My openapi.json definition file looks like this:
{
"swagger": "2.0",
"info": {
"title": "BSS-API",
"description": "Client BSS API",
"version": "1.0.0"
},
"host": "api.client.tst",
"basePath": "/",
"schemes": [
"https"
],
"consumes": [
"application/json",
"application/javascript"
],
"produces": [
"application/json",
"application/javascript"
],
"paths": {
"/availability/username_password_pair/{username}/{password}": {
"get": {
"summary": "Returns username password pair availability information",
"responses": {
"200": {
"description": "Availability information"
},
"default": {
"description": "an \"unexpected\" error"
}
}
},
"parameters": [
{
"$ref": "#/securityDefinitions/api_key"
},
{
"name": "username",
"in": "path",
"required": true,
"type": "string"
},
{
"name": "password",
"in": "path",
"required": true,
"type": "string"
}
]
}
},
"definitions": {},
"securityDefinitions": {
"api_key": {
"type": "apiKey",
"name": "HTTP-apikey",
"in": "header"
}
}
}
It gives me this inside the output when executing zap-api-scan.py:
// ... some other non-related output
2017-11-22 16:22:01,280 Import OpenAPI File openapi.json
2017-11-22 16:22:01,707 Failed to import any URLs
2017-11-22 16:22:01,708 Number of Imported URLs: 0
2017-11-22 16:22:01,708 Import warnings: []
// ... more unrelated output
8360 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on 0.0.0.0:39381
9502 [ZAP-Import-OpenAPI-1] WARN org.zaproxy.zap.extension.openapi.ExtensionOpenApi -
java.lang.NullPointerException
at org.zaproxy.zap.extension.openapi.generators.PathGenerator.generateFullPath(PathGenerator.java:51)
at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.generatePath(RequestModelConverter.java:63)
at org.zaproxy.zap.extension.openapi.converter.swagger.RequestModelConverter.convert(RequestModelConverter.java:48)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.convertToRequest(SwaggerConverter.java:75)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.getRequestModels(SwaggerConverter.java:69)
at org.zaproxy.zap.extension.openapi.ExtensionOpenApi$3.run(ExtensionOpenApi.java:212)
9691 [ZAP-ProxyThread-9] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/ascan/action/scan/] from [127.0.0.1]:
Provided parameter has illegal or unrecognized value (illegal_parameter) : url
at org.zaproxy.zap.extension.ascan.ActiveScanAPI.scanURL(ActiveScanAPI.java:763)
at org.zaproxy.zap.extension.ascan.ActiveScanAPI.handleApiAction(ActiveScanAPI.java:293)
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:431)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:456)
at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:317)
at java.lang.Thread.run(Thread.java:748)
14705 [ZAP-ProxyThread-10] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/ascan/view/status/] from [127.0.0.1]:
Does Not Exist (does_not_exist) : scanId
at org.zaproxy.zap.extension.ascan.ActiveScanAPI.getActiveScan(ActiveScanAPI.java:654)
at org.zaproxy.zap.extension.ascan.ActiveScanAPI.handleApiView(ActiveScanAPI.java:827)
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:467)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:456)
at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:317)
at java.lang.Thread.run(Thread.java:748)
ERROR: Job failed: exit status 1
See also https://stackoverflow.com/questions/47450610/zap-api-scan-error-using-zap-api-scan-py for more information about the issue and the command line arguments I used.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4