search

Endava / cats

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
Apache License 2.0
1.11k stars 75 forks source link

NullPointerException: MediaType.getSchema() #77

Closed security101 closed 8 months ago

security101 commented 10 months ago

Starting with cats recently I face the challenge that I got stuck due to the following Exception. Any support is highly appreciated.

CATS, version 9.0.1, build-time 2023-08-11T17:48:57Z UTC running environments: linux (centos)

openjdk version "17.0.6-ea" 2023-01-17 LTS
OpenJDK Runtime Environment (Red_Hat-17.0.6.0.9-0.3.ea.el8) (build 17.0.6-ea+9-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-17.0.6.0.9-0.3.ea.el8) (build 17.0.6-ea+9-LTS, mixed mode, sharing)

command: java -jar cats.jar lint --contract=swagger.json

openapi: "3.0.1"

error message:


[**********][*******] ▶ start      Start fuzzing path /authentication/token 
java.lang.NullPointerException: Cannot invoke "io.swagger.v3.oas.models.media.Schema.get$ref()" because the return value of "io.swagger.v3.oas.models.media.MediaType.getSchema()" is null
        at com.endava.cats.factory.FuzzingDataFactory.getCurrentRequestSchemaName(FuzzingDataFactory.java:305)
        at com.endava.cats.factory.FuzzingDataFactory.getFuzzDataForHttpMethod(FuzzingDataFactory.java:192)
        at com.endava.cats.factory.FuzzingDataFactory.getFuzzDataForPost(FuzzingDataFactory.java:154)
        at com.endava.cats.factory.FuzzingDataFactory.fromPathItem(FuzzingDataFactory.java:85)
        at com.endava.cats.factory.FuzzingDataFactory_ClientProxy.fromPathItem(Unknown Source)
        at com.endava.cats.command.CatsCommand.fuzzPath(CatsCommand.java:312)
        at com.endava.cats.command.CatsCommand.startFuzzing(CatsCommand.java:230)
        at com.endava.cats.command.CatsCommand.doLogic(CatsCommand.java:183)
        at com.endava.cats.command.CatsCommand.run(CatsCommand.java:137)
        at com.endava.cats.command.LintCommand.run(LintCommand.java:58)
        at picocli.CommandLine.executeUserObject(CommandLine.java:2026)
        at picocli.CommandLine.access$1500(CommandLine.java:148)
        at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2461)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2453)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2415)
        at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2273)
        at picocli.CommandLine$RunLast.execute(CommandLine.java:2417)
        at picocli.CommandLine.execute(CommandLine.java:2170)
        at com.endava.cats.CatsMain.run(CatsMain.java:36)
        at com.endava.cats.CatsMain_ClientProxy.run(Unknown Source)
        at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:132)
        at io.quarkus.runtime.Quarkus.run(Quarkus.java:71)
        at io.quarkus.runtime.Quarkus.run(Quarkus.java:44)
        at io.quarkus.runner.GeneratedMain.main(Unknown Source)

Snipped from Swagger definition

        "/authentication/token": {
            "post": {
                "tags": [
                    "authentication"
                ],
                "operationId": "createAccessToken",
                "parameters": [
                    {
                        "name": "grant_type",
                        "in": "query",
                        "required": false,
                        "schema": {
                            "type": "string"
                        }
                    },
                    {
                        "name": "username",
                        "in": "query",
                        "required": false,
                        "schema": {
                            "type": "string"
                        }
                    },
                    {
                        "name": "password",
                        "in": "query",
                        "required": false,
                        "schema": {
                            "type": "string"
                        }
                    },
                    {
                        "name": "scope",
                        "in": "query",
                        "required": false,
                        "schema": {
                            "type": "string"
                        }
                    }
                ],
                "requestBody": {
                    "content": {
                        "application/x-www-form-urlencoded": {}
                    }
                },
                "responses": {
                    "200": {
                        "description": "successful operation",
                        "content": {
                            "application/json": {
                                "schema": {
                                    "$ref": "#/components/schemas/AccessTokenResponse"
                                }
                            }
                        }
                    },
                    "400": {
                        "description": "bad request",
                        "content": {
                            "application/json": {
                                "schema": {
                                    "$ref": "#/components/schemas/AccessTokenErrorResponse"
                                }
                            }
                        }
                    }
                }
            }
        },
en-milie commented 10 months ago

Hi @security101. Thank you for reporting this. I'll pick it up this week.

en-milie commented 10 months ago

Hi @security101. I'm not able to reproduce this with the code snippet you posted. Is there a chance to get a more complete version?

en-milie commented 9 months ago

Hi @security101. Is there a chance you can attach a more complete version for reproducing the issue?

en-milie commented 8 months ago

Closing this for now.

security101 commented 8 months ago

Sorry for the delayed response and thank you for you patient. Right now I cannot complete version for reproducing the issue. I will do so at a later stage and open a new issue if necessary. Thank you!