Skip to content

Commit

Permalink
Application/XML support for request bodies
Browse files Browse the repository at this point in the history 
This commit adds support for handling Application/XML content types in request bodies.This enhancement resolves Issue #6767

Signed-off-by:Tryfon Iason Papatriantafyllou <[email protected]>
  • Loading branch information
@trypa11
trypa11 committed Sep 21, 2024
1 parent d34392d commit 6d7c217
Show file tree
Hide file tree
Showing 5 changed files with 63 additions and 24 deletions.
1 change: 1 addition & 0 deletions addOns/openapi/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Added
- Allow to import the OpenAPI definitions with a user (Issue 7739).
- Honour context exclusions when importing (Issue 8021).
- Application/XML support for request bodies (Issue 6767).

### Fixed
- Allow to select the contexts of the Automation Framework plan when configuring the job.
Expand Down
11 changes: 3 additions & 8 deletions .../main/java/org/zaproxy/zap/extension/openapi/converter/swagger/RequestModelConverter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@
import io.swagger.v3.oas.models.parameters.RequestBody;
import java.util.List;
import java.util.Map;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.network.HttpHeaderField;
import org.zaproxy.zap.extension.openapi.generators.Generators;
import org.zaproxy.zap.extension.openapi.generators.HeadersGenerator;
Expand Down Expand Up @@ -85,13 +84,9 @@ private String generateBody() {
return generators.getBodyGenerator().generateMultiPart(schema, encoding);
}

if (content.containsKey(CONTENT_APPLICATION_XML)) {
generators.addErrorMessage(
Constant.messages.getString(
"openapi.unsupportedcontent",
operation.getOperationId(),
CONTENT_APPLICATION_XML));
return "";
if (content.containsKey("application/xml")) {
schema = content.get("application/xml").getSchema();
return generators.getBodyGenerator().generateXml(schema);
}

if (!content.isEmpty()) {
Expand Down
38 changes: 38 additions & 0 deletions addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/generators/BodyGenerator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,44 @@ public String generateMultiPart(Schema<?> schema, Map<String, Encoding> encoding
return "";
}

@SuppressWarnings("rawtypes")
public String generateXml(Schema<?> schema) {
if (schema == null) {
return "";
}

StringBuilder xml = new StringBuilder();
String elementName = null;
generateXmlElements(schema, xml);
return xml.toString();
}

@SuppressWarnings("rawtypes")
private void generateXmlElements(Schema<?> schema, StringBuilder xml) {
for (Map.Entry<String, Schema> property : schema.getProperties().entrySet()) {
String elementName = property.getKey();
xml.append("<");
xml.append(elementName);
xml.append(">");

if (property.getValue().getProperties() != null) {
generateXmlElements(property.getValue(), xml);
} else {
String value = dataGenerator.generateValue(elementName, property.getValue(), false);
if ("string".equalsIgnoreCase(property.getValue().getType())
&& value.startsWith("\"")
&& value.endsWith("\"")) {
value = value.substring(1, value.length() - 1); // Remove surrounding quotes
}
xml.append(value);
}

xml.append("</");
xml.append(elementName);
xml.append(">\n");
}
}

private static String getPropertyContentType(Schema<?> schema) {
String type;

Expand Down
2 changes: 0 additions & 2 deletions .../src/main/javahelp/org/zaproxy/zap/extension/openapi/resources/help/contents/openapi.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,6 @@
<BODY>
<H1>OpenAPI Support</H1>
This add-on allows you to spider and import OpenAPI (Swagger) definitions, versions 1.2, 2.0, and 3.0.
<br>
<strong>Note:</strong> Generation of XML content is currently not supported.
<br><br>
The add-on will automatically detect any OpenAPI definitions and spider them as long as they are in scope.
<br><br>
Expand Down
35 changes: 21 additions & 14 deletions addOns/openapi/src/test/java/org/zaproxy/zap/extension/openapi/v3/BodyGeneratorUnitTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,6 @@
*/
package org.zaproxy.zap.extension.openapi.v3;

import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.emptyString;
import static org.hamcrest.Matchers.is;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
Expand Down Expand Up @@ -716,19 +712,30 @@ void shouldGenerateBodyWithNoSchema() throws IOException {
}

@Test
void shouldNotGenerateContentForApplicationXml() throws IOException {
void shouldGenerateXmlObject() throws IOException {
// Given
OpenAPI definition = parseResource("openapi_xml_bodies.yaml");
OperationModel operationModel =
new OperationModel("/xml", definition.getPaths().get("/xml").getPost(), null);
OpenAPI openAPI = parseResource("openapi_xml_bodies.yaml");

// When
String content = new RequestModelConverter().convert(operationModel, generators).getBody();
String xmlString =
generators
.getBodyGenerator()
.generateXml(
openAPI.getPaths()
.get("/xml")
.getPost()
.getRequestBody()
.getContent()
.get("application/xml")
.getSchema());

// Then
assertThat(content, is(emptyString()));
assertThat(
generators.getErrorMessages(),
contains(
"Not generating request body for operation xml, the content type application/xml is not supported."));
String expectedOutput =
"<value-string>John Doe</value-string>\n"
+ "<value-boolean>true</value-boolean>\n"
+ "<value-integer>10</value-integer>\n";

assertEquals(expectedOutput, xmlString);
}

@Test
Expand Down

0 comments on commit 6d7c217

Please sign in to comment.