Adding Swagger Scanner
This commit is contained in:
parent
0aa0c76bfc
commit
a31bc6978e
|
@ -51,7 +51,8 @@ dependencies = [
|
|||
"sqlalchemy==2.0.28",
|
||||
"tld==0.13",
|
||||
"typing-extensions==4.10.0",
|
||||
"yaswfp==0.9.3"
|
||||
"yaswfp==0.9.3",
|
||||
"prance[osv]>=23.6.21.0"
|
||||
]
|
||||
|
||||
[project.urls]
|
||||
|
@ -69,7 +70,7 @@ ssl = [
|
|||
]
|
||||
test = [
|
||||
"humanize==4.9.0",
|
||||
"pytest==8.0.2",
|
||||
"pytest==8.0.2",
|
||||
"pytest-cov==4.1.0",
|
||||
"pytest-asyncio==0.23.5",
|
||||
"respx==0.20.2",
|
||||
|
|
|
@ -267,6 +267,38 @@ async def test_use_web_creds(mock_async_try_form_login, _, __):
|
|||
await wapiti_main()
|
||||
mock_async_try_form_login.assert_called_once()
|
||||
|
||||
# Test swagger option with a valid url
|
||||
@pytest.mark.asyncio
|
||||
@mock.patch("wapitiCore.main.wapiti.Wapiti.browse")
|
||||
async def test_swagger_valid_url(mock_browse):
|
||||
testargs = [
|
||||
"wapiti",
|
||||
"-u", "https://petstore.swagger.io",
|
||||
"--swagger", "https://petstore.swagger.io/v2/swagger.json",
|
||||
"-m", ""
|
||||
]
|
||||
|
||||
with mock.patch.object(sys, "argv", testargs):
|
||||
await wapiti_main()
|
||||
mock_browse.assert_called_once()
|
||||
|
||||
# Test swagger option with an invalid url or when option break
|
||||
@pytest.mark.asyncio
|
||||
@mock.patch("wapitiCore.main.wapiti.Wapiti.browse")
|
||||
async def test_swagger_invalid_url(mock_browse):
|
||||
testargs = [
|
||||
"wapiti",
|
||||
"-u", "http://testphp.vulnweb.com",
|
||||
"--swagger", "http://testphp.vulnweb.com/swagger.json",
|
||||
"-m", ""
|
||||
]
|
||||
|
||||
with mock.patch.object(sys, "argv", testargs):
|
||||
# will raise an exception because the url is not valid
|
||||
with pytest.raises(SystemExit):
|
||||
await wapiti_main()
|
||||
mock_browse.assert_called_once()
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
@mock.patch("wapitiCore.main.wapiti.Wapiti.browse")
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,391 @@
|
|||
{
|
||||
"openapi": "3.0.1",
|
||||
"info": {
|
||||
"title": "Fake API OpenAPI 3 Specification",
|
||||
"description": "Fake Cloud API",
|
||||
"termsOfService": "https://fake.openapi.fr/fake_Open_API_Cloud.pdf",
|
||||
"contact": {
|
||||
"name": "Fake contact",
|
||||
"url": "https://fake.openapi.fr/",
|
||||
"email": "fake@openapi.fr"
|
||||
},
|
||||
"version": "1.23.456.x"
|
||||
},
|
||||
"servers": [
|
||||
{
|
||||
"url": "https://fake.openapi.fr/"
|
||||
}
|
||||
],
|
||||
"paths": {
|
||||
"/v1/Alarms/{alarmId}": {
|
||||
"put": {
|
||||
"tags": [
|
||||
"Alarms"
|
||||
],
|
||||
"operationId": "Alarms_Update",
|
||||
"parameters": [
|
||||
{
|
||||
"name": "alarmId",
|
||||
"in": "path",
|
||||
"required": true,
|
||||
"schema": {
|
||||
"type": "integer",
|
||||
"format": "int32"
|
||||
}
|
||||
}
|
||||
],
|
||||
"requestBody": {
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"$ref": "#/components/schemas/AlarmPutModel"
|
||||
}
|
||||
},
|
||||
"text/json": {
|
||||
"schema": {
|
||||
"$ref": "#/components/schemas/AlarmPutModel"
|
||||
}
|
||||
},
|
||||
"application/*+json": {
|
||||
"schema": {
|
||||
"$ref": "#/components/schemas/AlarmPutModel"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "Success"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"/v1/AdministrationSettings/MailAccount": {
|
||||
"delete": {
|
||||
"tags": [
|
||||
"AdministrationSettings"
|
||||
],
|
||||
"operationId": "AdministrationSettings_DeleteMailAccount",
|
||||
"parameters": [
|
||||
{
|
||||
"name": "id",
|
||||
"in": "query",
|
||||
"schema": {
|
||||
"type": "integer",
|
||||
"format": "int32"
|
||||
}
|
||||
}
|
||||
],
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "Success"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"/v1/AdministrationSettings/GroupUsers": {
|
||||
"get": {
|
||||
"tags": [
|
||||
"AdministrationSettings"
|
||||
],
|
||||
"operationId": "AdministrationSettings_GetGroupUsers",
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "Success",
|
||||
"content": {
|
||||
"text/plain": {
|
||||
"schema": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/components/schemas/GroupUser"
|
||||
}
|
||||
}
|
||||
},
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/components/schemas/GroupUser"
|
||||
}
|
||||
}
|
||||
},
|
||||
"text/json": {
|
||||
"schema": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/components/schemas/GroupUser"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"put": {
|
||||
"tags": [
|
||||
"AdministrationSettings"
|
||||
],
|
||||
"operationId": "AdministrationSettings_UpdateGroupUsers",
|
||||
"requestBody": {
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/components/schemas/GroupUser"
|
||||
}
|
||||
}
|
||||
},
|
||||
"text/json": {
|
||||
"schema": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/components/schemas/GroupUser"
|
||||
}
|
||||
}
|
||||
},
|
||||
"application/*+json": {
|
||||
"schema": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/components/schemas/GroupUser"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "Success",
|
||||
"content": {
|
||||
"text/plain": {
|
||||
"schema": {
|
||||
"type": "boolean"
|
||||
}
|
||||
},
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"type": "boolean"
|
||||
}
|
||||
},
|
||||
"text/json": {
|
||||
"schema": {
|
||||
"type": "boolean"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"patch": {
|
||||
"tags": [
|
||||
"AdministrationSettings"
|
||||
],
|
||||
"operationId": "AdministrationSettings_UpdateGroupUser",
|
||||
"requestBody": {
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"$ref": "#/components/schemas/GroupUser"
|
||||
}
|
||||
},
|
||||
"text/json": {
|
||||
"schema": {
|
||||
"$ref": "#/components/schemas/GroupUser"
|
||||
}
|
||||
},
|
||||
"application/*+json": {
|
||||
"schema": {
|
||||
"$ref": "#/components/schemas/GroupUser"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "Success",
|
||||
"content": {
|
||||
"text/plain": {
|
||||
"schema": {
|
||||
"type": "boolean"
|
||||
}
|
||||
},
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"type": "boolean"
|
||||
}
|
||||
},
|
||||
"text/json": {
|
||||
"schema": {
|
||||
"type": "boolean"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"post": {
|
||||
"tags": [
|
||||
"AdministrationSettings"
|
||||
],
|
||||
"operationId": "AdministrationSettings_AddNewUser",
|
||||
"parameters": [
|
||||
{
|
||||
"name": "userId",
|
||||
"in": "query",
|
||||
"schema": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
],
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "Success",
|
||||
"content": {
|
||||
"text/plain": {
|
||||
"schema": {
|
||||
"type": "boolean"
|
||||
}
|
||||
},
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"type": "boolean"
|
||||
}
|
||||
},
|
||||
"text/json": {
|
||||
"schema": {
|
||||
"type": "boolean"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"components": {
|
||||
"schemas": {
|
||||
"AlarmPutModel": {
|
||||
"required": [
|
||||
"alarmState"
|
||||
],
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"alarmState": {
|
||||
"minLength": 1,
|
||||
"type": "string"
|
||||
},
|
||||
"confirmingUserName": {
|
||||
"type": "string",
|
||||
"nullable": true
|
||||
},
|
||||
"confirmingDateTime": {
|
||||
"type": "string",
|
||||
"format": "date-time",
|
||||
"nullable": true
|
||||
},
|
||||
"confirmingNote": {
|
||||
"type": "string",
