Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Exception when importing OpenAPI definition

See original GitHub issue

Describe the bug

When trying to import an Oauth Specification yaml file, a Null pointer exception is thrown:

openapi: 3.0.3
info:
  title: Test Service
  version: 2.0.0-draft34
  contact:
    name: Test Engineering
    email: test
paths:
 /users:
    get:
      summary: Returns a list of users.
      description: Optional extended description in CommonMark or HTML.

java.lang.NullPointerException
	at org.zaproxy.zap.extension.openapi.generators.HeadersGenerator.generateAcceptHeaders(HeadersGenerator.java:123)
	at org.zaproxy.zap.extension.openapi.generators.HeadersGenerator.generate(HeadersGenerator.java:52)
	at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.generateHeaders(RequestModelConverter.java:55)
	at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.convert(RequestModelConverter.java:49)
	at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.convertToRequest(SwaggerConverter.java:191)
	at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.getRequestModels(SwaggerConverter.java:185)
	at org.zaproxy.zap.extension.openapi.ExtensionOpenApi$1.run(ExtensionOpenApi.java:365)
Failed to parse OpenAPI definition.

Other locations that trigger NPEs are:

java.lang.NullPointerException
	at org.zaproxy.zap.extension.openapi.generators.DataGenerator.getDefaultValue(DataGenerator.java:103)
	at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generateValue(DataGenerator.java:170)
	at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generateBodyValue(DataGenerator.java:166)
	at org.zaproxy.zap.extension.openapi.generators.BodyGenerator.generateJsonPrimitiveValue(BodyGenerator.java:200)
	at org.zaproxy.zap.extension.openapi.generators.BodyGenerator.generate(BodyGenerator.java:119)
	at org.zaproxy.zap.extension.openapi.generators.BodyGenerator.generateFromArraySchema(BodyGenerator.java:147)
	at org.zaproxy.zap.extension.openapi.generators.BodyGenerator.generate(BodyGenerator.java:105)
	at org.zaproxy.zap.extension.openapi.generators.BodyGenerator.generate(BodyGenerator.java:94)
	at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.generateBody(RequestModelConverter.java:71)
	at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.convert(RequestModelConverter.java:47)
	at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.convertToRequest(SwaggerConverter.java:191)
	at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.getRequestModels(SwaggerConverter.java:185)
	at org.zaproxy.zap.extension.openapi.ExtensionOpenApi$1.run(ExtensionOpenApi.java:365)
Failed to parse OpenAPI definition.

and

java.lang.NullPointerException
	at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.readOpenAPISpec(SwaggerConverter.java:205)
	at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.getRequestModels(SwaggerConverter.java:184)
	at org.zaproxy.zap.extension.openapi.ExtensionOpenApi$1.run(ExtensionOpenApi.java:365)
Failed to parse OpenAPI definition.

Steps to reproduce the behavior

Import --> An openAPI definition from the local file system select a file containing a file such as follows:

openapi: 3.0.3
info:
  title: Test Service
  version: 2.0.0-draft34
  contact:
    name: Test Engineering
    email: test
paths:
 /users:
    get:
      summary: Returns a list of users.
      description: Optional extended description in CommonMark or HTML.

Expected behavior

An explanation is provided stating that the file is invalid/valid for whichever reason, allowing easier debugging and fixing of the spec if required. Or error is caught and ignored if not required for creating url map.

Software versions

from owasp/zap2docker-weekly:latest as of Mar 3 2022

Screenshots

image

Errors from the zap.log file

java.lang.NullPointerException
	at org.zaproxy.zap.extension.openapi.generators.DataGenerator.getDefaultValue(DataGenerator.java:103)
	at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generateValue(DataGenerator.java:170)
	at org.zaproxy.zap.extension.openapi.generators.DataGenerator.generateBodyValue(DataGenerator.java:166)
	at org.zaproxy.zap.extension.openapi.generators.BodyGenerator.generateJsonPrimitiveValue(BodyGenerator.java:200)
	at org.zaproxy.zap.extension.openapi.generators.BodyGenerator.generate(BodyGenerator.java:119)
	at org.zaproxy.zap.extension.openapi.generators.BodyGenerator.generateFromArraySchema(BodyGenerator.java:147)
	at org.zaproxy.zap.extension.openapi.generators.BodyGenerator.generate(BodyGenerator.java:105)
	at org.zaproxy.zap.extension.openapi.generators.BodyGenerator.generate(BodyGenerator.java:94)
	at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.generateBody(RequestModelConverter.java:71)
	at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.convert(RequestModelConverter.java:47)
	at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.convertToRequest(SwaggerConverter.java:191)
	at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.getRequestModels(SwaggerConverter.java:185)
	at org.zaproxy.zap.extension.openapi.ExtensionOpenApi$1.run(ExtensionOpenApi.java:365)
Failed to parse OpenAPI definition.

Additional context

No response

Would you like to help fix this issue?

  • Yes

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
kingthorincommented, Dec 10, 2022

I’ve put together a fix for the reported NPE and the provided test yaml. However, this will simply allow the proper warning to bubble up since the provided spec doesn’t define any responses.

0reactions
thc202commented, Mar 17, 2022

OK, thank you.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Errors and warnings during import - Amazon API Gateway
During the import, errors can be generated for major issues like an invalid OpenAPI document. Errors are returned as exceptions (for example, ...
Read more >
Error while importing swagger json - Google Groups
Hello,. I am getting following error while importing swagger.json file through URL in ZAP UI output tab. Failed to parse OpenAPI definition. java.lang....
Read more >
Error while importing a Swagger JSON on WSO2 API ...
I have an existing API definition and when I try to import the same on the WSO2 API Manager (Version 2.1). I get...
Read more >
Importing API Definitions | SwaggerHub Documentation
You can import your existing OpenAPI 3.0, OpenAPI 2.0 or AsyncAPI definitions to SwaggerHub. Both JSON and YAML definitions can be imported, and...
Read more >
DAST throws an error when no URLs are imported on an API ...
When a DAST API scan is executed, DAST imports an OpenAPI specification. The specification is parsed by ZAP and URL endpoints definitions.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

pscanrules: test error on InformationDisclosureReferrerScanRuleUnitTest with Eclipse

Next page

zap docker stuck after creating CA certificate step.