extra swagger validations

This commit is contained in:
David Donn 2021-09-15 11:31:56 +10:00
parent caaf7c491f
commit f6201dae42

View File

@ -5393,7 +5393,22 @@ def parseRequestFile(reqFile, checkParams=True):
try: try:
swagger = json.loads(content) swagger = json.loads(content)
logger.debug("swagger OpenAPI version '%s'" % swagger["openapi"])
# extra validations
if "openapi" not in swagger or not swagger["openapi"].startswith("3."):
errMsg = "swagger must be OpenAPI 3.x.x!"
raise SqlmapSyntaxException(errMsg)
if ("servers" not in swagger or
not isinstance(swagger["servers"], list) or
len(swagger["servers"]) < 1 or
"url" not in swagger["servers"][0]):
errMsg = "swagger server is missing!"
raise SqlmapSyntaxException(errMsg)
server = swagger["servers"][0]["url"]
logger.info("swagger OpenAPI version '%s', server '%s'" %(swagger["openapi"], server))
for path in swagger["paths"]: for path in swagger["paths"]:
for operation in swagger["paths"][path]: for operation in swagger["paths"][path]:
@ -5413,7 +5428,7 @@ def parseRequestFile(reqFile, checkParams=True):
parameterPath = _swaggerOperationPath(path, op["parameters"]) parameterPath = _swaggerOperationPath(path, op["parameters"])
qs = _swaggerOperationQueryString(op["parameters"]) qs = _swaggerOperationQueryString(op["parameters"])
url = "%s%s" % (swagger["servers"][0]["url"], parameterPath) url = "%s%s" % (server, parameterPath)
method = operation.upper() method = operation.upper()
if qs is not None: if qs is not None: