openapi: generate XML request bodies #6793
Conversation
|
All contributors have signed the CLA ✍️ ✅ |
|
Great job! No new security vulnerabilities introduced in this pull requestUse @Checkmarx to reach out to us for assistance. Just send a PR comment with Examples: |
|
Seems likely that all your formatting changes will need to be reverted. The projects use spotless to enforce formatting. |
|
More important is to address this #6793 (comment) |
… misc UI & spider fixes Implement DOM-based XML body generation in BodyGenerator Add BodyGenerator.generateXml(MediaType) and generateXml(Schema) Prefer media-type examples; otherwise generate XML from Schema Support common xml.* metadata: xml.name, xml.attribute, xml.wrapped, xml.namespace and xml.prefix Handle primitives, arrays (wrapped / unwrapped), object properties, additionalProperties (serialized as <entry><key/><value/>), BinarySchema placeholder, and basic composed-schema handling (oneOf/anyOf/allOf merge) Emit generator error messages on failures (preserve existing error collection) Wire XML generation into request conversion RequestModelConverter: detect application/xml, text/xml and application/*+xml, prefer exact application/xml and call BodyGenerator.generateXml(...) instead of logging unsupported-content Tests and integration Add/tighten unit tests in BodyGeneratorXmlUnitTest that parse generated XML and assert structure (elements, attributes, namespaces, counts) Update v3 BodyGeneratorUnitTest where necessary Add integration test OpenApiIntegrationXmlTest and test resource openapi_xml_integration.yaml to verify generated XML bodies and removal of the previous unsupported-content message Miscellaneous improvements / cleanup ImportDialog: minor formatting, switch validation to use java.net.URI to avoid deprecated URL-based parsing and avoid deprecated constructors SpiderDialog & UrlCanonicalizer: minor whitespace/formatting fixes and replace deprecated URL(String,...) usage with URI construction where appropriate (avoid deprecated constructors) Small refactors and formatting adjustments across changed files
W0lfbane
force-pushed
the
feat/openapi-xml-compatibility
branch
from
c0da7bf to
bccc08d
Compare
|
Hello. I published this under the wrong email (would not let me sign the CLA), so I have force pushed to change that from the commit history. I have applied linting with spotless. |
|
I have read the CLA Document and I hereby sign the CLA |
|
Please revert the URI/URL changes, they are not correct and are unrelated to the XML generation. (The recommended Java version for dev is currently 17.) |
|
You're right, I'll go ahead and revert them. I was getting errors running tests locally due to the deprecation warns. I'll switch to Java 17 to mitigate that. I updated the openapi.html regarding the XML generation |
…fail for complex or invalid schemas
W0lfbane
force-pushed
the
feat/openapi-xml-compatibility
branch
from
984aff6 to
8d7fc18
Compare
...api/src/main/javahelp/org/zaproxy/zap/extension/openapi/resources/help/contents/openapi.html
Outdated
Show resolved
Hide resolved
…napi/resources/help/contents/openapi.html Co-authored-by: Rick M <[email protected]> Signed-off-by: W0lfbane <[email protected]>
thc202
changed the title
|
The changelog should be updated: https://github.com/zaproxy/zap-extensions/blob/main/CONTRIBUTING.md |
|
I have updated the change log file |
W0lfbane
force-pushed
the
feat/openapi-xml-compatibility
branch
2 times, most recently
from
73cd926 to
d4f8e03
Compare
W0lfbane
force-pushed
the
feat/openapi-xml-compatibility
branch
from
d4f8e03 to
26df0b6
Compare
4 participants
Overview
Added DOM-based XML request-body generation to the OpenAPI add-on and integrated it into the request conversion flow so XML media types (application/xml, text/xml, and vendor types ending in +xml) produce payloads instead of being skipped. The generator new APIs in BodyGenerator prefers examples and otherwise walks OpenAPI schemas to emit XML honoring common xml.* hints (xml.name, xml.attribute, xml.wrapped, xml.namespace/prefix). Tests were added and tightened: unit tests validate structure via DOM parsing and an integration test ensures XML bodies are generated and the previous "unsupported content" message is not emitted.
Related Issues
zaproxy/zaproxy#6767