Open xmunoz opened 2 years ago
Hi, thanks for the report. Could you please send the specification? I'll not be able to debug it without it.
I see the same crash with a simple login endpoint description
---
openapi: 3.0.3
info:
title: OpenAPI Fuzzer reproducer
version: 1.0.0
paths:
/api/authentication/login:
post:
summary: Login to app
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LoginRequest'
responses:
"200":
description: Login successful
headers:
Authorization:
description: The bearer token to be used for all requests where authentication
is necessary
required: true
style: simple
schema:
type: string
content:
application/json: {}
"400":
description: Authentication failed
content:
application/json: {}
/api/authentication/logout:
post:
responses:
"201":
description: logged out
/api/authentication/register:
post:
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RegistrationRequest'
responses:
"200":
description: OK
components:
schemas:
LoginRequest:
description: POJO that represents the contents of a login request.
required:
- email
- password
type: object
properties:
email:
minLength: 1
type: string
nullable: false
password:
minLength: 1
type: string
nullable: false
RegistrationRequest:
description: POJO that represents the contents of a registration request.
required:
- email
- firstName
- lastName
- password
type: object
properties:
email:
minLength: 1
type: string
nullable: false
firstName:
minLength: 1
type: string
nullable: false
lastName:
minLength: 1
type: string
nullable: false
password:
minLength: 1
type: string
nullable: false
I had the same error and I've solved the problem by excluding response body content type from swagger, leaving status_code and description only. For example, in case of @theobisproject it would be this way:
responses:
"200":
description: Login successful
headers:
Authorization:
description: The bearer token to be used for all requests where authentication
is necessary
required: true
style: simple
schema:
type: string
content: {}
"400":
description: Authentication failed
content: {}
Hello! I tried to use this project to fuzz my API and it crashed. Here is the backtrace: