Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
admin/api
Describe the bug
RapiDAST (Rapid DAST) is an open-source security testing tool that automates Dynamic Application Security Testing (DAST) and seamlessly integrates security into your development workflow.
It supports OpenAPI v2 (formerly Swagger) and v3 schemas, using them to define endpoints and their corresponding parameters.
However, when importing the OpenAPI descriptor from the Keycloak documentation, some errors were identified, which are also visible when running the Swagger Validator tool. These errors prevent the security team from integrating the descriptor with the tool.
Version
<= 25.0.4
Regression
- The issue is a regression
Expected behavior
Import the OpenAPI descriptor in the Swagger Validator tool and see no errors.
Actual behavior
When the OpenAPI descriptor in the Swagger Validator tool is imported, we see the following errors:
{
"messages": [
"attribute components.schemas.ClientPolicyConditionRepresentation.items is missing",
"attribute components.schemas.ClientPolicyExecutorRepresentation.items is missing"
],
"schemaValidationMessages": [ ]
}
How to Reproduce?
- Copy the link to the OpenAPI definition from https://www.keycloak.org/docs-api/latest/rest-api/openapi.json.
- Paste it into https://validator.swagger.io/.
- Scroll to the bottom of the page, and you should see a button labeled "Invalid."
- Click on the button to see the error messages.
Anything else?
No response