openapi: workaround issue importing fully resolved definitions (#5299)

Try import the original file if failed to import the fully resolved definition when too big. Signed-off-by: Ignacio Íñigo <megalucio@users.noreply.github.com>
zaproxy · Jul 2, 2024 · 9ae00ac · 9ae00ac
1 parent 8531638
commit 9ae00ac
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 7 deletions.
diff --git a/addOns/openapi/CHANGELOG.md b/addOns/openapi/CHANGELOG.md
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
 
+### Changed
+- Workaround issue loading fully resolved definitions that are too large by trying to use the original definition only (Issue 8193).
 
 ## [41] - 2024-05-10
 ### Changed

diff --git a/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApi.java b/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApi.java
@@ -19,6 +19,7 @@
  */
 package org.zaproxy.zap.extension.openapi;
 
+import com.fasterxml.jackson.databind.JsonMappingException;
 import io.swagger.v3.core.util.Json;
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.parser.core.models.SwaggerParseResult;
@@ -27,6 +28,7 @@
 import java.io.File;
 import java.io.FileReader;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -35,6 +37,7 @@
 import java.util.Map;
 import java.util.regex.Pattern;
 import org.apache.commons.httpclient.URI;
+import org.apache.commons.io.FileUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.parosproxy.paros.CommandLine;
@@ -343,15 +346,22 @@ public OpenApiResults importOpenApiDefinitionV2(
                 throw new InvalidDefinitionException();
             }
 
+            String openApiString;
+            try {
+                openApiString = Json.mapper().writeValueAsString(openApi);
+            } catch (JsonMappingException e) {
+                if (e.getOriginalMessage().contains("TextBuffer overrun")) {
+                    LOGGER.warn(
+                            "Fully resolved definition is too large, trying to use original definition only.");
+                    openApiString = FileUtils.readFileToString(file, StandardCharsets.UTF_8);
+                } else {
+                    throw e;
+                }
+            }
+
             List<String> errors =
                     importOpenApiDefinition(
-                            Json.pretty(openApi),
-                            targetUrl,
-                            null,
-                            initViaUi,
-                            requestor,
-                            contextId,
-                            false);
+                            openApiString, targetUrl, null, initViaUi, requestor, contextId, false);
             results.setErrors(errors);
         } catch (IOException e) {
             if (initViaUi) {