-
-
Notifications
You must be signed in to change notification settings - Fork 690
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openapi: workaround issue importing fully resolved definitions #5299
Conversation
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
recheck |
You first need to add the agreeing comment. |
I have read the CLA Document and I hereby sign the CLA |
This comment has been minimized.
This comment has been minimized.
8d02429
to
6fd73e0
Compare
addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApi.java
Outdated
Show resolved
Hide resolved
IMO this is not the proper fix, we should change the parser limits instead. |
addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApi.java
Outdated
Show resolved
Hide resolved
Agreed, however I understand the limit that is being reached here is the String's Maximum length(Integer.MAX_INT or 2147483647) as seen on the exception
Not sure how to address that. Besides the method where the exception is being thrown, Json.pretty() belongs to external library swagger-core so it does not look like we can change that. Another alternative which I was thinking was to catch for the IllegalStateException and only on that instance to get the string directly from the file, which seems a bit more proper. Thoughts? Any other ideas on how to fix it? |
It looks suspicious that's actually hitting the max of the string, what's the size of the original definition? Did you try write the expanded definition to a file to see its size (and contents for that matter)? I'm aware that's a class/method from the library, but that's "one" line of code. Agreed that looks better still I'd skip the pretty print instead of reading from the file (as that would break the multi file). |
@megalucio are you able to answer the latest questions and keep going with this? |
Giving another go to this one, @thc202 what do you mean by the original and expanded definitions? Not sure, I'm following here. Thanks |
In SwaggerConverter calls to resolveFully will replace the references with actual values which will make the definition bigger, i was suggesting saving that one and verify the contents and the size. Would still be interesting to know the size of the original. |
Size of the original is 2.3M |
And just before the |
openApiString.length() = 2378052 |
Not sure how to calculate the size there since I have an OpenAPI object |
With |
Honestly I'm not sure what you mean by the original definition, this is what is being provided. Still unable to process big openapi definitions.
Yeah, that is where the exception is being thrown, this is what happens inside pretty. But the good thing about using it is that in this instance I can catch the exception and only read directly from file when that happens which respects more the previous implementation, I figure this is more backwards compatible. Only doubt I have is if still use Json.pretty or stick with Json.mapper().writeValueAsString(…)`. I will post a new commit now with this idea see what you think. |
addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApi.java
Show resolved
Hide resolved
Did you try write to file? |
If I am understanding you correctly, I get the same exception when Json.mapper().writeValueAsString so basically cant write to file. |
I mean one of the other methods not that one, e.g. |
Yeah I got a 2.9 GB file 🤦♂️ |
addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApi.java
Outdated
Show resolved
Hide resolved
addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApi.java
Outdated
Show resolved
Hide resolved
### Changed
- Workaround issue loading fully resolved definitions that are too large by trying to use the original definition only (Issue 8193). |
This might also need a merge/rebase. |
Did you fetch from upstream/zaproxy? (the PR has conflict now) |
Signed-off-by: Ignacio Íñigo <megalucio@users.noreply.github.com>
Signed-off-by: Ignacio Íñigo <megalucio@users.noreply.github.com>
Signed-off-by: Ignacio Íñigo <megalucio@users.noreply.github.com>
…/ExtensionOpenApi.java Co-authored-by: thc202 <thc202@gmail.com> Signed-off-by: Ignacio Íñigo Hernández <megalucio@users.noreply.github.com>
2e03b88
to
5ee6b10
Compare
I think is ready now, please review again. |
I think it still needs a |
Thank you! |
Overview
Fix import openapi definitions from files. It fails with big files.
Related Issues
Specify any related issues or pull requests by linking to them.
zaproxy/zaproxy#8193
Checklist
./gradlew spotlessApply
for code formattingFor more details, please refer to the developer rules and guidelines.