search

matusf / openapi-fuzzer

Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!
GNU Affero General Public License v3.0
526 stars 22 forks source link

Panic on main thread (`No Reference found`) #12

Open xvilo opened 2 years ago

xvilo commented 2 years ago

When trying to run the fuzzer with the following options:

RUST_BACKTRACE=1 openapi-fuzzer -s dist/bundled.json -u https://api.somehost.com

I will get the following output

thread 'main' panicked at 'No Reference found!: ReferenceError { name: "400" }', /Users/xvilo/.cargo/registry/src/github.com-1ecc6299db9ec823/openapi_utils-0.2.2/src/dereferer.rs:161:63
stack backtrace:
   0: _rust_begin_unwind
   1: core::panicking::panic_fmt
   2: core::result::unwrap_failed
   3: openapi_utils::dereferer::deref_everything_in_path
   4: <openapiv3::openapi::OpenAPI as openapi_utils::dereferer::SpecExt>::deref_all
   5: openapi_fuzzer::main
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

Full backtrace

thread 'main' panicked at 'No Reference found!: ReferenceError { name: "400" }', /Users/xvilo/.cargo/registry/src/github.com-1ecc6299db9ec823/openapi_utils-0.2.2/src/dereferer.rs:161:63
stack backtrace:
   0:        0x103a8530a - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h269eb561a1b20dd5
   1:        0x103ab311b - core::fmt::write::h7b05e3902e6336ad
   2:        0x103a7a8ba - std::io::Write::write_fmt::h842f6e8e90a0f75d
   3:        0x103a7b955 - std::panicking::default_hook::{{closure}}::h29848b594b0f958e
   4:        0x103a7b52e - std::panicking::default_hook::h8d763c56718ff5ea
   5:        0x103a7c002 - std::panicking::rust_panic_with_hook::hcaf53ab3fe2e7772
   6:        0x103a8590e - std::panicking::begin_panic_handler::{{closure}}::hd3ae1107ade7d1ce
   7:        0x103a85467 - std::sys_common::backtrace::__rust_end_short_backtrace::hdd495b645c18f633
   8:        0x103a7ba43 - _rust_begin_unwind
   9:        0x103acb70f - core::panicking::panic_fmt::hc3d172c021afebe6
  10:        0x103acbdf5 - core::result::unwrap_failed::h5047fe6f720b213d
  11:        0x103a5192a - openapi_utils::dereferer::deref_everything_in_path::h72e7296ee79b38a7
  12:        0x103a5f73f - <openapiv3::openapi::OpenAPI as openapi_utils::dereferer::SpecExt>::deref_all::h181a287db7120bd6
  13:        0x1038d180b - openapi_fuzzer::main::h52c229988ee7a094
  14:        0x103900ae6 - std::sys_common::backtrace::__rust_begin_short_backtrace::he28581362e115688
  15:        0x1038c52c1 - std::rt::lang_start::{{closure}}::h69a42237a09c6143
  16:        0x103a85985 - std::rt::lang_start_internal::hfb267ddb37513000
  17:        0x1038d4f89 - _main

Environment

matusf commented 2 years ago

More: https://github.com/matusf/openapi-fuzzer/issues/7#issuecomment-970323541