dmdhrumilmistry
commented
4 months ago Hi @dmdhrumilmistry , I tried using the OFFAT Tool, it did work when I use the https://petstore.swagger.io/v2/swagger.json, but when I try using other open source API's swagger.json, the tool fails to run and throws errors. I tried using multiple API's but it throws error for all of them. I tried to compare the JSON file, it's almost similar. So just wanted to understand what the issue is!
Also, do you have any documentation on what has to be inserted when we use the Docker to Run the tool. Like what should be the user input for "OpenAPI" in the api/v1/scan?
Hi @puriaayush01,
I believe there could be 2 issues here.
-
OFFAT failed to parse Swagger/OAS documentation. If you're using Swagger files then I've covered most of the cases, so It should be able to parse it successfully. While OAS (v3) documentation could have some parsing bugs.
-
OFFAT uses
aiohttpwhich sends requests asynchronously, so make sure you're server can handle those requests. You can handle rate limit using-rlswitch which will limit requests/second.
Can you provide more information on this such as OFFAT and python versions, which open source API you're trying to asses? what errors are you getting?
I think APIs won't work as of now It could return 500, I wrote a while back and there has been several changes after initially writing it. I would prefer to use main docker image for scanning APIs in CI/CD.
Hi @dmdhrumilmistry , I tried using the OFFAT Tool, it did work when I use the https://petstore.swagger.io/v2/swagger.json, but when I try using other open source API's swagger.json, the tool fails to run and throws errors. I tried using multiple API's but it throws error for all of them. I tried to compare the JSON file, it's almost similar. So just wanted to understand what the issue is!
Also, do you have any documentation on what has to be inserted when we use the Docker to Run the tool. Like what should be the user input for "OpenAPI" in the api/v1/scan?