The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
Tested on both Ubuntu and Windows.
Installed the tool using pip.
Also tested manual installation and running with poetry.
Despite following the example provided in the README, I continue to receive the warning about actor1 being required. I have verified the YAML file's structure and content, but the issue persists across different environments and installation methods. The content of the YAML file is:
actors:
- actor1:
request_headers:
- name: Authorization
value: Bearer [Token1]
- name: User-Agent
value: offat-actor1
query:
- name: id
value: 145
type: int
- name: country
value: uk
type: str
- name: city
value: london
type: str
body:
- name: name
value: actorone
type: str
- name: email
value: actorone@example.com
type: str
- name: phone
value: +11233211230
type: str
unauthorized_endpoints: # For broken access control
- "/store/order/.*"
Issue Summary:
I am encountering a warning when attempting to run a scan with the -tdc flag while passing a YAML file containing the configuration data.
Details: Warning Message: [11:36:22] WARNING actor1 is required config_data_handler.py:34
Steps to Reproduce:
offat -f openapi.json --server http://[serveraddress] -tdc test_data_config.yaml -o output.yaml -of yaml
Environment:
Tested on both Ubuntu and Windows. Installed the tool using pip. Also tested manual installation and running with poetry.
Despite following the example provided in the README, I continue to receive the warning about actor1 being required. I have verified the YAML file's structure and content, but the issue persists across different environments and installation methods. The content of the YAML file is: