Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

OpenAPI parsing error

Laura | Last updated: May 16, 2024 04:19PM UTC

We seem to be having problems importing our OpenAPI v3.0.x file into the BURP Professional suite. The error reports a syntax error in the file itself. But does not specify what line is causing the issue. I've switched the suite to "Early Adopter" and have the same issue. After extended troubleshooting, i've found the line that's causing the import to fail. "$ref": "dfdf" If i remove the “$” character the line works. If i keep the “$ref” and turn the value into an empty string, it works. If i keep the “$ref” and turn the value into anything other than an empty string, it fails. Any advice on next steps? Would really like to run the tool on our backend.

Syed, PortSwigger Agent | Last updated: May 17, 2024 09:05AM UTC

Hi Laura,

The $ref keyword in an OpenAPI specification is used to reference a component that is defined elsewhere in the document. This allows for reusability of common definitions and can help keep the specification organized and less cluttered. The $ref keyword is primarily used to refer to schemas, responses, parameters, examples, request bodies, headers, security schemes, links, and callbacks.

The $ref in itself is valid and is used in OpenAPI definitions. However, I would start by ensuring that the reference exists and is valid. For example, here is an example definition JSON file that you can compare with and verify the syntax: https://github.com/OAI/OpenAPI-Specification/blob/main/examples/v3.0/petstore.json

Laura | Last updated: May 20, 2024 08:35PM UTC

I now have access to the folder the `$ref` was referencing. The OpenAPI file and folder are in the same directory. Yet I still fail at the same point. In the file we are failing at the line "$ref": "/models/ActionType_POST.json" I've even added the # character before the /models to see if that would help, after looking through the example json provided. Any suggestions?

Laura | Last updated: May 20, 2024 08:38PM UTC

I changed the path to C:Users/{myUserName}/...projectPath/models and it seems to take now! Is there anyway to have BURP read the file from its directory? Otherwise im going to have to go in here and adjust 800+ references (I can automate this, but was hoping for a better solution)

Syed, PortSwigger Agent | Last updated: May 21, 2024 12:49PM UTC

Hi Laura,

Burp does not support API specs with external references or references to files. I am not sure how this one got through but I am intrigued. Please share with us your API spec or email us in at support@portswigger.net so that I can look further into it.

Laura | Last updated: May 21, 2024 04:58PM UTC

Awesome, thanks Syed. I've sent the email with the OpenAPI file attached. Got some other questions as far as certain api endpoints not being to be hit. But im sure we can address that in our email thread.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.