search

matusf / openapi-fuzzer

Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!
GNU Affero General Public License v3.0
526 stars 22 forks source link

The fuzzer fails to parse the following spec #40

Open blakat360 opened 7 months ago

blakat360 commented 7 months ago 
openapi: 3.1.0
info:
  title: FastAPI
  version: 0.1.0
paths:
  /heroes/:
    post:
      summary: Create Hero
      operationId: create_hero_heroes__post
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/HeroCreate'
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HeroRead'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
    get:
      summary: Read Heroes
      operationId: read_heroes_heroes__get
      parameters:
      - name: offset
        in: query
        required: false
        schema:
          type: integer
          default: 0
          title: Offset
      - name: limit
        in: query
        required: false
        schema:
          type: integer
          maximum: 100
          exclusiveMinimum: 0
          default: 100
          title: Limit
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/HeroRead'
                title: Response Read Heroes Heroes  Get
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
  /heroes/{hero_id}:
    get:
      summary: Read Hero
      operationId: read_hero_heroes__hero_id__get
      parameters:
      - name: hero_id
        in: path
        required: true
        schema:
          type: integer
          title: Hero Id
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HeroReadWithTeam'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
    patch:
      summary: Update Hero
      operationId: update_hero_heroes__hero_id__patch
      parameters:
      - name: hero_id
        in: path
        required: true
        schema:
          type: integer
          title: Hero Id
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/HeroUpdate'
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HeroRead'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
    delete:
      summary: Delete Hero
      operationId: delete_hero_heroes__hero_id__delete
      parameters:
      - name: hero_id
        in: path
        required: true
        schema:
          type: integer
          title: Hero Id
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema: {}
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
  /teams/:
    post:
      summary: Create Team
      operationId: create_team_teams__post
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/TeamCreate'
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TeamRead'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
    get:
      summary: Read Teams
      operationId: read_teams_teams__get
      parameters:
      - name: offset
        in: query
        required: false
        schema:
          type: integer
          default: 0
          title: Offset
      - name: limit
        in: query
        required: false
        schema:
          type: integer
          maximum: 100
          default: 100
          title: Limit
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/TeamRead'
                title: Response Read Teams Teams  Get
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
  /teams/{team_id}:
    get:
      summary: Read Team
      operationId: read_team_teams__team_id__get
      parameters:
      - name: team_id
        in: path
        required: true
        schema:
          type: integer
          title: Team Id
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TeamReadWithHeroes'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
    patch:
      summary: Update Team
      operationId: update_team_teams__team_id__patch
      parameters:
      - name: team_id
        in: path
        required: true
        schema:
          type: integer
          title: Team Id
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/TeamUpdate'
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TeamRead'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
    delete:
      summary: Delete Team
      operationId: delete_team_teams__team_id__delete
      parameters:
      - name: team_id
        in: path
        required: true
        schema:
          type: integer
          title: Team Id
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema: {}
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
components:
  schemas:
    HTTPValidationError:
      properties:
        detail:
          items:
            $ref: '#/components/schemas/ValidationError'
          type: array
          title: Detail
      type: object
      title: HTTPValidationError
    HeroCreate:
      properties:
        name:
          type: string
          title: Name
        secret_name:
          type: string
          title: Secret Name
        age:
          anyOf:
          - type: integer
          - type: 'null'
          title: Age
        team_id:
          anyOf:
          - type: integer
          - type: 'null'
          title: Team Id
      type: object
      required:
      - name
      - secret_name
      title: HeroCreate
    HeroRead:
      properties:
        name:
          type: string
          title: Name
        secret_name:
          type: string
          title: Secret Name
        age:
          anyOf:
          - type: integer
          - type: 'null'
          title: Age
        team_id:
          anyOf:
          - type: integer
          - type: 'null'
          title: Team Id
        id:
          type: integer
          title: Id
      type: object
      required:
      - name
      - secret_name
      - id
      title: HeroRead
    HeroReadWithTeam:
      properties:
        name:
          type: string
          title: Name
        secret_name:
          type: string
          title: Secret Name
        age:
          anyOf:
          - type: integer
          - type: 'null'
          title: Age
        team_id:
          anyOf:
          - type: integer
          - type: 'null'
          title: Team Id
        id:
          type: integer
          title: Id
        team:
          anyOf:
          - $ref: '#/components/schemas/TeamRead'
          - type: 'null'
      type: object
      required:
      - name
      - secret_name
      - id
      title: HeroReadWithTeam
    HeroUpdate:
      properties:
        name:
          anyOf:
          - type: string
          - type: 'null'
          title: Name
        secret_name:
          anyOf:
          - type: string
          - type: 'null'
          title: Secret Name
        age:
          anyOf:
          - type: integer
          - type: 'null'
          title: Age
        team_id:
          anyOf:
          - type: integer
          - type: 'null'
          title: Team Id
      type: object
      title: HeroUpdate
    TeamCreate:
      properties:
        name:
          type: string
          title: Name
        headquarters:
          type: string
          title: Headquarters
      type: object
      required:
      - name
      - headquarters
      title: TeamCreate
    TeamRead:
      properties:
        name:
          type: string
          title: Name
        headquarters:
          type: string
          title: Headquarters
        id:
          type: integer
          title: Id
      type: object
      required:
      - name
      - headquarters
      - id
      title: TeamRead
    TeamReadWithHeroes:
      properties:
        name:
          type: string
          title: Name
        headquarters:
          type: string
          title: Headquarters
        id:
          type: integer
          title: Id
        heroes:
          items:
            $ref: '#/components/schemas/HeroRead'
          type: array
          title: Heroes
          default: []
      type: object
      required:
      - name
      - headquarters
      - id
      title: TeamReadWithHeroes
    TeamUpdate:
      properties:
        id:
          anyOf:
          - type: integer
          - type: 'null'
          title: Id
        name:
          anyOf:
          - type: string
          - type: 'null'
          title: Name
        headquarters:
          anyOf:
          - type: string
          - type: 'null'
          title: Headquarters
      type: object
      title: TeamUpdate
    ValidationError:
      properties:
        loc:
          items:
            anyOf:
            - type: string
            - type: integer
          type: array
          title: Location
        msg:
          type: string
          title: Message
        type:
          type: string
          title: Error Type
      type: object
      required:
      - loc
      - msg
      - type
      title: ValidationError
blakat360 commented 7 months ago

The problem seems to be one line in this get:

    get:
      summary: Read Heroes
      operationId: read_heroes_heroes__get
      parameters:
      - name: offset
        in: query
        required: false
        schema:
          type: integer
          default: 0
          title: Offset
      - name: limit
        in: query
        required: false
        schema:
          type: integer
          maximum: 100
          exclusiveMinimum: 0 # <------ THIS LINE
          default: 100
          title: Limit
blakat360 commented 7 months ago

I suspect this is either an issue with fastapi, or the openapi crate