matusf / openapi-fuzzer

Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!
GNU Affero General Public License v3.0
526 stars 22 forks source link

thread 'main' panicked at 'called `Option::unwrap()` on a `None` value' #13

Open xmunoz opened 2 years ago

xmunoz commented 2 years ago

Hello! I tried to use this project to fuzz my API and it crashed. Here is the backtrace:

$ RUST_BACKTRACE=1 openapi-fuzzer -s spec-api.yaml -u https://test.local/api/v1
thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', /home/user/.cargo/registry/src/github.com-1ecc6299db9ec823/openapi_utils-0.2.2/src/dereferer.rs:82:56
stack backtrace:
   0: rust_begin_unwind
             at /rustc/2fd73fabe469357a12c2c974c140f67e7cdd76d0/library/std/src/panicking.rs:493:5
   1: core::panicking::panic_fmt
             at /rustc/2fd73fabe469357a12c2c974c140f67e7cdd76d0/library/core/src/panicking.rs:92:14
   2: core::panicking::panic
             at /rustc/2fd73fabe469357a12c2c974c140f67e7cdd76d0/library/core/src/panicking.rs:50:5
   3: openapi_utils::dereferer::deref_everything_in_path
   4: <openapiv3::openapi::OpenAPI as openapi_utils::dereferer::SpecExt>::deref_all
   5: openapi_fuzzer::main
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
matusf commented 2 years ago

Hi, thanks for the report. Could you please send the specification? I'll not be able to debug it without it.

theobisproject commented 2 years ago

I see the same crash with a simple login endpoint description

---
openapi: 3.0.3
info:
  title: OpenAPI Fuzzer reproducer
  version: 1.0.0
paths:
  /api/authentication/login:
    post:
      summary: Login to app
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/LoginRequest'
      responses:
        "200":
          description: Login successful
          headers:
            Authorization:
              description: The bearer token to be used for all requests where authentication
                is necessary
              required: true
              style: simple
              schema:
                type: string
          content:
            application/json: {}
        "400":
          description: Authentication failed
          content:
            application/json: {}
  /api/authentication/logout:
    post:
      responses:
        "201":
          description: logged out
  /api/authentication/register:
    post:
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RegistrationRequest'
      responses:
        "200":
          description: OK
components:
  schemas:
    LoginRequest:
      description: POJO that represents the contents of a login request.
      required:
      - email
      - password
      type: object
      properties:
        email:
          minLength: 1
          type: string
          nullable: false
        password:
          minLength: 1
          type: string
          nullable: false
    RegistrationRequest:
      description: POJO that represents the contents of a registration request.
      required:
      - email
      - firstName
      - lastName
      - password
      type: object
      properties:
        email:
          minLength: 1
          type: string
          nullable: false
        firstName:
          minLength: 1
          type: string
          nullable: false
        lastName:
          minLength: 1
          type: string
          nullable: false
        password:
          minLength: 1
          type: string
          nullable: false
Eugene24 commented 2 years ago

I had the same error and I've solved the problem by excluding response body content type from swagger, leaving status_code and description only. For example, in case of @theobisproject it would be this way:

      responses:
        "200":
          description: Login successful
          headers:
            Authorization:
              description: The bearer token to be used for all requests where authentication
                is necessary
              required: true
              style: simple
              schema:
                type: string
                content: {}
        "400":
          description: Authentication failed
          content: {}