Zaproxy: OpenAPI API import might return before completely importing everything
Describe the bug
When I only have one url defined in my openAPI definition and I execute:
docker run -v {some_path}:/zap/wrk/:rw \
-t owasp/zap2docker-weekly zap-api-scan.py \
-t openapi.json \
-f openapi \
-r zapReport.html
I sometimes get this noURLsException:
(...logs in the middle omitted...)
and it ends by scan nothing as the screenshot above.
However, if I execute the same command again, sometimes it is able to get the url and successfully scan it.
Then if I have 2 urls or above in my openAPi definition file, this issue will not happen.
Here is my openAPI definition:
{
"openapi": "3.0.1",
"info": {
"title": "xxx",
"description": "xxx",
"version": "1.0"
},
"servers": [
{
"url": "http://localhost:7071/api"
}
],
"paths": {
"/user": {
"get": {
"summary": "user",
"operationId": "get-user",
"parameters": [
{
"name": "name",
"in": "query",
"description": "name of the user",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": null
}
}
}
}
},
"components": {
"securitySchemes": {
"apiKeyHeader": {
"type": "apiKey",
"name": "Ocp-Apim-Subscription-Key",
"in": "header"
},
"apiKeyQuery": {
"type": "apiKey",
"name": "subscription-key",
"in": "query"
}
}
},
"security": [
{
"apiKeyHeader": []
},
{
"apiKeyQuery": []
}
]
}
Expected behavior
ZAP should be able to get the url from openapi definition file even if there is only one url.
Software versions
- ZAP: owasp/zap2docker-weekly
- OS: MacOS Mojave 10.14.5
shervyna
All 3 comments
If you are able to reproduce the issue consistently could you run with -d and attach the logs when it fails and runs successfully?
thc202
on 13 Apr 2020
The logs are pretty long so I put the logs in separate files here:
zap api scan_failed_logs.log
zap api scan_success_logs.log
shervyna
on 13 Apr 2020
Facing the same issue..
palok86
on 25 Jul 2020
Related issues
psiinon
路
3Comments
jsoref
路
3Comments
FastNinja
路
4Comments
ossie-git
路
3Comments
lillesvin
路
3Comments