stephendonner
commented
7 years ago /cc @psiinon @tarekziade
Open stephendonner opened 7 years ago
stephendonner
commented
7 years ago /cc @psiinon @tarekziade
psiinon
commented
7 years ago @stephendonner the ZAP add-on should already support yaml - we have tests for it that currently pass ;) https://github.com/zaproxy/zap-extensions/blob/alpha/test/resources/org/zaproxy/zap/extension/openapi/PetStore_defn.yaml I'll have a play with http://shavar.stage.mozaws.net/__api__ and see if I can work out whats up. Assuming I can access that of course - is it only accessible via the VPN?
tarekziade
commented
7 years ago Ideally, we should implement the Accept header so that URL returns JSON or Yaml depending on what the client wants (and pick a default one)
psiinon
commented
7 years ago @stephendonner I can import https://shavar.stage.mozaws.net/__api__ into ZAP without any apparent problems :)
The Swagger/OpenAPI view/definition[0] for Shavar is only implemented in YAML.
For reference, I'm using http://shavar.stage.mozaws.net/__api__ - it returns an api file of content-type: application/x-yaml
AFAICT, it should also/primarily return its Swagger/OpenAPI definition file as JSON[1]; I ran into this as a problem when trying to use the OWASP ZAP OpenAPI add-on, to import, spider, and scan Shavar: https://zaproxy.blogspot.com/2017/04/exploring-apis-with-zap.html
As an additional example:
Actual Results:
"No spec provided." is returned
Expected Results:
If you input Kinto's definition URL, https://kinto.dev.mozaws.net/v1/__api__ you get a successful representation of its imported definition file, etc.
Thanks!
[0] https://github.com/mozilla-services/shavar/blob/1a92c9bcf7c5dc82f6a119699f42b1334622501f/shavar/views/swagger.py [1] https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#specification [2] https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#file-structure