[BUG] issue when importing Swagger file "Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" about openapi-parser HOT 6 CLOSED

Hey @TridenGroup could you kindly try to compile the version on this repository and use it. The PortSwigger fork - and thereby the BApp store version - is lagging way behind this repository.

Once done please share the results!

from openapi-parser.

Hey @TridenGroup could you kindly try to compile the version on this repository and use it. The PortSwigger fork - and thereby the BApp store version - is lagging way behind this repository.

Once done please share the results!

Hi Mr. Teyar @aress31 , thanks for your quick response. Sorry for the delay, I had some issues with the correct Java version getting read in order to install Gradle.

tl;dr: same error as before.

For any other Kali users who had similar challenges:
└─$ ls -l /usr/bin/java
lrwxrwxrwx 1 root root 22 Feb 18 2021 /usr/bin/java -> /etc/alternatives/java
/usr/bin/java is a symlink pointing to /etc/alternatives/java. This suggests that the java executable is managed by the update-alternatives system, which allows us to switch between different versions of Java. The solution was to run update-alternatives --config java and select the newly installed Java 8.

I then installed Gradle, and compiled the extension from the repo, and loaded it into Burp Suite Pro:
'OpenAPI Parser' tab initialised
'Send to OpenAPI Parser' option added to the context menu
'HTTPListener' registered

I selected the OpenAPI Parser extension tab (I made sure to unload the BApp store version, and exit / reload BSP before loading the compiled extension), and loaded the /yml API specification file. Nothing seemed to happen, so I hit the "Load" button (I don't think that existed in the BApp store version).

However, the status bar at the bottom of BSP still presents an error:
Unable to read the OpenAPI resource /home/user/Documents/clients/client/foo_api_v1.0.0.yml. Check the extension's error log for the stack trace and report the issue.

From the Burp extensions / Installed tab, under Errors I see the same error as I got with the BApp store version:

Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" because the return value of "io.swagger.v3.oas.models.parameters.RequestBody.getContent()" is null

from openapi-parser.

@TridenGroup, you should be able to view the error logs under:

And that is correct in the latest version Browse and Load are decoupled for better UX.

from openapi-parser.

@TridenGroup (and @aress31) I ran into this same issue this evening and after comparing working and non-working API specifications and a little experimentation, it came down to some of the responses sections in the specs that weren't loading having no content definitions. (The getContent() is null portion of the error message was the clue.)

e.g.,

'/firstpath/':
  ...
  responses:
    '200':
      description: some description
'/nextpath/':
  ...

Once the content sub-section was stubbed in, the API spec loaded normally.

e.g.,

'/firstpath/':
  ...
  responses:
    '200':
      description: some description
      content:
        application/json:
          schema:
            type: string
'/nextpath/':
  ...

from openapi-parser.

... it came down to some of the responses sections in the specs that weren't loading having no content definitions.

I can confirm that the API docs I was provided for this test did not have completed content definitions.

(The getContent() is null portion of the error message was the clue.)

Thank you. In hindsight it makes perfect sense.

@aress31 I suggest some clearer messaging on this issue being due to an incomplete or malformed Open API spec file, since there's likely others that will run in to this.
I apologize that I wasn't able to get you the logs you requested. The assessment ended and I had to move to the next.

Thanks to both of you @aress31 @holosc0ld

from openapi-parser.

Latest version should handle better null checks and be more robust when parsing incomplete/invalid specs. @TridenGroup try to re-load the faulty spec and feel free to reopen this ticket if the error persists.

from openapi-parser.