Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error Handling Circular References in OpenAPI 3.0 Schemas #5285

Closed
dimitriospapadimas opened this issue Jun 11, 2024 · 1 comment · Fixed by #5491
Closed

Error Handling Circular References in OpenAPI 3.0 Schemas #5285

dimitriospapadimas opened this issue Jun 11, 2024 · 1 comment · Fixed by #5491
Labels
DAST Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
nuclei v3.3.1

Comments

@dimitriospapadimas
Copy link

Nuclei version:

v3.2.7

Current Behavior:

When running nuclei with the command nuclei -l file.yaml -im openapi, I receive the following error:

Could not create runner: could not create input provider: could not parse input file: could not decode openapi 3.0 schema: kin-openapi bug found: circular schema reference not handled with length 9 - #/components/schemas/JsonObject -> #/components/schemas/JsonPrimitive -> #/components/schemas/JsonPrimitive -> #/components/schemas/JsonNull -> #/components/schemas/JsonObject -> #/components/schemas/JsonPrimitive -> #/components/schemas/JsonNull -> #/components/schemas/JsonNull -> #/components/schemas/JsonPrimitive

Expected Behavior:

I expected nuclei to parse the OpenAPI 3.0 schema successfully without encountering a circular schema reference error.

Steps To Reproduce:

  1. Run the command nuclei -l file.yaml -im openapi with nuclei version v3.2.7 against an OpenAPI with circular references.
  2. Observe the error message regarding the circular schema reference.

Anything else:

My team and I are very interested in developing a solution to this issue, as it is crucial for us to use nuclei with OpenAPI specifications that include circular references. Resolving this problem will greatly enhance our ability to perform vulnerability scans on complex API schemas.
@dimitriospapadimas dimitriospapadimas added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Jun 11, 2024
@ehsandeep
Copy link
Member

Hi @dimitriospapadimas,

Thanks for sharing the issue with us, fuzzing feature is introduced recently and have many possibility to improve and bug fixes like this!

Feel free to open a PR with a fix, and we will be happy to review and collaborate on it.

@trypa11 trypa11 mentioned this issue Aug 5, 2024
Merged
3 tasks
@ehsandeep ehsandeep linked a pull request Aug 5, 2024 that will close this issue
Circular References in OpenAPI 3.0 fixed #5491
Merged
3 tasks
@ehsandeep ehsandeep added the DAST label Aug 6, 2024
@ehsandeep ehsandeep added this to the nuclei v3.3.1 milestone Aug 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
DAST Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
nuclei v3.3.1
Development

Successfully merging a pull request may close this issue.

Circular References in OpenAPI 3.0 fixed trypa11/nuclei
2 participants
@ehsandeep @dimitriospapadimas