Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue running the OFFAT tool to scan Open Source API's #113

Closed
puriaayush01 opened this issue May 28, 2024 · 2 comments
Closed

Issue running the OFFAT tool to scan Open Source API's #113

puriaayush01 opened this issue May 28, 2024 · 2 comments

Comments

@puriaayush01
Copy link

Hi @dmdhrumilmistry ,
I tried using the OFFAT Tool, it did work when I use the https://petstore.swagger.io/v2/swagger.json, but when I try using other open source API's swagger.json, the tool fails to run and throws errors. I tried using multiple API's but it throws error for all of them. I tried to compare the JSON file, it's almost similar. So just wanted to understand what the issue is!

Also, do you have any documentation on what has to be inserted when we use the Docker to Run the tool. Like what should be the user input for "OpenAPI" in the api/v1/scan?

image
@dmdhrumilmistry
Copy link
Collaborator

dmdhrumilmistry commented May 28, 2024
edited
Loading

Hi @dmdhrumilmistry , I tried using the OFFAT Tool, it did work when I use the https://petstore.swagger.io/v2/swagger.json, but when I try using other open source API's swagger.json, the tool fails to run and throws errors. I tried using multiple API's but it throws error for all of them. I tried to compare the JSON file, it's almost similar. So just wanted to understand what the issue is!

Also, do you have any documentation on what has to be inserted when we use the Docker to Run the tool. Like what should be the user input for "OpenAPI" in the api/v1/scan?

image

Hi @puriaayush01,

I believe there could be 2 issues here.

  1. OFFAT failed to parse Swagger/OAS documentation. If you're using Swagger files then I've covered most of the cases, so It should be able to parse it successfully. While OAS (v3) documentation could have some parsing bugs.

  2. OFFAT uses aiohttp which sends requests asynchronously, so make sure you're server can handle those requests. You can handle rate limit using -rl switch which will limit requests/second.

Can you provide more information on this such as OFFAT and python versions, which open source API you're trying to asses? what errors are you getting?

I think APIs won't work as of now It could return 500, I wrote a while back and there has been several changes after initially writing it. I would prefer to use main docker image for scanning APIs in CI/CD.

@dmdhrumilmistry
Copy link
Collaborator

closing due to inactivity. Feel free to re-open issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dmdhrumilmistry @puriaayush01