nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Error Handling Circular References in OpenAPI 3.0 Schemas

Open dimitriospapadimas opened this issue 1 year ago • 1 comments
trafficstars

Nuclei version:

v3.2.7

Current Behavior:

When running nuclei with the command nuclei -l file.yaml -im openapi, I receive the following error:

Could not create runner: could not create input provider: could not parse input file: could not decode openapi 3.0 schema: kin-openapi bug found: circular schema reference not handled with length 9 - #/components/schemas/JsonObject -> #/components/schemas/JsonPrimitive -> #/components/schemas/JsonPrimitive -> #/components/schemas/JsonNull -> #/components/schemas/JsonObject -> #/components/schemas/JsonPrimitive -> #/components/schemas/JsonNull -> #/components/schemas/JsonNull -> #/components/schemas/JsonPrimitive

Expected Behavior:

I expected nuclei to parse the OpenAPI 3.0 schema successfully without encountering a circular schema reference error.

Steps To Reproduce:

  1. Run the command nuclei -l file.yaml -im openapi with nuclei version v3.2.7 against an OpenAPI with circular references.
  2. Observe the error message regarding the circular schema reference.

Anything else:

My team and I are very interested in developing a solution to this issue, as it is crucial for us to use nuclei with OpenAPI specifications that include circular references. Resolving this problem will greatly enhance our ability to perform vulnerability scans on complex API schemas.

dimitriospapadimas avatar Jun 11 '24 15:06 dimitriospapadimas

Hi @dimitriospapadimas,

Thanks for sharing the issue with us, fuzzing feature is introduced recently and have many possibility to improve and bug fixes like this!

Feel free to open a PR with a fix, and we will be happy to review and collaborate on it.

ehsandeep avatar Jun 11 '24 19:06 ehsandeep