Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ZAP fails to import recursive OpenAPI definitions

See original GitHub issue

Describe the bug

When attempting to import an OAS definition which happens to have recursions, it causes a stack overflow in ZAP, and the import fails.

Steps to reproduce the behavior

Create an OAS, that contains some recursions. e.g.:

1 {
   2     "components": {
[...]
 307         "schemas": {
[...]
1730             "SystemProfileNestedObject": {
1731                 "additionalProperties": {
1732                     "oneOf": [
1733                         {
1734                             "$ref":
"#/components/schemas/SystemProfileNestedObject"
1738                         },
[...]

Load it in ZAP ( “import” -> “Import an OpenAPI definition…”
Select the API you have created earlier, and click ‘Import’
… nothing happens

Expected behavior

Recursion should not prevent the OAS to be imported.

Software versions

ZAP 2.11.1

Screenshots

No response

Errors from the zap.log file

2022-06-13 16:30:01,587 [ZAP-ProxyThread-78] ERROR UncaughtExceptionLogger - Exception in thread "ZAP-ProxyThread-78"
java.lang.StackOverflowError: null
        at io.swagger.v3.parser.util.ResolverFully.resolveSchema(ResolverFully.java:413) ~[?:?]
        at io.swagger.v3.parser.util.ResolverFully.resolveSchema(ResolverFully.java:350) ~[?:?]
        at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
        at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655) ~[?:?]
        at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
        at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
        at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
        at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
        at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
        at io.swagger.v3.parser.util.ResolverFully.resolveSchema(ResolverFully.java:413) ~[?:?]
        at io.swagger.v3.parser.util.ResolverFully.resolveSchema(ResolverFully.java:350) ~[?:?]
        at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
        at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655) ~[?:?]
        at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
        at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
        at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
        at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
        at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
        at io.swagger.v3.parser.util.ResolverFully.resolveSchema(ResolverFully.java:413) ~[?:?]
        at io.swagger.v3.parser.util.ResolverFully.resolveSchema(ResolverFully.java:350) ~[?:?]
        at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
        at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655) ~[?:?]
        at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
        at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
        at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
        at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
        at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
        at io.swagger.v3.parser.util.ResolverFully.resolveSchema(ResolverFully.java:413) ~[?:?]
        at io.swagger.v3.parser.util.ResolverFully.resolveSchema(ResolverFully.java:350) ~[?:?]
        at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
        at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655) ~[?:?]
        at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
        at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
        at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
        at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
        at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
        at io.swagger.v3.parser.util.ResolverFully.resolveSchema(ResolverFully.java:413) ~[?:?]
        at io.swagger.v3.parser.util.ResolverFully.resolveSchema(ResolverFully.java:350) ~[?:?]
[...]