpenAPI Parser is not working as expected. Before it used to.
When tried to import the swagger.json it gives an error. Cannot invoke "io.swagger.v3.oas.models.OpenAPI.getservers()" because "openAPI" is null.
Trying to import the swagger version 2.0 file
Can you please let us know what we can do here?
Thanks in Advance
Hi Alexandre,
Hope you are doing well. Due to the confidentiality around the document I cannot share it with you. Although I can share the details of the file it is swagger v2.0 file I have also tried converting it to openapi 3.0 and then feed the open Api parser. But still there is no luck. I have the BurpSuite Pro paid version installed on my system.
Any help would be highly appreciated.
Thanks and Regards Samson Vinay
On Sat, 12 Feb, 2022, 9:33 pm Alexandre Teyar, @.***> wrote:
@samvny68 https://github.com/samvny68 could you please share the file with me for troubleshooting?
— Reply to this email directly, view it on GitHub https://github.com/aress31/swurg/issues/74#issuecomment-1037270033, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALS5FQR2CHGFJFLUZMPLUULU22AGBANCNFSM5L3XIC6A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
The same issue with me and can't share due to confidentiality. I've tested openapi v3 yaml file.
Same issue with me
@falconws the message is clear, you need a server field.
My openapi.yaml file is
openapi: 3.0.0
info:
...omit
servers:
- url: "..."
description: ...
tags:
- name: ...
... omit ...
So the servers field exists.
same here, server field is there and the same issue as mentioned above, openapi: 3.0.2 bupr: newest version pro, 2022.2.4 (the same for the version before)
@yrjo please follow the instructions on the doc and let me know if it works.
- https://swagger.io/docs/specification/api-host-and-base-path/
@aress31 please read the error message again. It's not that "server" is null, but that "OpenAPI" is null. So the entire parsers does not seem to recognize it as a valid openapi file, so this must have been something bigger. In the extender tab - errors we get:
swurg.process.Loader -> Input length = 1
swurg.gui.ParserPanel$LoadButtonListener -> Cannot invoke "io.swagger.v3.oas.models.OpenAPI.getServers()" because "openAPI" is null
When creating a local webserver quickly, sending the openapi yaml file through Burp and then sending the request/response via Context menu leads to:
burp.ContextMenuFactory -> Cannot invoke "String.equals(Object)" because the return value of "java.net.URI.getScheme()" is null
So I thought let's do some divide and conquer. I used the basic example from https://swagger.io/docs/specification/basic-structure/ as a "known good" state and then always copied over some parts of the yaml I wanted to test. Then it was a simple divide-and-conquer. Here's what I found out:
- I hate yaml
- YAML and unicode are no friends, just one example: https://stackoverflow.com/questions/45281596/dumping-unicode-with-yaml
I still don't even know if YAML supports unicode or not, so I also don't know if this extension has a bug or not, but here's what I did:
- Add a "servers" part because it is really missing in the YAML
- Replace “ with "
- Replace ” with " (that's not a typo, it's a different char!)
- Replace – with -
- Get annoyed by manually finding unicode characters and use
grep --color='auto' -P -n "[^\x00-\x7F]" openapi.yamlinstead - Replace © with nothing
-
Get annoyed that it still doesn't work because we now just get an exceptionProbably the problem was my hacky search-replace and divide-and-conquer stuff.attribute paths.'/test'(post).requestBody.content.'application/json;charset=utf-8'.schema.#/testing/Create is missinginstead of the original one, probably because $ref is not supported (see https://swagger.io/docs/specification/using-ref/ ). - Give up
- Start all over, add the "servers" part and do the unicode replacements above
- Get the error
swurg.gui.ParserPanel$LoadButtonListener -> Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" because the return value of "io.swagger.v3.oas.models.responses.ApiResponse.getContent()" is null - Give up again
- Start again, add the "servers" part and do the unicode replacements above, realize that the parser does not seem to like "Empty Response Body" as explained/defined on https://swagger.io/docs/specification/describing-responses/ and therefore replace all:
responses:
"200":
description: Example
with:
responses:
"200":
description: Example
content: {}
Finally, the openapi YAML file imports just fine.
So the final workaround:
- Remove all unicode
- Add a "servers" section
- Add an empty content dictionary for responses that do not have a content specified
@floyd-fuh could you please pull the latest version and try again to check if #81 and 4d53ce7 fixed the issue?
https://github.com/aress31/swurg/commit/044ac747e10d5e19d18f50a00583bc16b37440e1