Skip to content

[BUG] Header type parameter placed in Cookie incorrectly #109

New issue
New issue
Open
Open
[BUG] Header type parameter placed in Cookie incorrectly#109
Assignees
aress31
Labels
bug
@rbeede

Description

@rbeede
rbeede
opened on Dec 11, 2024

Prerequisites

  • Thoroughly read the README file.
  • Checked the project requirements and ensured they are met.
  • Searched for existing issues that may address the problem.
  • Performed basic troubleshooting steps.

Description

A parameter defined in the OpenAPI 3.0.1 json that should be an HTTP header is instead being treated as a Cookie value.

Steps to Reproduce

Create an openapi 3.0.1 json with this following "paths" included:

   "/myapifunction": {
      "get": {
        "tags": [
          "Picture"
        ],
        "parameters": [
          {
            "name": "pictureCode",
            "in": "header",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Success"
          }
        }
      }
    },

Load the json in the Burp OpenAPI Parser tab

Observe that the raw request used Cookie: pictureCode instead of a separate HTTP header named pictureCode.

Expected Behavior

The HTTP request generated should have created a separate HTTP header instead of using a Cookie.

Screenshots

No response

Environment

  • OS: Linux (Ubuntu)
  • Java version: built-in private JRE bundled with Burp
  • Burp Suite version: Pro 2024.10.3
  • OpenAPI Specification version: 3.0.1

Error Message

No response

Additional Context

No response

Metadata

Metadata

Assignees

Labels

bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions