Host/Server Parsing Bug leading to scan crash

OWASP / OFFAT

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

http://owasp.org/OFFAT/

MIT License

431 stars 64 forks source link

Host/Server Parsing Bug leading to scan crash #52

Closed dmdhrumilmistry closed 5 months ago

dmdhrumilmistry commented 5 months ago

          Hi @dmdhrumilmistry . As per your suggestion I have tried using offat with Python 3.11. But Unfortunately I am getting the same error:

Originally posted by @puriaayush01 in https://github.com/OWASP/OFFAT/issues/45#issuecomment-1931505552

puriaayush01 commented 5 months ago

Hi, @dmdhrumilmistry I am sharing the JSON file with you. Please verify from your end as well. api.json

dmdhrumilmistry commented 5 months ago

Hey @puriaayush01

The file that you've provided is not a valid openapi/swagger documentation file. I would suggest to review openapi/swagger documentation for creating api documentations.

puriaayush01 commented 5 months ago

Hey @dmdhrumilmistry . I am using the VAmPi Open API Swagger file to test. Is this not valid?

dmdhrumilmistry commented 5 months ago

Hey @dmdhrumilmistry . I am using the VAmPi Open API Swagger file to test. Is this not valid?

I believe you've mistakenly attached postman documentation. The snippets you've attached is missing server urls so tool doesn't know where to send requests. You need to add server urls to the documentation.

servers:
  - url: http://{IP}:{PORT}/{API_BASEPATH}

Note: Replace variables with your values.

You can use Swagger editor for making necessary changes (It might convert your json file to yaml format)

You can use the openapi documentation after adding server urls.