Comments (6)
Hey @TridenGroup could you kindly try to compile the version on this repository and use it. The PortSwigger fork - and thereby the BApp store version - is lagging way behind this repository.
Once done please share the results!
from swurg.
Hey @TridenGroup could you kindly try to compile the version on this repository and use it. The PortSwigger fork - and thereby the BApp store version - is lagging way behind this repository.
Once done please share the results!
Hi Mr. Teyar @aress31 , thanks for your quick response. Sorry for the delay, I had some issues with the correct Java version getting read in order to install Gradle.
tl;dr: same error as before.
For any other Kali users who had similar challenges:
└─$ ls -l /usr/bin/java
lrwxrwxrwx 1 root root 22 Feb 18 2021 /usr/bin/java -> /etc/alternatives/java
/usr/bin/java is a symlink pointing to /etc/alternatives/java. This suggests that the java executable is managed by the update-alternatives system, which allows us to switch between different versions of Java. The solution was to run update-alternatives --config java
and select the newly installed Java 8.
I then installed Gradle, and compiled the extension from the repo, and loaded it into Burp Suite Pro:
'OpenAPI Parser' tab initialised
'Send to OpenAPI Parser' option added to the context menu
'HTTPListener' registered
I selected the OpenAPI Parser extension tab (I made sure to unload the BApp store version, and exit / reload BSP before loading the compiled extension), and loaded the /yml API specification file. Nothing seemed to happen, so I hit the "Load" button (I don't think that existed in the BApp store version).
However, the status bar at the bottom of BSP still presents an error:
Unable to read the OpenAPI resource /home/user/Documents/clients/client/foo_api_v1.0.0.yml. Check the extension's error log for the stack trace and report the issue.
From the Burp extensions / Installed tab, under Errors
I see the same error as I got with the BApp store version:
Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" because the return value of "io.swagger.v3.oas.models.parameters.RequestBody.getContent()" is null
from swurg.
@TridenGroup, you should be able to view the error logs under:
And that is correct in the latest version Browse
and Load
are decoupled for better UX
.
from swurg.
@TridenGroup (and @aress31) I ran into this same issue this evening and after comparing working and non-working API specifications and a little experimentation, it came down to some of the responses
sections in the specs that weren't loading having no content
definitions. (The getContent() is null
portion of the error message was the clue.)
e.g.,
'/firstpath/':
...
responses:
'200':
description: some description
'/nextpath/':
...
Once the content
sub-section was stubbed in, the API spec loaded normally.
e.g.,
'/firstpath/':
...
responses:
'200':
description: some description
content:
application/json:
schema:
type: string
'/nextpath/':
...
from swurg.
... it came down to some of the
responses
sections in the specs that weren't loading having nocontent
definitions.
I can confirm that the API docs I was provided for this test did not have completed content
definitions.
(The
getContent() is null
portion of the error message was the clue.)
Thank you. In hindsight it makes perfect sense.
@aress31 I suggest some clearer messaging on this issue being due to an incomplete or malformed Open API spec file, since there's likely others that will run in to this.
I apologize that I wasn't able to get you the logs you requested. The assessment ended and I had to move to the next.
Thanks to both of you @aress31 @holosc0ld
from swurg.
Latest version should handle better null checks and be more robust when parsing incomplete/invalid specs. @TridenGroup try to re-load the faulty spec and feel free to reopen this ticket if the error persists.
from swurg.
Related Issues (20)
- [BUG] Gracefully Handle lack of "servers" object HOT 1
- [BUG] Can't build HTTP request for repeater and other burp tools HOT 4
- [FEATURE] Send to Organizer HOT 2
- Suggest adapting to importing JSON files exported from Metersphere
- OpenAPI parser doesn't load the swagger file HOT 7
- Feature request: Use Hackvertor tabs HOT 1
- Error: User Token doesn't adhere to regular expression ^[a-zA-Z0-9\.\-_]+$]
- Bypass SSL error certificate HOT 6
- OpenAPI parser doesn't load the swagger file in YAML format HOT 1
- Parsing errors on various openapi specs HOT 1
- Cannot invoke "io.swagger.v3.oas.models.OpenAPI.getServers()" because "openAPI" is null HOT 2
- Issue when loading a swagger HOT 2
- Support for JSON body types HOT 1
- parseAccept throws null pointer exception when content is not set HOT 1
- Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" HOT 1
- Failed to build - github CI action? HOT 3
- Extension Doesnt Load Swagger File - AD credentials dont confirm to REGEX
- [BUG] OpenAPI Spec Failing to Parse HOT 7
- How to identify the parameter value in the path url ?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from swurg.