You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am working with the Fuzzer and while it is working well for resources without path parameters, I experienced an exception if I include a path parameter directly under a resource (called "path item" in the documentation of OpenAPI). The idea is that for a resource like /blacklists/{blacklistId} it is not making sense to add a PATH-parameter "blacklistId" to each single CRUD method, instead it should be defined one level above. Both would be valid syntax but my parser adds it to the path item and not the operations and as the document is about 7.000 lines and I cannot find a way to make the parser add it to each operation, it would be nice if you could fix this.
Reference to documentation
Each template expression in the path MUST correspond to a path parameter that is included in the Path Item itself and/or in each of the Path Item’s Operations. An exception is if the path item is empty, for example due to ACL constraints, matching path parameters are not required.
This error has the same log entry like described here: #46
Maybe it has a similar or the same cause.
APIFuzzer debug log
3496041 [ DEBUG] APIFuzzer.JsonSectionAbove-schema [move_json_parts.py:40 - _resolve ]: Processed: schemas -> {"schemas": {"Blacklist": {"properties": {"entries": {"items": {"type": "string"}, "type": "array"},
3496041 [ DEBUG] APIFuzzer.JsonSectionAbove-schema [move_json_parts.py:40 - _resolve ]: Processed: components -> {"components": {"schemas": {"Blacklist": {"properties": {"entries": {"items": {"type": "string"}, "t
3496041 [ INFO] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:108 - process_api_resources ]: Start preparation
3496041 [ ERROR] APIFuzzer [fuzzer.py:47 - prepare ]: Exception: 'list' object has no attribute 'get'
Traceback (most recent call last):
File "/home/mysecretusername/APIFuzzer/APIFuzzer/apifuzzer/fuzzer.py", line 45, in prepare
template_generator.process_api_resources()
File "/home/mysecretusername/APIFuzzer/APIFuzzer/apifuzzer/openapi_template_generator.py", line 109, in process_api_resources
self._process_request_body()
File "/home/mysecretusername/APIFuzzer/APIFuzzer/apifuzzer/openapi_template_generator.py", line 123, in _process_request_body
paths[resource][method].get("requestBody", {}).get("content", [])
AttributeError: 'list' object has no attribute 'get'
Unexpected exception happened during fuzz test preparation: 'list' object has no attribute 'get'. Feel free to report the issue
Related API definition
openapi: 3.0.3
info:
title: Generated API
version: "1.0"
servers:
- url: https://mysecretserver/1.0
paths:
/blacklists/{blacklistId}:
get:
responses:
"200":
description: OK
content:
text/xml:
schema:
$ref: '#/components/schemas/Blacklist'
parameters:
- in: path
name: blacklistId
schema:
format: int64
type: integer
required: true
description: The ID of the blacklist to retrieve details on
components:
schemas:
Blacklist:
type: object
properties:
id:
format: int64
type: integer
name:
type: string
entries:
type: array
items:
type: string
In this simple example I added a path parameter 'blacklistId' to be used for all future CRUD methods. Actually I did this not by myself but this was generated by some generator and the output can be used to e.g. provide a graphical documentation and everything looks fine.
First I tried different variations from the documentation, e.g. changing order of attributes, testing a string instead of a long but as soon as I add the parameter to the yaml, the fuzzer quits. I also tried renaming the parameter as 'blacklistid' but with no success. I can remove the whole Schema and all references to it,
Then I came up testing if it is a difference if I move the parameter description to the path item's operation:
---
openapi: 3.0.3
info:
title: Generated API
version: "1.0"
servers:
- url: https://mysecretserver/1.0
paths:
/blacklists/{blacklistId}:
get:
responses:
"200":
description: OK
content:
text/xml:
schema:
$ref: '#/components/schemas/Blacklist'
parameters:
- in: path
name: blacklistId
schema:
format: int64
type: integer
required: true
description: The ID of the blacklist to retrieve details on
components:
schemas:
Blacklist:
type: object
properties:
id:
format: int64
type: integer
name:
type: string
entries:
type: array
items:
type: string
Now the parameter belongs to the GET method and the fuzzer starts running.
Software environment (please complete the following information):
OS: Ubuntu 20.04.3 LTS
Python version: Python 3.8.10
APIFuzzer Version: 0.9.12
The text was updated successfully, but these errors were encountered:
Describe the bug
I am working with the Fuzzer and while it is working well for resources without path parameters, I experienced an exception if I include a path parameter directly under a resource (called "path item" in the documentation of OpenAPI). The idea is that for a resource like /blacklists/{blacklistId} it is not making sense to add a PATH-parameter "blacklistId" to each single CRUD method, instead it should be defined one level above. Both would be valid syntax but my parser adds it to the path item and not the operations and as the document is about 7.000 lines and I cannot find a way to make the parser add it to each operation, it would be nice if you could fix this.
Reference to documentation
See: https://spec.openapis.org/oas/v3.1.0#path-templating
This error has the same log entry like described here: #46
Maybe it has a similar or the same cause.
APIFuzzer debug log
Related API definition
In this simple example I added a path parameter 'blacklistId' to be used for all future CRUD methods. Actually I did this not by myself but this was generated by some generator and the output can be used to e.g. provide a graphical documentation and everything looks fine.
First I tried different variations from the documentation, e.g. changing order of attributes, testing a string instead of a long but as soon as I add the parameter to the yaml, the fuzzer quits. I also tried renaming the parameter as 'blacklistid' but with no success. I can remove the whole Schema and all references to it,
Then I came up testing if it is a difference if I move the parameter description to the path item's operation:
Now the parameter belongs to the GET method and the fuzzer starts running.
Software environment (please complete the following information):
The text was updated successfully, but these errors were encountered: