Check for JSON / YAML and also make sure that the parsed object is a …

…dict

This solves some strange edge cases where the parsed "spec_dict" was actually an int or str

w3af/core/data/parsers/doc/open_api/main.py

@@ -120,22 +120,24 @@ def matches_any_keyword(http_resp):
     def is_valid_json_or_yaml(http_resp):
         """
         :param http_resp: The HTTP response we want to parse
-        :return: True if it seems that this page is an open api doc
+        :return: True if it seems that this page is valid JSON / YAML that represents a dict
         """
+        spec_dict = None
+
         try:
-            json.loads(http_resp.body)
+            spec_dict = json.loads(http_resp.body)
         except ValueError:
-            pass
-        else:
-            return True
 
-        try:
-            load(http_resp.body, Loader=Loader)
-        except:
-            return False
-        else:
+            try:
+                spec_dict = load(http_resp.body, Loader=Loader)
+            except:
+                pass
+
+        if isinstance(spec_dict, dict):
             return True
 
+        return False
+
     @staticmethod
     def looks_like_json_or_yaml(http_resp):
         """

w3af/core/data/parsers/doc/open_api/tests/test_main.py

@@ -598,7 +598,7 @@ def test_is_valid_json_or_yaml_true(self):
         self.assertTrue(OpenAPI.is_valid_json_or_yaml(http_resp))
 
         http_resp = self.generate_response('', 'application/yaml')
-        self.assertTrue(OpenAPI.is_valid_json_or_yaml(http_resp))
+        self.assertFalse(OpenAPI.is_valid_json_or_yaml(http_resp))
 
     def test_is_valid_json_or_yaml_false(self):
         http_resp = self.generate_response('"', 'image/jpeg')