|
||||
"nullable": true
|
||||
}
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
"FtpMailAccounts": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"id": {
|
||||
"type": "integer",
|
||||
"description": "Reference id to the FtpAccount-Row-Id rsp. the MailAccount-Row-Id",
|
||||
"format": "int32",
|
||||
"nullable": true
|
||||
},
|
||||
"isAccountMailNotFtp": {
|
||||
"type": "boolean",
|
||||
"description": "Either it is a FTP account or a Mail account. FTP account is very much preferred.\r\nFalse: FTP / True: Mail / Default: False"
|
||||
},
|
||||
"ftpAccountHostName": {
|
||||
"type": "string",
|
||||
"description": "The account's host name",
|
||||
"nullable": true
|
||||
},
|
||||
"ftpAccountUserName": {
|
||||
"type": "string",
|
||||
"description": "The account's user name",
|
||||
"nullable": true
|
||||
},
|
||||
"ftpAccountPassword": {
|
||||
"type": "string",
|
||||
"description": "The account's password. IN PLAIN TEXT. Sorry.",
|
||||
"nullable": true
|
||||
},
|
||||
"ftpAccountRestrictToDevicesCommaSeparated": {
|
||||
"type": "string",
|
||||
"description": "List of devices to use. If NULL or \"\" then ALL devices will be used.",
|
||||
"nullable": true
|
||||
},
|
||||
"ftpAccountFolderStructure": {
|
||||
"type": "string",
|
||||
"description": "When there is a valid folder name then not the FTP root will be taken but the new folder structure on top of the root.",
|
||||
"nullable": true
|
||||
}
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
"GroupUser": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"active": {
|
||||
"type": "boolean",
|
||||
"description": "Is the user still active are meant to be removed from the group?\r\nTrue: Active, False: Should not see data and is meant to be removed"
|
||||
},
|
||||
"userName": {
|
||||
"type": "string",
|
||||
"description": "The user's name from AAD B2C",
|
||||
"nullable": true
|
||||
},
|
||||
"emailAddress": {
|
||||
"type": "string",
|
||||
"description": "The user's E-Mail address used for authorization.\r\nIt's unclear if this is possible to extract from AAD B2C",
|
||||
"nullable": true
|
||||
},
|
||||
"role": {
|
||||
"$ref": "#/components/schemas/RoleIdValue"
|
||||
},
|
||||
"networksVisibility": {
|
||||
"type": "object",
|
||||
"additionalProperties": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"description": "List of networks the user DOES or DOES NOT have access to",
|
||||
"nullable": true
|
||||
}
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
"RoleIdValue": {
|
||||
"enum": [
|
||||
0,
|
||||
100,
|
||||
200,
|
||||
999
|
||||
],
|
||||
"type": "integer",
|
||||
"format": "int32"
|
||||
}
|
||||
},
|
||||
"securitySchemes": {
|
||||
"Bearer": {
|
||||
"type": "apiKey",
|
||||
"description": "JWT Authorization header using the Bearer scheme. Get the temporary bearer token from https://fake.openapi.fr/user-settings.",
|
||||
"name": "Authorization",
|
||||
"in": "header"
|
||||
}
|
||||
}
|
||||
},
|
||||
"security": [
|
||||
{
|
||||
"Bearer": []
|
||||
}
|
||||
]
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,718 @@
|
|||
---
|
||||
swagger: "2.0"
|
||||
info:
|
||||
description: "This is a sample server Petstore server. You can find out more about\
|
||||
\ Swagger at [http://swagger.io](http://swagger.io) or on [irc.freenode.net, #swagger](http://swagger.io/irc/).\
|
||||
\ For this sample, you can use the api key `special-key` to test the authorization\
|
||||
\ filters."
|
||||
version: "1.0.6"
|
||||
title: "Swagger Petstore"
|
||||
termsOfService: "http://swagger.io/terms/"
|
||||
contact:
|
||||
email: "apiteam@swagger.io"
|
||||
license:
|
||||
name: "Apache 2.0"
|
||||
url: "http://www.apache.org/licenses/LICENSE-2.0.html"
|
||||
host: "petstore.swagger.io"
|
||||
basePath: "/v2"
|
||||
tags:
|
||||
- name: "pet"
|
||||
description: "Everything about your Pets"
|
||||
externalDocs:
|
||||
description: "Find out more"
|
||||
url: "http://swagger.io"
|
||||
- name: "store"
|
||||
description: "Access to Petstore orders"
|
||||
- name: "user"
|
||||
description: "Operations about user"
|
||||
externalDocs:
|
||||
description: "Find out more about our store"
|
||||
url: "http://swagger.io"
|
||||
schemes:
|
||||
- "https"
|
||||
- "http"
|
||||
paths:
|
||||
/pet/{petId}/uploadImage:
|
||||
post:
|
||||
tags:
|
||||
- "pet"
|
||||
summary: "uploads an image"
|
||||
description: ""
|
||||
operationId: "uploadFile"
|
||||
consumes:
|
||||
- "multipart/form-data"
|
||||
produces:
|
||||
- "application/json"
|
||||
parameters:
|
||||
- name: "petId"
|
||||
in: "path"
|
||||
description: "ID of pet to update"
|
||||
required: true
|
||||
type: "integer"
|
||||
format: "int64"
|
||||
- name: "additionalMetadata"
|
||||
in: "formData"
|
||||
description: "Additional data to pass to server"
|
||||
required: false
|
||||
type: "string"
|
||||
- name: "file"
|
||||
in: "formData"
|
||||
description: "file to upload"
|
||||
required: false
|
||||
type: "file"
|
||||
responses:
|
||||
200:
|
||||
description: "successful operation"
|
||||
schema:
|
||||
$ref: "#/definitions/ApiResponse"
|
||||
security:
|
||||
- petstore_auth:
|
||||
- "write:pets"
|
||||
- "read:pets"
|
||||
/pet:
|
||||
post:
|
||||
tags:
|
||||
- "pet"
|
||||
summary: "Add a new pet to the store"
|
||||
description: ""
|
||||
operationId: "addPet"
|
||||
consumes:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "body"
|
||||
description: "Pet object that needs to be added to the store"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/Pet"
|
||||
responses:
|
||||
405:
|
||||
description: "Invalid input"
|
||||
security:
|
||||
- petstore_auth:
|
||||
- "write:pets"
|
||||
- "read:pets"
|
||||
put:
|
||||
tags:
|
||||
- "pet"
|
||||
summary: "Update an existing pet"
|
||||
description: ""
|
||||
operationId: "updatePet"
|
||||
consumes:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "body"
|
||||
description: "Pet object that needs to be added to the store"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/Pet"
|
||||
responses:
|
||||
400:
|
||||
description: "Invalid ID supplied"
|
||||
404:
|
||||
description: "Pet not found"
|
||||
405:
|
||||
description: "Validation exception"
|
||||
security:
|
||||
- petstore_auth:
|
||||
- "write:pets"
|
||||
- "read:pets"
|
||||
/pet/findByStatus:
|
||||
get:
|
||||
tags:
|
||||
- "pet"
|
||||
summary: "Finds Pets by status"
|
||||
description: "Multiple status values can be provided with comma separated strings"
|
||||
operationId: "findPetsByStatus"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- name: "status"
|
||||
in: "query"
|
||||
description: "Status values that need to be considered for filter"
|
||||
required: true
|
||||
type: "array"
|
||||
items:
|
||||
type: "string"
|
||||
enum:
|
||||
- "available"
|
||||
- "pending"
|
||||
- "sold"
|
||||
default: "available"
|
||||
collectionFormat: "multi"
|
||||
responses:
|
||||
200:
|
||||
description: "successful operation"
|
||||
schema:
|
||||
type: "array"
|
||||
items:
|
||||
$ref: "#/definitions/Pet"
|
||||
400:
|
||||
description: "Invalid status value"
|
||||
security:
|
||||
- petstore_auth:
|
||||
- "write:pets"
|
||||
- "read:pets"
|
||||
/pet/findByTags:
|
||||
get:
|
||||
tags:
|
||||
- "pet"
|
||||
summary: "Finds Pets by tags"
|
||||
description: "Multiple tags can be provided with comma separated strings. Use\
|
||||
\ tag1, tag2, tag3 for testing."
|
||||
operationId: "findPetsByTags"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- name: "tags"
|
||||
in: "query"
|
||||
description: "Tags to filter by"
|
||||
required: true
|
||||
type: "array"
|
||||
items:
|
||||
type: "string"
|
||||
collectionFormat: "multi"
|
||||
responses:
|
||||
200:
|
||||
description: "successful operation"
|
||||
schema:
|
||||
type: "array"
|
||||
items:
|
||||
$ref: "#/definitions/Pet"
|
||||
400:
|
||||
description: "Invalid tag value"
|
||||
security:
|
||||
- petstore_auth:
|
||||
- "write:pets"
|
||||
- "read:pets"
|
||||
deprecated: true
|
||||
/pet/{petId}:
|
||||
get:
|
||||
tags:
|
||||
- "pet"
|
||||
summary: "Find pet by ID"
|
||||
description: "Returns a single pet"
|
||||
operationId: "getPetById"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- name: "petId"
|
||||
in: "path"
|
||||
description: "ID of pet to return"
|
||||
required: true
|
||||
type: "integer"
|
||||
format: "int64"
|
||||
responses:
|
||||
200:
|
||||
description: "successful operation"
|
||||
schema:
|
||||
$ref: "#/definitions/Pet"
|
||||
400:
|
||||
description: "Invalid ID supplied"
|
||||
404:
|
||||
description: "Pet not found"
|
||||
security:
|
||||
- api_key: []
|
||||
post:
|
||||
tags:
|
||||
- "pet"
|
||||
summary: "Updates a pet in the store with form data"
|
||||
description: ""
|
||||
operationId: "updatePetWithForm"
|
||||
consumes:
|
||||
- "application/x-www-form-urlencoded"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- name: "petId"
|
||||
in: "path"
|
||||
description: "ID of pet that needs to be updated"
|
||||
required: true
|
||||
type: "integer"
|
||||
format: "int64"
|
||||
- name: "name"
|
||||
in: "formData"
|
||||
description: "Updated name of the pet"
|
||||
required: false
|
||||
type: "string"
|
||||
- name: "status"
|
||||
in: "formData"
|
||||
description: "Updated status of the pet"
|
||||
required: false
|
||||
type: "string"
|
||||
responses:
|
||||
405:
|
||||
description: "Invalid input"
|
||||
security:
|
||||
- petstore_auth:
|
||||
- "write:pets"
|
||||
- "read:pets"
|
||||
delete:
|
||||
tags:
|
||||
- "pet"
|
||||
summary: "Deletes a pet"
|
||||
description: ""
|
||||
operationId: "deletePet"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- name: "api_key"
|
||||
in: "header"
|
||||
required: false
|
||||
type: "string"
|
||||
- name: "petId"
|
||||
in: "path"
|
||||
description: "Pet id to delete"
|
||||
required: true
|
||||
type: "integer"
|
||||
format: "int64"
|
||||
responses:
|
||||
400:
|
||||
description: "Invalid ID supplied"
|
||||
404:
|
||||
description: "Pet not found"
|
||||
security:
|
||||
- petstore_auth:
|
||||
- "write:pets"
|
||||
- "read:pets"
|
||||
/store/order:
|
||||
post:
|
||||
tags:
|
||||
- "store"
|
||||
summary: "Place an order for a pet"
|
||||
description: ""
|
||||
operationId: "placeOrder"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "body"
|
||||
description: "order placed for purchasing the pet"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/Order"
|
||||
responses:
|
||||
200:
|
||||
description: "successful operation"
|
||||
schema:
|
||||
$ref: "#/definitions/Order"
|
||||
400:
|
||||
description: "Invalid Order"
|
||||
/store/order/{orderId}:
|
||||
get:
|
||||
tags:
|
||||
- "store"
|
||||
summary: "Find purchase order by ID"
|
||||
description: "For valid response try integer IDs with value >= 1 and <= 10.\
|
||||
\ Other values will generated exceptions"
|
||||
operationId: "getOrderById"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- name: "orderId"
|
||||
in: "path"
|
||||
description: "ID of pet that needs to be fetched"
|
||||
required: true
|
||||
type: "integer"
|
||||
maximum: 10
|
||||
minimum: 1
|
||||
format: "int64"
|
||||
responses:
|
||||
200:
|
||||
description: "successful operation"
|
||||
schema:
|
||||
$ref: "#/definitions/Order"
|
||||
400:
|
||||
description: "Invalid ID supplied"
|
||||
404:
|
||||
description: "Order not found"
|
||||
delete:
|
||||
tags:
|
||||
- "store"
|
||||
summary: "Delete purchase order by ID"
|
||||
description: "For valid response try integer IDs with positive integer value.\
|
||||
\ Negative or non-integer values will generate API errors"
|
||||
operationId: "deleteOrder"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- name: "orderId"
|
||||
in: "path"
|
||||
description: "ID of the order that needs to be deleted"
|
||||
required: true
|
||||
type: "integer"
|
||||
minimum: 1
|
||||
format: "int64"
|
||||
responses:
|
||||
400:
|
||||
description: "Invalid ID supplied"
|
||||
404:
|
||||
description: "Order not found"
|
||||
/store/inventory:
|
||||
get:
|
||||
tags:
|
||||
- "store"
|
||||
summary: "Returns pet inventories by status"
|
||||
description: "Returns a map of status codes to quantities"
|
||||
operationId: "getInventory"
|
||||
produces:
|
||||
- "application/json"
|
||||
parameters: []
|
||||
responses:
|
||||
200:
|
||||
description: "successful operation"
|
||||
schema:
|
||||
type: "object"
|
||||
additionalProperties:
|
||||
type: "integer"
|
||||
format: "int32"
|
||||
security:
|
||||
- api_key: []
|
||||
/user/createWithArray:
|
||||
post:
|
||||
tags:
|
||||
- "user"
|
||||
summary: "Creates list of users with given input array"
|
||||
description: ""
|
||||
operationId: "createUsersWithArrayInput"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "body"
|
||||
description: "List of user object"
|
||||
required: true
|
||||
schema:
|
||||
type: "array"
|
||||
items:
|
||||
$ref: "#/definitions/User"
|
||||
responses:
|
||||
default:
|
||||
description: "successful operation"
|
||||
/user/createWithList:
|
||||
post:
|
||||
tags:
|
||||
- "user"
|
||||
summary: "Creates list of users with given input array"
|
||||
description: ""
|
||||
operationId: "createUsersWithListInput"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "body"
|
||||
description: "List of user object"
|
||||
required: true
|
||||
schema:
|
||||
type: "array"
|
||||
items:
|
||||
$ref: "#/definitions/User"
|
||||
responses:
|
||||
default:
|
||||
description: "successful operation"
|
||||
/user/{username}:
|
||||
get:
|
||||
tags:
|
||||
- "user"
|
||||
summary: "Get user by user name"
|
||||
description: ""
|
||||
operationId: "getUserByName"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- name: "username"
|
||||
in: "path"
|
||||
description: "The name that needs to be fetched. Use user1 for testing. "
|
||||
required: true
|
||||
type: "string"
|
||||
responses:
|
||||
200:
|
||||
description: "successful operation"
|
||||
schema:
|
||||
$ref: "#/definitions/User"
|
||||
400:
|
||||
description: "Invalid username supplied"
|
||||
404:
|
||||
description: "User not found"
|
||||
put:
|
||||
tags:
|
||||
- "user"
|
||||
summary: "Updated user"
|
||||
description: "This can only be done by the logged in user."
|
||||
operationId: "updateUser"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- name: "username"
|
||||
in: "path"
|
||||
description: "name that need to be updated"
|
||||
required: true
|
||||
type: "string"
|
||||
- in: "body"
|
||||
name: "body"
|
||||
description: "Updated user object"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/User"
|
||||
responses:
|
||||
400:
|
||||
description: "Invalid user supplied"
|
||||
404:
|
||||
description: "User not found"
|
||||
delete:
|
||||
tags:
|
||||
- "user"
|
||||
summary: "Delete user"
|
||||
description: "This can only be done by the logged in user."
|
||||
operationId: "deleteUser"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- name: "username"
|
||||
in: "path"
|
||||
description: "The name that needs to be deleted"
|
||||
required: true
|
||||
type: "string"
|
||||
responses:
|
||||
400:
|
||||
description: "Invalid username supplied"
|
||||
404:
|
||||
description: "User not found"
|
||||
/user/login:
|
||||
get:
|
||||
tags:
|
||||
- "user"
|
||||
summary: "Logs user into the system"
|
||||
description: ""
|
||||
operationId: "loginUser"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- name: "username"
|
||||
in: "query"
|
||||
description: "The user name for login"
|
||||
required: true
|
||||
type: "string"
|
||||
- name: "password"
|
||||
in: "query"
|
||||
description: "The password for login in clear text"
|
||||
required: true
|
||||
type: "string"
|
||||
responses:
|
||||
200:
|
||||
description: "successful operation"
|
||||
headers:
|
||||
X-Expires-After:
|
||||
type: "string"
|
||||
format: "date-time"
|
||||
description: "date in UTC when token expires"
|
||||
X-Rate-Limit:
|
||||
type: "integer"
|
||||
format: "int32"
|
||||
description: "calls per hour allowed by the user"
|
||||
schema:
|
||||
type: "string"
|
||||
400:
|
||||
description: "Invalid username/password supplied"
|
||||
/user/logout:
|
||||
get:
|
||||
tags:
|
||||
- "user"
|
||||
summary: "Logs out current logged in user session"
|
||||
description: ""
|
||||
operationId: "logoutUser"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters: []
|
||||
responses:
|
||||
default:
|
||||
description: "successful operation"
|
||||
/user:
|
||||
post:
|
||||
tags:
|
||||
- "user"
|
||||
summary: "Create user"
|
||||
description: "This can only be done by the logged in user."
|
||||
operationId: "createUser"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
- "application/xml"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "body"
|
||||
description: "Created user object"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/User"
|
||||
responses:
|
||||
default:
|
||||
description: "successful operation"
|
||||
securityDefinitions:
|
||||
api_key:
|
||||
type: "apiKey"
|
||||
name: "api_key"
|
||||
in: "header"
|
||||
petstore_auth:
|
||||
type: "oauth2"
|
||||
authorizationUrl: "https://petstore.swagger.io/oauth/authorize"
|
||||
flow: "implicit"
|
||||
scopes:
|
||||
read:pets: "read your pets"
|
||||
write:pets: "modify pets in your account"
|
||||
definitions:
|
||||
ApiResponse:
|
||||
type: "object"
|
||||
properties:
|
||||
code:
|
||||
type: "integer"
|
||||
format: "int32"
|
||||
type:
|
||||
type: "string"
|
||||
message:
|
||||
type: "string"
|
||||
Category:
|
||||
type: "object"
|
||||
properties:
|
||||
id:
|
||||
type: "integer"
|
||||
format: "int64"
|
||||
name:
|
||||
type: "string"
|
||||
xml:
|
||||
name: "Category"
|
||||
Pet:
|
||||
type: "object"
|
||||
required:
|
||||
- "name"
|
||||
- "photoUrls"
|
||||
properties:
|
||||
id:
|
||||
type: "integer"
|
||||
format: "int64"
|
||||
category:
|
||||
$ref: "#/definitions/Category"
|
||||
name:
|
||||
type: "string"
|
||||
example: "doggie"
|
||||
photoUrls:
|
||||
type: "array"
|
||||
xml:
|
||||
wrapped: true
|
||||
items:
|
||||
type: "string"
|
||||
xml:
|
||||
name: "photoUrl"
|
||||
tags:
|
||||
type: "array"
|
||||
xml:
|
||||
wrapped: true
|
||||
items:
|
||||
xml:
|
||||
name: "tag"
|
||||
$ref: "#/definitions/Tag"
|
||||
status:
|
||||
type: "string"
|
||||
description: "pet status in the store"
|
||||
enum:
|
||||
- "available"
|
||||
- "pending"
|
||||
- "sold"
|
||||
xml:
|
||||
name: "Pet"
|
||||
Tag:
|
||||
type: "object"
|
||||
properties:
|
||||
id:
|
||||
type: "integer"
|
||||
format: "int64"
|
||||
name:
|
||||
type: "string"
|
||||
xml:
|
||||
name: "Tag"
|
||||
Order:
|
||||
type: "object"
|
||||
properties:
|
||||
id:
|
||||
type: "integer"
|
||||
format: "int64"
|
||||
petId:
|
||||
type: "integer"
|
||||
format: "int64"
|
||||
quantity:
|
||||
type: "integer"
|
||||
format: "int32"
|
||||
shipDate:
|
||||
type: "string"
|
||||
format: "date-time"
|
||||
status:
|
||||
type: "string"
|
||||
description: "Order Status"
|
||||
enum:
|
||||
- "placed"
|
||||
- "approved"
|
||||
- "delivered"
|
||||
complete:
|
||||
type: "boolean"
|
||||
xml:
|
||||
name: "Order"
|
||||
User:
|
||||
type: "object"
|
||||
properties:
|
||||
id:
|
||||
type: "integer"
|
||||
format: "int64"
|
||||
username:
|
||||
type: "string"
|
||||
firstName:
|
||||
type: "string"
|
||||
lastName:
|
||||
type: "string"
|
||||
email:
|
||||
type: "string"
|
||||
password:
|
||||
type: "string"
|
||||
phone:
|
||||
type: "string"
|
||||
userStatus:
|
||||
type: "integer"
|
||||
format: "int32"
|
||||
description: "User Status"
|
||||
xml:
|
||||
name: "User"
|
||||
externalDocs:
|
||||
description: "Find out more about Swagger"
|
||||
url: "http://swagger.io"
|
|
@ -0,0 +1,143 @@
|
|||
from wapitiCore.parsers.swagger import Swagger
|
||||
from wapitiCore.net import Request
|
||||
|
||||
def test_swagger_parser_as_url_json():
|
||||
url = "http://petstore.swagger.io/v2/swagger.json"
|
||||
page = Swagger(url)
|
||||
|
||||
assert{
|
||||
"https://petstore.swagger.io/v2/pet",
|
||||
"https://petstore.swagger.io/v2/pet/findByStatus?status=available",
|
||||
"https://petstore.swagger.io/v2/pet/findByTags?tags=default",
|
||||
"https://petstore.swagger.io/v2/pet/1337",
|
||||
"https://petstore.swagger.io/v2/pet/1337/uploadImage",
|
||||
"https://petstore.swagger.io/v2/store/inventory",
|
||||
"https://petstore.swagger.io/v2/store/order",
|
||||
"https://petstore.swagger.io/v2/store/order/1337",
|
||||
"https://petstore.swagger.io/v2/user",
|
||||
"https://petstore.swagger.io/v2/user/createWithArray",
|
||||
"https://petstore.swagger.io/v2/user/createWithList",
|
||||
"https://petstore.swagger.io/v2/user/logout",
|
||||
"https://petstore.swagger.io/v2/user/default",
|
||||
"https://petstore.swagger.io/v2/user/login?username=default&password=default"
|
||||
} == {x.url for x in page.get_requests()}
|
||||
|
||||
def test_swagger_parser_as_url_yaml():
|
||||
url = "http://petstore.swagger.io/v2/swagger.yaml"
|
||||
page = Swagger(url)
|
||||
|
||||
assert{
|
||||
"https://petstore.swagger.io/v2/pet",
|
||||
"https://petstore.swagger.io/v2/pet/findByStatus?status=available",
|
||||
"https://petstore.swagger.io/v2/pet/findByTags?tags=default",
|
||||
"https://petstore.swagger.io/v2/pet/1337",
|
||||
"https://petstore.swagger.io/v2/pet/1337/uploadImage",
|
||||
"https://petstore.swagger.io/v2/store/inventory",
|
||||
"https://petstore.swagger.io/v2/store/order",
|
||||
"https://petstore.swagger.io/v2/store/order/1337",
|
||||
"https://petstore.swagger.io/v2/user",
|
||||
"https://petstore.swagger.io/v2/user/createWithArray",
|
||||
"https://petstore.swagger.io/v2/user/createWithList",
|
||||
"https://petstore.swagger.io/v2/user/logout",
|
||||
"https://petstore.swagger.io/v2/user/default",
|
||||
"https://petstore.swagger.io/v2/user/login?username=default&password=default"
|
||||
} == {x.url for x in page.get_requests()}
|
||||
|
||||
def test_swagger_parser_as_file():
|
||||
url = "tests/data/swagger.json"
|
||||
page = Swagger(url)
|
||||
|
||||
assert{
|
||||
"https://petstore.swagger.io/v2/pet",
|
||||
"https://petstore.swagger.io/v2/pet/findByStatus?status=available",
|
||||
"https://petstore.swagger.io/v2/pet/findByTags?tags=default",
|
||||
"https://petstore.swagger.io/v2/pet/1337",
|
||||
"https://petstore.swagger.io/v2/pet/1337/uploadImage",
|
||||
"https://petstore.swagger.io/v2/store/inventory",
|
||||
"https://petstore.swagger.io/v2/store/order",
|
||||
"https://petstore.swagger.io/v2/store/order/1337",
|
||||
"https://petstore.swagger.io/v2/user",
|
||||
"https://petstore.swagger.io/v2/user/createWithArray",
|
||||
"https://petstore.swagger.io/v2/user/createWithList",
|
||||
"https://petstore.swagger.io/v2/user/logout",
|
||||
"https://petstore.swagger.io/v2/user/default",
|
||||
"https://petstore.swagger.io/v2/user/login?username=default&password=default",
|
||||
'https://petstore.swagger.io/v2/v1.0/default/flavors&belongsTo=default'
|
||||
} == {x.url for x in page.get_requests()}
|
||||
|
||||
def test_swagger_file_complexe():
|
||||
url = "tests/data/complexe_swagger.json"
|
||||
page = Swagger(url)
|
||||
|
||||
request_header = Request("https://fakeSwagger.fr/api/v2.0/projects?project_name=default", "HEAD", post_params="", file_params=[])
|
||||
request_header.set_headers({'X-Request-Id': 'default'})
|
||||
|
||||
request_get = Request("https://fakeSwagger.fr/api/v2.0/labels/1337", "GET", post_params="", file_params=[])
|
||||
request_get.set_headers({'X-Request-Id': 'default'})
|
||||
|
||||
params = '{"name": "default", "description": "default", "expires_at": "1337", "access": [{"resource": "default", "action": "default", "effect": "default"}]}'
|
||||
request_post = Request("https://fakeSwagger.fr/api/v2.0/projects/default/robots", "POST", post_params=params, file_params=[])
|
||||
request_post.set_headers({'X-Request-Id': 'default'})
|
||||
|
||||
request_delete = Request("https://fakeSwagger.fr/api/v2.0/users/1337", "DELETE", post_params="", file_params=[])
|
||||
request_delete.set_headers({'X-Request-Id': 'default'})
|
||||
|
||||
params = '{"id": "1337", "name": "default", "description": "default", "color": "default", "scope": "default", "project_id": "1337", "creation_time": "default", "update_time": "default"}'
|
||||
request_put = Request("https://fakeSwagger.fr/api/v2.0/labels/1337", "PUT", post_params=params, file_params=[])
|
||||
request_put.set_headers({'X-Request-Id': 'default'})
|
||||
|
||||
params = '{"id": "1337", "vendor_type": "default", "vendor_id": "1337", "status": "default", "status_message": "default", "metrics": {"task_count": "1337", "success_task_count": "1337", "error_task_count": "1337", "pending_task_count": "1337", "running_task_count": "1337", "scheduled_task_count": "1337", "stopped_task_count": "1337"}, "trigger": "default", "extra_attrs": {}, "start_time": "default", "end_time": "default"}'
|
||||
request_patch = Request("https://fakeSwagger.fr/api/v2.0/projects/default/preheat/policies/default/executions/1337", "PATCH", post_params=params, file_params=[])
|
||||
request_patch.set_headers({'X-Request-Id': 'default'})
|
||||
|
||||
list_request = [request_header, request_get, request_post, request_delete, request_put, request_patch]
|
||||
requests = page.get_requests()
|
||||
|
||||
for item in list_request:
|
||||
assert item in requests
|
||||
|
||||
def test_swagger_file_yaml():
|
||||
url = "tests/data/swagger.yaml"
|
||||
page = Swagger(url)
|
||||
|
||||
assert{
|
||||
"https://petstore.swagger.io/v2/pet",
|
||||
"https://petstore.swagger.io/v2/pet/findByStatus?status=available",
|
||||
"https://petstore.swagger.io/v2/pet/findByTags?tags=default",
|
||||
"https://petstore.swagger.io/v2/pet/1337",
|
||||
"https://petstore.swagger.io/v2/pet/1337/uploadImage",
|
||||
"https://petstore.swagger.io/v2/store/inventory",
|
||||
"https://petstore.swagger.io/v2/store/order",
|
||||
"https://petstore.swagger.io/v2/store/order/1337",
|
||||
"https://petstore.swagger.io/v2/user",
|
||||
"https://petstore.swagger.io/v2/user/createWithArray",
|
||||
"https://petstore.swagger.io/v2/user/createWithList",
|
||||
"https://petstore.swagger.io/v2/user/logout",
|
||||
"https://petstore.swagger.io/v2/user/default",
|
||||
"https://petstore.swagger.io/v2/user/login?username=default&password=default"
|
||||
} == {x.url for x in page.get_requests()}
|
||||
|
||||
|
||||
def test_openapi_file():
|
||||
url = "tests/data/openapi.json"
|
||||
page = Swagger(base_url="https://fake.openapi.fr", swagger_url=url)
|
||||
|
||||
request_get = Request("https://fake.openapi.fr/v1/AdministrationSettings/GroupUsers", "GET", post_params="", file_params=[])
|
||||
|
||||
request_post = Request("https://fake.openapi.fr/v1/AdministrationSettings/GroupUsers?userId=default", "POST", post_params="", file_params=[])
|
||||
|
||||
request_delete = Request("https://fake.openapi.fr/v1/AdministrationSettings/MailAccount?id=1337", "DELETE", post_params="", file_params=[])
|
||||
|
||||
request_put = Request("https://fake.openapi.fr/v1/Alarms/1337", "PUT", post_params="", file_params=[])
|
||||
|
||||
params = '{"active": "true", "userName": "default", "emailAddress": "default", "role": "1337", "networksVisibility": "true"}'
|
||||
request_put = Request("https://fake.openapi.fr/v1/AdministrationSettings/GroupUsers", "PUT", post_params=params, file_params=[])
|
||||
|
||||
params = '{"active": "true", "userName": "default", "emailAddress": "default", "role": "1337", "networksVisibility": "true"}'
|
||||
request_patch = Request("https://fake.openapi.fr/v1/AdministrationSettings/GroupUsers", "PATCH", post_params=params, file_params=[])
|
||||
|
||||
list_request = [request_get, request_post, request_delete, request_put, request_patch]
|
||||
requests = page.get_requests()
|
||||
|
||||
for item in list_request:
|
||||
assert item in requests
|
|
@ -37,6 +37,7 @@ from wapitiCore.net.classes import HttpCredential, FormCredential, RawCredential
|
|||
from wapitiCore.net.auth import async_try_form_login, load_form_script, check_http_auth, login_with_raw_data
|
||||
from wapitiCore.net import Request
|
||||
from wapitiCore.report import GENERATORS
|
||||
from wapitiCore.parsers.swagger import Swagger
|
||||
|
||||
global_stop_event = asyncio.Event()
|
||||
|
||||
|
@ -180,15 +181,14 @@ async def wapiti_main():
|
|||
attack_options = {"level": args.level, "timeout": args.timeout,\
|
||||
"wapp_url": "https://raw.githubusercontent.com/wapiti-scanner/wappalyzer/main/"}
|
||||
wap.set_attack_options(attack_options)
|
||||
try:
|
||||
await wap.update(args.modules)
|
||||
sys.exit()
|
||||
except InvalidOptionValue as invalid_option:
|
||||
logging.error(invalid_option)
|
||||
raise
|
||||
except ValueError as e:
|
||||
logging.error(f"Value error: {e}")
|
||||
raise
|
||||
await wap.update(args.modules)
|
||||
sys.exit()
|
||||
|
||||
if args.swagger_uri:
|
||||
swagger = Swagger(swagger_url=args.swagger_uri, base_url=url)
|
||||
for request in swagger.get_requests():
|
||||
wap.add_start_url(request)
|
||||
|
||||
try:
|
||||
for start_url in args.starting_urls:
|
||||
if start_url.startswith(("http://", "https://")):
|
||||
|
|
|
@ -34,6 +34,13 @@ def parse_args():
|
|||
# required=True
|
||||
)
|
||||
|
||||
parser.add_argument(
|
||||
"--swagger",
|
||||
help="Swagger file URI (path or URL) to target API endpoints",
|
||||
metavar="URI", dest="swagger_uri",
|
||||
default=None
|
||||
)
|
||||
|
||||
parser.add_argument(
|
||||
"--data",
|
||||
help="Urlencoded data to send with the base URL if it is a POST request",
|
||||
|
|
|
@ -0,0 +1,376 @@
|
|||
import json
|
||||
import sys
|
||||
import urllib.parse
|
||||
from prance import ResolvingParser, ValidationError
|
||||
from prance.util.url import ResolutionError
|
||||
|
||||
from wapitiCore.net import Request
|
||||
from wapitiCore.main.log import logging
|
||||
|
||||
class Swagger():
|
||||
AUTOFILL_VALUES = {
|
||||
"file": ("pix.gif", b"GIF89a", "image/gif"),
|
||||
"integer": "1337",
|
||||
"number": "13.37",
|
||||
"string": "default",
|
||||
"time": "13:37",
|
||||
"url": "https://wapiti-scanner.github.io/",
|
||||
"boolean": "true",
|
||||
"object": {},
|
||||
}
|
||||
|
||||
swagger_dict = None
|
||||
|
||||
|
||||
def __init__(self, swagger_url: str = None, base_url: str = None) -> None:
|
||||
if swagger_url:
|
||||
try:
|
||||
self.swagger_dict = ResolvingParser(swagger_url, backend='openapi-spec-validator',
|
||||
strict=False, recursion_limit=5).specification
|
||||
except ValidationError as e:
|
||||
logging.error("[-] Error: Swagger file is not valid : " + str(e.args[0]) +
|
||||
". See https://swagger.io/specification/ for more information.")
|
||||
sys.exit(1)
|
||||
except AssertionError:
|
||||
logging.error("[-] Error: File not found")
|
||||
sys.exit(1)
|
||||
except ResolutionError:
|
||||
logging.error("[-] Error: Unable to resolve the swagger file")
|
||||
sys.exit(1)
|
||||
else:
|
||||
logging.error("[-] Error: No URL or file")
|
||||
sys.exit(1)
|
||||
|
||||
self.routes = self._get_routes(self.swagger_dict, swagger_url, base_url)
|
||||
|
||||
|
||||
@staticmethod
|
||||
def _get_base_url(swagger_dict: dict, url: str) -> str:
|
||||
try:
|
||||
parsed_host = urllib.parse.urlparse(url)
|
||||
if 'schemes' not in swagger_dict:
|
||||
# get http or https from url
|
||||
swagger_dict['schemes'] = parsed_host.scheme
|
||||
if 'host' not in swagger_dict:
|
||||
if url:
|
||||
swagger_dict['host'] = parsed_host.hostname
|
||||
if parsed_host.port:
|
||||
swagger_dict['host'] += ":" + str(parsed_host.port)
|
||||
else:
|
||||
swagger_dict['host'] = ""
|
||||
elif swagger_dict['host'] == "localhost" and url:
|
||||
swagger_dict['host'] = parsed_host.hostname
|
||||
if 'basePath' not in swagger_dict:
|
||||
swagger_dict['basePath'] = ""
|
||||
if 'https' in swagger_dict['schemes']:
|
||||
return 'https://' + swagger_dict['host'] + swagger_dict['basePath']
|
||||
return 'http://' + swagger_dict['host'] + swagger_dict['basePath']
|
||||
except ValueError as e:
|
||||
logging.error("[-] Error: Swagger file is not valid : " + str(e) +
|
||||
". See https://swagger.io/specification/ for more information.")
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
@staticmethod
|
||||
def _check_properties(model_name: dict) -> dict:
|
||||
if "properties" in model_name:
|
||||
return model_name['properties']
|
||||
if "additionalProperties" in model_name:
|
||||
return model_name['additionalProperties']
|
||||
return model_name
|
||||
|
||||
|
||||
# Parse object in swagger file.
|
||||
# Replace all object by their type and all array by their type
|
||||
# acording to their properties and definitions.
|
||||
# It will be easier to create request with default value.
|
||||
def _parse_object(self, model_name):
|
||||
try:
|
||||
model = {}
|
||||
for key in model_name:
|
||||
if 'type' in model_name[key]:
|
||||
if 'object' in model_name[key]['type']:
|
||||
ref = self._check_properties(model_name[key])
|
||||
model[key] = self._parse_object(ref)
|
||||
if 'type' in model[key]:
|
||||
if model[key]['type'] == "array":
|
||||
model[key] = {"array": model[key]['items']}
|
||||
else:
|
||||
model[key] = model[key]['type']
|
||||
elif 'array' in model_name[key]['type']:
|
||||
if 'type' in model_name[key]['items']:
|
||||
model[key] = {"array": model_name[key]['items']['type']}
|
||||
if 'object' in model_name[key]['items']['type']:
|
||||
ref = self._check_properties(model_name[key]['items'])
|
||||
model[key]["array"] = self._parse_object(ref)
|
||||
else:
|
||||
model[key] = model_name[key]['type']
|
||||
else:
|
||||
model[key] = model_name[key]
|
||||
return model
|
||||
except ValueError as e:
|
||||
logging.error("[-] Error: Swagger file is not valid\n" + str(e) +
|
||||
"\nSee https://swagger.io/specification/ for more information")
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
def _check_params(self, params: dict) -> list:
|
||||
raws = []
|
||||
for param in params:
|
||||
raw = {}
|
||||
if 'in' in param or '/' in param:
|
||||
if '/' in param:
|
||||
raw['in'] = "body"
|
||||
param = params[param]
|
||||
else:
|
||||
raw['in'] = param['in']
|
||||
if raw['in'] == "body" and 'schema' in param:
|
||||
if 'type' in param['schema']:
|
||||
if 'object' in param['schema']['type']:
|
||||
ref = self._check_properties(param['schema'])
|
||||
model = self._parse_object(ref)
|
||||
raw['model'] = model
|
||||
elif 'array' in param['schema']['type']:
|
||||
if 'object' in param['schema']['items']['type']:
|
||||
ref = self._check_properties(param['schema']['items'])
|
||||
model = self._parse_object(ref)
|
||||
raw['model'] = model
|
||||
else:
|
||||
raw['type'] = param['schema']['type']
|
||||
if 'type' in param:
|
||||
if param['type'] == "array":
|
||||
if 'enum' in param['items']:
|
||||
raw['type'] = {"enum" : param['items']['enum']}
|
||||
else:
|
||||
raw['type'] = {"array" : param['items']['type']}
|
||||
else:
|
||||
raw['type'] = param['type']
|
||||
if 'name' in param:
|
||||
raw['name'] = param['name']
|
||||
if 'required' in param:
|
||||
raw['required'] = param['required']
|
||||
if raw:
|
||||
raws.append(raw)
|
||||
return raws
|
||||
|
||||
|
||||
@staticmethod
|
||||
def is_valid_url(url) -> bool:
|
||||
try:
|
||||
result = urllib.parse.urlparse(url)
|
||||
return all([result.scheme, result.netloc])
|
||||
except ValueError:
|
||||
return False
|
||||
|
||||
|
||||
def _get_routes(self, swagger_dict: dict, swagger_url: str, base_url: str) -> dict:
|
||||
if Swagger.is_valid_url(swagger_url):
|
||||
url = swagger_url
|
||||
else:
|
||||
url = base_url
|
||||
try:
|
||||
request = {}
|
||||
base_path = self._get_base_url(swagger_dict, url)
|
||||
for path in swagger_dict['paths']:
|
||||
for method in swagger_dict['paths'][path]:
|
||||
if method == "parameters":
|
||||
path = self._parse_parameters(swagger_dict['paths'][path][method], path)
|
||||
continue
|
||||
route = method.upper() + " " + base_path + path
|
||||
params = self._get_parameters(swagger_dict, route, url)
|
||||
request[route] = []
|
||||
if params:
|
||||
request_route = {"method": method.upper(), "route": route.replace(method.upper() + ' ', '')}
|
||||
request_route['params'] = []
|
||||
if 'requestBody' in params:
|
||||
request_route['params'] += self._check_params(params['requestBody']['content'])
|
||||
request_route['params'] += self._check_params(params)
|
||||
request[route].append(request_route)
|
||||
else:
|
||||
request_route = {"method": method.upper(), "route": route.replace(method.upper() + ' ', '')}
|
||||
request[route].append(request_route)
|
||||
return request
|
||||
except KeyError as e:
|
||||
logging.error("[-] Error: " + str(e))
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
def _parse_parameters(self, params: list, route: str) -> str:
|
||||
for param in params:
|
||||
if "in" in param:
|
||||
if param['in'] == "path":
|
||||
route = route.replace("{" + param['name'] + "}", self.AUTOFILL_VALUES[param['type']])
|
||||
elif param['in'] == "query":
|
||||
route += "&" + param['name'] + "=" + self.AUTOFILL_VALUES[param['type']]
|
||||
return route
|
||||
|
||||
|
||||
def _get_parameters(self, swagger_dict: dict, route: str, url: str) -> list:
|
||||
try:
|
||||
base_path = self._get_base_url(swagger_dict, url)
|
||||
route = route.replace(base_path, '')
|
||||
method = route.split(' ')[0].lower()
|
||||
route = route.replace(method.upper() + ' ', '')
|
||||
for path in swagger_dict['paths']:
|
||||
if route == path:
|
||||
if 'parameters' in swagger_dict['paths'][path][method]:
|
||||
return swagger_dict['paths'][path][method]['parameters']
|
||||
return swagger_dict['paths'][path][method]
|
||||
return None
|
||||
except KeyError as e:
|
||||
logging.warning("[-] Skipping " + route + " : " + str(e))
|
||||
return None
|
||||
|
||||
|
||||
# transform dict {array: something} and if something is a dict and contains {array: something} transform it
|
||||
def _transform_array(self, array: dict) -> list:
|
||||
if 'array' in array:
|
||||
if isinstance(array['array'], dict):
|
||||
array = [self._transform_array(array['array'])]
|
||||
else:
|
||||
array = [self.AUTOFILL_VALUES[array['array']]]
|
||||
else:
|
||||
for key in array:
|
||||
if isinstance(array[key], dict):
|
||||
array[key] = self._transform_array(array[key])
|
||||
elif 'array' in array[key]:
|
||||
array[key] = [self.AUTOFILL_VALUES[array[key]['array']]]
|
||||
else:
|
||||
array[key] = self.AUTOFILL_VALUES[array[key]]
|
||||
return array
|
||||
|
||||
|
||||
def _transform_query(self, route: str, param: dict, option: str):
|
||||
if '?' in self.routes[route][0]['route'] or '?' in option:
|
||||
option += "&" + param['name'] + "="
|
||||
else:
|
||||
option += "?" + param['name'] + "="
|
||||
if "type" in param:
|
||||
if 'enum' in param['type']:
|
||||
option += param['type']['enum'][0]
|
||||
elif 'array' in param['type']:
|
||||
option += self.AUTOFILL_VALUES[param['type']['array']]
|
||||
else:
|
||||
option += self.AUTOFILL_VALUES[param['type']]
|
||||
elif "in" in param:
|
||||
if param['in'] == "query":
|
||||
if self.swagger_dict['basePath']:
|
||||
route_parsed = route.split(self.swagger_dict['basePath'])[1]
|
||||
elif self.swagger_dict['host']:
|
||||
route_parsed = route.split(self.swagger_dict['host'])[1]
|
||||
else:
|
||||
print("todo")
|
||||
method = route.split(' ')[0].lower()
|
||||
param = self.swagger_dict['paths'][route_parsed][method]['parameters'][0]['schema']
|
||||
if 'enum' in param:
|
||||
option += param['enum'][0]
|
||||
elif 'array' in param:
|
||||
option += self.AUTOFILL_VALUES[param['array']]
|
||||
else:
|
||||
if 'array' in param['type']:
|
||||
option += self.AUTOFILL_VALUES[param['items']['type']]
|
||||
else:
|
||||
option += self.AUTOFILL_VALUES[param['type']]
|
||||
|
||||
return option
|
||||
|
||||
def _transform_url(self, param: dict, url: str, route: str) -> str:
|
||||
name = param['name']
|
||||
if "{" in url:
|
||||
if self.swagger_dict['basePath']:
|
||||
route_parsed = route.split(self.swagger_dict['basePath'])[1]
|
||||
elif self.swagger_dict['host']:
|
||||
route_parsed = route.split(self.swagger_dict['host'])[1]
|
||||
else:
|
||||
print("todo")
|
||||
method = route.split(' ')[0].lower()
|
||||
if not 'type' in param:
|
||||
param = self.swagger_dict['paths'][route_parsed][method]['parameters'][0]['schema']
|
||||
return url.replace("{" + name + "}", self.AUTOFILL_VALUES[param['type']])
|
||||
|
||||
|
||||
def _transform_body(self, param: dict) -> str:
|
||||
json_dict = {}
|
||||
for key in param['model']:
|
||||
if 'array' in param['model'][key]:
|
||||
json_dict[key] = self._transform_array(param['model'][key])
|
||||
elif isinstance(param['model'][key], dict):
|
||||
json_dict[key] = self._replace_param(param['model'][key])
|
||||
else:
|
||||
json_dict[key] = self.AUTOFILL_VALUES[param['model'][key]]
|
||||
return json.dumps(json_dict)
|
||||
|
||||
|
||||
def _transform_formData(self, param: dict, files: list) -> str:
|
||||
data = ""
|
||||
if 'enum' in param['type']:
|
||||
data = self._add_data(data, param['name'], param['type']['enum'][0])
|
||||
elif 'array' in param['type']:
|
||||
data = self._add_data(data, param['name'], "[" + self.AUTOFILL_VALUES[param['type']['array']] + "]")
|
||||
else:
|
||||
if param['type'] == "file":
|
||||
files.append([param['name'], self.AUTOFILL_VALUES[param['type']]])
|
||||
else:
|
||||
data = self._add_data(data, param['name'], self.AUTOFILL_VALUES[param['type']])
|
||||
return data
|
||||
|
||||
|
||||
# create request with default value from swagger file
|
||||
def _create_request(self, routes: dict) -> list[Request]:
|
||||
requests_list = []
|
||||
for route in routes:
|
||||
url = routes[route][0]['route']
|
||||
data = ""
|
||||
header = {}
|
||||
option = ""
|
||||
files = []
|
||||
if 'params' in routes[route][0]:
|
||||
for param in routes[route][0]['params']:
|
||||
if 'in' in param:
|
||||
if param['in'] == "path":
|
||||
url = self._transform_url(param, url, route)
|
||||
elif param['in'] == "query":
|
||||
option = self._transform_query(route, param, option)
|
||||
elif param['in'] == "body" and 'model' in param:
|
||||
data = self._transform_body(param)
|
||||
elif param['in'] == "formData":
|
||||
data = self._transform_formData(param, files)
|
||||
elif param['in'] == "header":
|
||||
header[param['name']] = self.AUTOFILL_VALUES[param['type']]
|
||||
request = Request(path=url+option, method=routes[route][0]['method'], post_params=data, file_params=files)
|
||||
request.set_headers(header)
|
||||
requests_list.append(request)
|
||||
return requests_list
|
||||
|
||||
|
||||
@staticmethod
|
||||
def _add_data(data, name: str, value: str) -> str:
|
||||
if data != "":
|
||||
data += "&" + name + "=" + value
|
||||
else:
|
||||
data += name + "=" + value
|
||||
return data
|
||||
|
||||
|
||||
def _replace_param(self, json_dict: dict) -> dict:
|
||||
if 'array' in json_dict:
|
||||
if isinstance(json_dict['array'], dict):
|
||||
json_dict = [self._replace_param(json_dict['array'])]
|
||||
else:
|
||||
json_dict = [self.AUTOFILL_VALUES[json_dict['array']]]
|
||||
else:
|
||||
for key in json_dict:
|
||||
if isinstance(json_dict[key], dict):
|
||||
self._replace_param(json_dict[key])
|
||||
elif 'array' in json_dict[key]:
|
||||
json_dict[key] = [self.AUTOFILL_VALUES[json_dict[key]['array']]]
|
||||
else:
|
||||
try:
|
||||
json_dict[key] = self.AUTOFILL_VALUES[json_dict[key]]
|
||||
except TypeError as e:
|
||||
logging.warning("[-] Warning: Unexpected type for AUTOFILL_VALUES key," +
|
||||
" probably due to unsupported format: " + str(e))
|
||||
return json_dict
|
||||
|
||||
def get_requests(self) -> list[Request]:
|
||||
return self._create_request(self.routes)
|
Loading…
Reference in New Issue