search

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.56k stars 293 forks source link

JsonSerializationException #280

Open JuKu opened 3 years ago

JuKu commented 3 years ago

Hi,

first, thanks for your great work!

I use RESTler and want to compile Swagger / OpenAPI 2.0 specification. If i run Restler compile --api_spec swagger.json, i get the following exception:

Unhandled exception. System.AggregateException: One or more errors occurred. (Unexpected token when deserializing object: StartObject. Path 'paths['/admin/posgroup/{id}/show'].post.parameters[1]', line 1, position 380.)
 ---> Newtonsoft.Json.JsonSerializationException: Unexpected token when deserializing object: StartObject. Path 'paths['/admin/posgroup/{id}/show'].post.parameters[1]', line 1, position 380.
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateDictionary(IDictionary dictionary, JsonReader reader, JsonDictionaryContract contract, JsonProperty containerProperty, String id)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.SetPropertyValue(JsonProperty property, JsonConverter propertyConverter, JsonContainerContract containerContract, JsonProperty containerProperty, JsonReader reader, Object target)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Populate(JsonReader reader, Object target)
   at Newtonsoft.Json.Serialization.JsonSerializerProxy.PopulateInternal(JsonReader reader, Object target)
   at Newtonsoft.Json.JsonSerializer.Populate(JsonReader reader, Object target)
   at NJsonSchema.ExtensionDataDeserializationConverter.ReadJson(JsonReader reader, Type objectType, Object existingValue, JsonSerializer serializer)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.DeserializeConvertable(JsonConverter converter, JsonReader reader, Type objectType, Object existingValue)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
   at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
   at Newtonsoft.Json.JsonSerializer.Deserialize(JsonReader reader, Type objectType)
   at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)
   at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings)
   at NJsonSchema.Infrastructure.JsonSchemaSerialization.FromJson[T](String json, IContractResolver contractResolver)
   at NJsonSchema.Infrastructure.JsonSchemaSerialization.FromJsonAsync[T](String json, SchemaType schemaType, String documentPath, Func`2 referenceResolverFactory, IContractResolver contractResolver)
   at NSwag.OpenApiDocument.FromJsonAsync(String data, String documentPath, SchemaType expectedSchemaType, Func`2 referenceResolverFactory)
   at NSwag.OpenApiDocument.FromFileAsync(String filePath)
   --- End of inner exception stack trace ---
   at Microsoft.FSharp.Control.AsyncResult`1.Commit() in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\async.fs:line 349
   at Microsoft.FSharp.Control.AsyncPrimitives.RunSynchronouslyInCurrentThread[a](CancellationToken cancellationToken, FSharpAsync`1 computation) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\async.fs:line 882
   at Microsoft.FSharp.Control.AsyncPrimitives.RunSynchronously[T](CancellationToken cancellationToken, FSharpAsync`1 computation, FSharpOption`1 timeout) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\async.fs:line 890
   at Microsoft.FSharp.Control.FSharpAsync.RunSynchronously[T](FSharpAsync`1 computation, FSharpOption`1 timeout, FSharpOption`1 cancellationToken) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\async.fs:line 1154
   at Restler.Workflow.swaggerDocs@88-1.Invoke(String fp) in /home/jkuenzel/restler_bin/uni/restler_repo/restler-fuzzer/src/compiler/Restler.Compiler/Workflow.fs:line 88
   at Microsoft.FSharp.Primitives.Basics.List.map[T,TResult](FSharpFunc`2 mapping, FSharpList`1 x) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\local.fs:line 248
   at Microsoft.FSharp.Collections.ListModule.Map[T,TResult](FSharpFunc`2 mapping, FSharpList`1 list) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\list.fs:line 75
   at Restler.Workflow.generateGrammarFromSwagger(String grammarOutputDirectoryPath, FSharpOption`1 swaggerDoc, Config config) in /home/jkuenzel/restler_bin/uni/restler_repo/restler-fuzzer/src/compiler/Restler.Compiler/Workflow.fs:line 88
   at Restler.Workflow.generateRestlerGrammar(FSharpOption`1 swaggerDoc, Config config) in /home/jkuenzel/restler_bin/uni/restler_repo/restler-fuzzer/src/compiler/Restler.Compiler/Workflow.fs:line 247
   at Program.main(String[] argv) in /home/jkuenzel/restler_bin/uni/restler_repo/restler-fuzzer/src/compiler/Restler.CompilerExe/Program.fs:line 37

JSON:

{
  "basePath": "/some_dir/index_dev.php/",
  "paths": {
    "/admin/posgroup/{id}/show": {
      "post": {
        "summary": "posgroup-admin_show",
        "produces": ["application/xml"],
        "description": "posgroup-admin_show",
        "parameters": [
          {
            "default": "admin.posGroup",
            "in": "form",
            "name": "_sonata_admin",
            "description": "_sonata_admin",
            "operationId": "_sonata_admin",
            "type": "string",
            "required": false
          },
]
      },
      "get": {
        "summary": "posgroup-admin_show",
        "produces": ["application/xml"],
        "description": "posgroup-admin_show",
        "parameters": [
          {
            "default": "admin.posGroup",
            "in": "form",
            "name": "_sonata_admin",
            "description": "_sonata_admin",
            "operationId": "_sonata_admin",
            "type": "string",
            "required": false
          }
          //...
        ]
      },
    },
    //...

The JSON was created with Java org.json library.

Is there a bug in your JSON deserializer?

JuKu commented 3 years ago

I think i have found the cause and the solution: It seems to be, that the in-type "form" is not allowed. Instead "query" has to be used here. Than the compilation works.

mbiuki commented 3 years ago

@JuKu, on this note, form could be used in query parameters. See: https://swagger.io/docs/specification/serialization/