Bug in the parser
DeliciousBounty opened this issue · comments
@RazMag
During writing an active scan, I encountered strange behavior.
Description
The code do not parse every path on the OAS file.
To Reproduce
Steps to reproduce the behavior:
-
Set the OAS file with this file.
petstore.txt -
rename it with .json
-
go to /swagger/sca/src/active/additional_checks.rs
-
add this function:
`pub async fn check_idors(&self, auth: &Authorization) -> CheckRetVal {
//// reformat get with path parameter
let mut ret_val = CheckRetVal::default();
for oas_map in self.payloads.iter() {
for (json_path, schema) in &oas_map.payload.map {
println!("PATH: {}",oas_map.path.path );
let url;
if let Some(servers) = &self.oas.servers() {
if let Some(s) = servers.first() {
url = s.url.clone();
} else {
continue;
};
} else {
continue;
};
}}
ret_val
}
}
` -
Check the ouput. It miss some path: ""/pet/{petId}": from example
Expected behavior
This code should print all the existing OAS's path. But it miss some path: ""/pet/{petId}": from example
Desktop (please complete the following information):
- OS: Ubuntu