- 
          
- 
                Notifications
    You must be signed in to change notification settings 
- Fork 745
openapi: generate XML request bodies #6793
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Conversation
| All contributors have signed the CLA  ✍️ ✅ | 
| 
 Great job! No new security vulnerabilities introduced in this pull requestUse @Checkmarx to reach out to us for assistance. Just send a PR comment with  Examples:  | 
| Seems likely that all your formatting changes will need to be reverted. The projects use spotless to enforce formatting. | 
| More important is to address this #6793 (comment) | 
… misc UI & spider fixes Implement DOM-based XML body generation in BodyGenerator Add BodyGenerator.generateXml(MediaType) and generateXml(Schema) Prefer media-type examples; otherwise generate XML from Schema Support common xml.* metadata: xml.name, xml.attribute, xml.wrapped, xml.namespace and xml.prefix Handle primitives, arrays (wrapped / unwrapped), object properties, additionalProperties (serialized as <entry><key/><value/>), BinarySchema placeholder, and basic composed-schema handling (oneOf/anyOf/allOf merge) Emit generator error messages on failures (preserve existing error collection) Wire XML generation into request conversion RequestModelConverter: detect application/xml, text/xml and application/*+xml, prefer exact application/xml and call BodyGenerator.generateXml(...) instead of logging unsupported-content Tests and integration Add/tighten unit tests in BodyGeneratorXmlUnitTest that parse generated XML and assert structure (elements, attributes, namespaces, counts) Update v3 BodyGeneratorUnitTest where necessary Add integration test OpenApiIntegrationXmlTest and test resource openapi_xml_integration.yaml to verify generated XML bodies and removal of the previous unsupported-content message Miscellaneous improvements / cleanup ImportDialog: minor formatting, switch validation to use java.net.URI to avoid deprecated URL-based parsing and avoid deprecated constructors SpiderDialog & UrlCanonicalizer: minor whitespace/formatting fixes and replace deprecated URL(String,...) usage with URI construction where appropriate (avoid deprecated constructors) Small refactors and formatting adjustments across changed files
c0da7bf    to
    bccc08d      
    Compare
  
    | Hello. I published this under the wrong email (would not let me sign the CLA), so I have force pushed to change that from the commit history. I have applied linting with spotless. | 
| I have read the CLA Document and I hereby sign the CLA | 
| Please revert the URI/URL changes, they are not correct and are unrelated to the XML generation. (The recommended Java version for dev is currently 17.) | 
| You're right, I'll go ahead and revert them. I was getting errors running tests locally due to the deprecation warns. I'll switch to Java 17 to mitigate that. I updated the openapi.html regarding the XML generation | 
…fail for complex or invalid schemas
984aff6    to
    8d7fc18      
    Compare
  
            
          
                ...api/src/main/javahelp/org/zaproxy/zap/extension/openapi/resources/help/contents/openapi.html
              
                Outdated
          
            Show resolved
            Hide resolved
        
      …napi/resources/help/contents/openapi.html Co-authored-by: Rick M <[email protected]> Signed-off-by: W0lfbane <[email protected]>
| The changelog should be updated: https://github.com/zaproxy/zap-extensions/blob/main/CONTRIBUTING.md | 
| I have updated the change log file | 
73cd926    to
    d4f8e03      
    Compare
  
    d4f8e03    to
    26df0b6      
    Compare
  
    
Overview
Added DOM-based XML request-body generation to the OpenAPI add-on and integrated it into the request conversion flow so XML media types (application/xml, text/xml, and vendor types ending in +xml) produce payloads instead of being skipped. The generator new APIs in BodyGenerator prefers examples and otherwise walks OpenAPI schemas to emit XML honoring common xml.* hints (xml.name, xml.attribute, xml.wrapped, xml.namespace/prefix). Tests were added and tightened: unit tests validate structure via DOM parsing and an integration test ensures XML bodies are generated and the previous "unsupported content" message is not emitted.
Related Issues
zaproxy/zaproxy#6767