Skip to content

[BUG] Incorrect Path Construction When basePath is Root ("/") in Swagger/OpenAPI Specification #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
4 tasks done
DmytroPetrushenko opened this issue Oct 29, 2024 · 0 comments
Open
4 tasks done

[BUG] Incorrect Path Construction When basePath is Root ("/") in Swagger/OpenAPI Specification #107

DmytroPetrushenko opened this issue Oct 29, 2024 · 0 comments
Assignees
@aress31
Labels
bug

Comments

@DmytroPetrushenko
Copy link

Prerequisites

  • Thoroughly read the README file.
  • Checked the project requirements and ensured they are met.
  • Searched for existing issues that may address the problem.
  • Performed basic troubleshooting steps.

Description

When the basePath in the Swagger/OpenAPI specification is set to the root ("/"), Burp Suite constructs paths incorrectly, resulting in a double slash (//) at the beginning of each request path. This leads to URLs being generated as follows:
**https://example.com//api/v1/resources/{resourceId}?includeDetails=true&sortOrder=asc**

Steps to Reproduce

  1. Create or edit an OpenAPI/Swagger specification file with the following properties:
  • Set basePath to "/".
  • Define a sample path, such as /api/v1/resources/{resourceId}, with some query parameters, e.g., includeDetails and sortOrder.

Example:

{
  "swagger": "2.0",
  "basePath": "/",
  "paths": {
    "/api/v1/resources/{resourceId}": {
      "get": {
        "summary": "Get Resource Details",
        "parameters": [
          {
            "name": "resourceId",
            "in": "path",
            "required": true,
            "type": "string"
          },
          {
            "name": "includeDetails",
            "in": "query",
            "required": false,
            "type": "boolean"
          },
          {
            "name": "sortOrder",
            "in": "query",
            "required": false,
            "type": "string",
            "enum": ["asc", "desc"]
          }
        ],
        "responses": {
          "200": {
            "description": "Successful operation"
          }
        }
      }
    }
  }
}

  1. Import this specification file into Burp Suite using the OpenAPI/Swagger parser.

  2. Observe the generated HTTP requests in Burp Suite.

Expected Result:
Paths should be generated as https://example.com/api/v1/resources/{resourceId}?includeDetails=true&sortOrder=asc.

Actual Result:
Paths are generated with a double slash, resulting in https://example.com//api/v1/resources/{resourceId}?includeDetails=true&sortOrder=asc.

Expected Behavior

When basePath is "/", paths should be constructed without the extra leading slash, as shown below:
**https://example.com/api/v1/resources/{resourceId}?includeDetails=true&sortOrder=asc**

Screenshots

No response

Environment

  • OS: macOS Version 15.0.1 (24A348)
  • Burp Suite version: Professional 2024.9.3
  • OpenAPI Specification version: 2.0

Error Message

No response

Additional Context

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aress31 aress31

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aress31 @DmytroPetrushenko