Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] issue when importing Swagger file "Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" #97

Closed
4 tasks done
TridenGroup opened this issue May 9, 2023 · 6 comments
Closed
4 tasks done

[BUG] issue when importing Swagger file "Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" #97

TridenGroup opened this issue May 9, 2023 · 6 comments
Assignees
@aress31
Labels
bug

Comments

@TridenGroup
Copy link

TridenGroup commented May 9, 2023
edited
Loading

Prerequisites Checklist

Before submitting the issue, please make sure you have:

  • Thoroughly read the README file.
  • Checked the project requirements and ensured they are met.
  • Searched for existing issues that may address the problem.
  • Performed basic troubleshooting steps.

Description

I installed openapi-parser from the bApp store. After selecting an OpenAPI 3.0.0 specification file, I get the following error message:

Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" because the return value of "io.swagger.v3.oas.models.responses.ApiResponse.getContent()" is null

This message appears at the bottom of the Burp Suite Window. I have reviewed the file and it is readable YAML, not a corrupt file.

Steps to Reproduce

  1. Open Extensions tab -> BApp store
  2. Install OpenAPI Parser
  3. Select OpenAPI Parser tab
  4. Browse / Load file
  5. Select api.yml file
  6. Error is produced: "Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" because the return value of "io.swagger.v3.oas.models.responses.ApiResponse.getContent()" is null"

Expected Behavior

I expected the yaml file to be ingested

Screenshots

None useful.

Environment

  • OS: Kali Linux 2022.4 kali-rolling
  • Java version: openjdk 17.0.5 2022-10-18
  • Jython version: standalone 2.7.3
  • Gradle version: n/a; installed via BApp store: "Alternatively, you can skip the Compilation step entirely and download the extension directly from the [BApp Store]"
  • Burp Suite version: Burp Suite Professional v2023.3.5
  • Swurg version: OpenAPI Parser 3.1

OpenAPI Specification

  • OpenAPI version: 3.0.0
  • Sample specification snippet (if applicable):
    openapi: '3.0.0'
    info:
    version: '1.0.0'
    title: '[REDACTED]'
    description: [REDACTED] API
    servers:
    - url: [REDACTED]
    description: [REDACTED]
    paths:
    /api/account/token/:
    post:

^ Just do demonstrate that it is formatted as expected.

Error Message

I don't see an Extender Error tab but error message at bottom of the app reads: "Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" because the return value of "io.swagger.v3.oas.models.responses.ApiResponse.getContent()" is null"

Additional Context

None more I can think of. Please let me know if more information is needed.

I would post this issue on the PortSwigger/openapi-parser repo but I do not see any way to submit issues on that branch.

EDIT: formatting.
@TridenGroup TridenGroup added the bug label May 9, 2023
@aress31
Copy link
Owner

aress31 commented May 9, 2023

Hey @TridenGroup could you kindly try to compile the version on this repository and use it. The PortSwigger fork - and thereby the BApp store version - is lagging way behind this repository.

Once done please share the results!

@TridenGroup
Copy link
Author

TridenGroup commented May 10, 2023
edited
Loading

Hey @TridenGroup could you kindly try to compile the version on this repository and use it. The PortSwigger fork - and thereby the BApp store version - is lagging way behind this repository.

Once done please share the results!

Hi Mr. Teyar @aress31 , thanks for your quick response. Sorry for the delay, I had some issues with the correct Java version getting read in order to install Gradle.

tl;dr: same error as before.

For any other Kali users who had similar challenges:
└─$ ls -l /usr/bin/java
lrwxrwxrwx 1 root root 22 Feb 18 2021 /usr/bin/java -> /etc/alternatives/java
/usr/bin/java is a symlink pointing to /etc/alternatives/java. This suggests that the java executable is managed by the update-alternatives system, which allows us to switch between different versions of Java. The solution was to run update-alternatives --config java and select the newly installed Java 8.

I then installed Gradle, and compiled the extension from the repo, and loaded it into Burp Suite Pro:
'OpenAPI Parser' tab initialised
'Send to OpenAPI Parser' option added to the context menu
'HTTPListener' registered

I selected the OpenAPI Parser extension tab (I made sure to unload the BApp store version, and exit / reload BSP before loading the compiled extension), and loaded the /yml API specification file. Nothing seemed to happen, so I hit the "Load" button (I don't think that existed in the BApp store version).

However, the status bar at the bottom of BSP still presents an error:
Unable to read the OpenAPI resource /home/user/Documents/clients/client/foo_api_v1.0.0.yml. Check the extension's error log for the stack trace and report the issue.

From the Burp extensions / Installed tab, under Errors I see the same error as I got with the BApp store version:

Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" because the return value of "io.swagger.v3.oas.models.parameters.RequestBody.getContent()" is null

@aress31
Copy link
Owner

aress31 commented May 10, 2023
edited
Loading

@TridenGroup, you should be able to view the error logs under:

image

And that is correct in the latest version Browse and Load are decoupled for better UX.

@holosc0ld
Copy link

@TridenGroup (and @aress31) I ran into this same issue this evening and after comparing working and non-working API specifications and a little experimentation, it came down to some of the responses sections in the specs that weren't loading having no content definitions. (The getContent() is null portion of the error message was the clue.)

e.g.,

'/firstpath/':
  ...
  responses:
    '200':
      description: some description
'/nextpath/':
  ...

Once the content sub-section was stubbed in, the API spec loaded normally.

e.g.,

'/firstpath/':
  ...
  responses:
    '200':
      description: some description
      content:
        application/json:
          schema:
            type: string
'/nextpath/':
  ...

@TridenGroup
Copy link
Author

TridenGroup commented Jul 14, 2023
edited
Loading

... it came down to some of the responses sections in the specs that weren't loading having no content definitions.

I can confirm that the API docs I was provided for this test did not have completed content definitions.

(The getContent() is null portion of the error message was the clue.)

Thank you. In hindsight it makes perfect sense.

@aress31 I suggest some clearer messaging on this issue being due to an incomplete or malformed Open API spec file, since there's likely others that will run in to this.
I apologize that I wasn't able to get you the logs you requested. The assessment ended and I had to move to the next.

Thanks to both of you @aress31 @holosc0ld

@aress31
Copy link
Owner

aress31 commented Dec 23, 2023
edited
Loading

Latest version should handle better null checks and be more robust when parsing incomplete/invalid specs. @TridenGroup try to re-load the faulty spec and feel free to reopen this ticket if the error persists.

@aress31 aress31 closed this as completed Dec 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aress31 aress31

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aress31 @holosc0ld @TridenGroup