OWASP / OFFAT

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
http://owasp.org/OFFAT/
MIT License
460 stars 67 forks source link

Error in Parsing the YAML Config File #142

Open farsheedify opened 3 days ago

farsheedify commented 3 days ago

Issue Summary:

I am encountering a warning when attempting to run a scan with the -tdc flag while passing a YAML file containing the configuration data.

Details: Warning Message: [11:36:22] WARNING actor1 is required config_data_handler.py:34

Steps to Reproduce:

  1. Copy-paste the example configuration from the README file into a YAML file.
  2. Run the following command:

offat -f openapi.json --server http://[serveraddress] -tdc test_data_config.yaml -o output.yaml -of yaml

Environment:

Tested on both Ubuntu and Windows. Installed the tool using pip. Also tested manual installation and running with poetry.

Despite following the example provided in the README, I continue to receive the warning about actor1 being required. I have verified the YAML file's structure and content, but the issue persists across different environments and installation methods. The content of the YAML file is:

actors:
  - actor1:
    request_headers:
      - name: Authorization
        value: Bearer [Token1]
      - name: User-Agent
        value: offat-actor1

    query:
      - name: id
        value: 145
        type: int
      - name: country
        value: uk
        type: str
      - name: city
        value: london
        type: str

    body:
      - name: name
        value: actorone
        type: str
      - name: email
        value: actorone@example.com
        type: str
      - name: phone
        value: +11233211230
        type: str

    unauthorized_endpoints: # For broken access control
      - "/store/order/.*"