Accept OpenAPI v3.1.x as input specification for DAST API fuzzing

Problem

DAST API fuzzing does not allow the usage of OpenAPI documents version 3.1 as input.

Proposal

Update DAST API Fuzzing (Automation and Worker-Entry components) to accept OpenAPI documents based on new features

1. Worker-Entry
   1. Allow using Version 3.1.x
      1. Prevent validation error when using version 3.1.x
      2. Add JSON Schema validation for OpenAPI 3.1.x schema-v3.1
   2. Add Integration tests using OpenAPI 3.1.x
2. Automation-Runner
   1. Allow using Version 3.1.x
      1. Prevent validation error when using version 3.1.x
      2. Feature Update:
         • JSON Schema Array of Types Make sure new null syntax and type listing are loaded properly.
         • JSON Schema Examples Make sure examples property is also checked when producing sample data.
         • Webhooks show a warning indicating webhooks are not supported.
         • OpenAPI Top-Level Elements The paths element is optional. Double-check that is still validating that property is required and has at least 1 element.
         • Request Bodies for Any Method Check request body is generated for HEAD and GET requests.
3. Add tests
   • JSON Schema Array of Types (Worker-Entry: Integration) [X] (Automation: Unit) [X]
   • JSON Schema Examples (Worker-Entry: Integration) [X] (Automation: Unit) [X]
   • Request Bodies for Any Method (Worker-Entry: Integration) [X] (Automation: Integration) [X]
4. Update DAST API/ API Fuzzing documentation
5. Publish new container

Notes:

• NSwag uses JsonSchema library, which seems to be loading the relevant new features properly.
• Python Draft4Validator supports up to JsonSchema Draft4, but OpenAPI v3.1 uses 2020-12. Hence, from Python listing in json-schema.org only jschon supports JsonSchema 2020-12.

Links

• What’s New in OpenAPI Specification 3.1 Slides
• OpenAPI Schema v3.1
• OpenAPI 3.1 is
• JSON schema draft-2019-09
• YAML 1.2
• OpenAPI Tools
• json-schema libs
• Online JSON Schema validation supports 2020-12