Skip to content

Fix 500 on request /api/openapi.yaml #193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix 500 on request /api/openapi.yaml #193

wants to merge 1 commit into from

Conversation

@mgaffigan
Copy link
Contributor

@mgaffigan mgaffigan commented Oct 19, 2025

Closes #189 by adding missing dependency of a dependency.

Example after:

GET https://localhost:8443/api/openapi.yaml HTTP/1.1
X-Requested-With: example
User-Agent: Fiddler
Host: 10.200.38.176:8443

HTTP/1.1 200 OK
Date: Sun, 19 Oct 2025 21:21:19 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Headers: Content-Type
Content-Security-Policy: frame-ancestors 'none'
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/yaml
Content-Length: 366861

openapi: 3.0.1
info:
  title: Open Integration Engine Client API
  description: Swagger documentation for the Open Integration Engine Client API.
  version: 4.5.2
servers:
- url: /api
paths:
  /connectors/doc/_testWrite:
    post:
      tags:
      - Connector Services
      summary: Tests whether a file can be written to the specified directory.
      operationId: testWrite
      parameters:
      - name: channelId
        in: query
...

@mgaffigan
Fix 500 on request /api/openapi.yaml
43c62cb 
Signed-off-by: Mitch Gaffigan <mitch.gaffigan@comcast.net>
tonygermano
tonygermano requested changes Oct 23, 2025
View reviewed changes
Copy link
Member

@tonygermano tonygermano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sha1sum of the file matches that found at https://repo1.maven.org/maven2/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar.sha1

Is it possible to flesh out the commit message a bit and note that it is satisfying a dependency of jackson-dataformat-yaml-2.14.3.jar? I also find it helpful to add a trailer to the message referring to the issue along with the sign-off trailer, e.g., 5ff9715

I see that the pom file for jackson-dataformat-yaml-2.14.3.jar specifically requests version 1.33 of snakeyaml, but it has a "High" level CVE. Checking the changelog it appears there are minimal backward incompatible changes between 1.33 and the most recent version. Should we check to see if the most recent version of this library will work as a drop-in replacement to avoid introducing a library with a known vulnerability?

@kpalang
Copy link
Contributor

kpalang commented Nov 3, 2025

I like @tonygermano's idea of trying to avoid introducing a dependency with a known vulnerability.

@mgaffigan
Copy link
Contributor Author

mgaffigan commented Nov 4, 2025

Latest version fails with:

<java.lang.NoSuchMethodError>
  <detailMessage>&apos;void com.fasterxml.jackson.core.base.GeneratorBase.&lt;init&gt;(int, com.fasterxml.jackson.core.ObjectCodec, com.fasterxml.jackson.core.io.IOContext)&apos;</detailMessage>
  <stackTrace>
    <trace>com.fasterxml.jackson.dataformat.yaml.YAMLGenerator.&lt;init&gt;(YAMLGenerator.java:299)</trace>
    <trace>com.fasterxml.jackson.dataformat.yaml.YAMLFactory._createGenerator(YAMLFactory.java:533)</trace>
    <trace>com.fasterxml.jackson.dataformat.yaml.YAMLFactory.createGenerator(YAMLFactory.java:482)</trace>
    <trace>com.fasterxml.jackson.dataformat.yaml.YAMLFactory.createGenerator(YAMLFactory.java:15)</trace>
    <trace>com.fasterxml.jackson.databind.ObjectMapper.createGenerator(ObjectMapper.java:1215)</trace>
    <trace>com.fasterxml.jackson.databind.ObjectMapper.writeValueAsString(ObjectMapper.java:3869)</trace>
    <trace>io.swagger.v3.jaxrs2.integration.resources.BaseOpenApiResource.getOpenApi(BaseOpenApiResource.java:74)</trace>
    <trace>io.swagger.v3.jaxrs2.integration.resources.OpenApiResource.getOpenApi(OpenApiResource.java:32)</trace>
    <trace>java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)</trace>
    <trace>java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)</trace>
    <trace>java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</trace>
    <trace>java.base/java.lang.reflect.Method.invoke(Method.java:569)</trace>
    <trace>com.mirth.connect.server.api.providers.MirthResourceInvocationHandlerProvider$1.invoke(MirthResourceInvocationHandlerProvider.java:219)</trace>
    <trace>org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)</trace>
    <trace>org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)</trace>
    <trace>org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:160)</trace>
    <trace>org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)</trace>
    <trace>org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)</trace>
    <trace>org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)</trace>
    <trace>org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)</trace>
    <trace>org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326)</trace>
    <trace>org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)</trace>
    <trace>org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)</trace>
    <trace>org.glassfish.jersey.internal.Errors.process(Errors.java:315)</trace>
    <trace>org.glassfish.jersey.internal.Errors.process(Errors.java:297)</trace>
    <trace>org.glassfish.jersey.internal.Errors.process(Errors.java:267)</trace>
    <trace>org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)</trace>
    <trace>org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305)</trace>
    <trace>org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)</trace>
    <trace>org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:471)</trace>
    <trace>org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:425)</trace>
    <trace>org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:383)</trace>
    <trace>org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:336)</trace>
    <trace>org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:223)</trace>
    <trace>org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)</trace>
    <trace>org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1656)</trace>
    <trace>com.mirth.connect.server.api.providers.StrictTransportSecurityFilter.doFilter(StrictTransportSecurityFilter.java:33)</trace>
    <trace>org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)</trace>
    <trace>org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)</trace>
    <trace>com.mirth.connect.server.MethodFilter.doFilter(MethodFilter.java:37)</trace>
    <trace>org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)</trace>
    <trace>org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)</trace>
    <trace>com.mirth.connect.server.api.providers.RequestedWithFilter.doFilter(RequestedWithFilter.java:53)</trace>
    <trace>org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)</trace>
    <trace>org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)</trace>
    <trace>com.mirth.connect.server.api.providers.ClickjackingFilter.doFilter(ClickjackingFilter.java:45)</trace>
    <trace>org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)</trace>
    <trace>org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)</trace>
    <trace>com.mirth.connect.server.api.providers.ApiOriginFilter.doFilter(ApiOriginFilter.java:71)</trace>
    <trace>org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)</trace>
    <trace>org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)</trace>
    <trace>org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:552)</trace>
    <trace>org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)</trace>
    <trace>org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)</trace>
    <trace>org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)</trace>
    <trace>org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)</trace>
    <trace>org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)</trace>
    <trace>org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)</trace>
    <trace>org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)</trace>
    <trace>org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)</trace>
    <trace>org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)</trace>
    <trace>org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)</trace>
    <trace>org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:59)</trace>
    <trace>org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)</trace>
    <trace>org.eclipse.jetty.server.Server.handle(Server.java:516)</trace>
    <trace>org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)</trace>
    <trace>org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)</trace>
    <trace>org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)</trace>
    <trace>org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)</trace>
    <trace>org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)</trace>
    <trace>org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)</trace>
    <trace>org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)</trace>
    <trace>org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)</trace>
    <trace>org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)</trace>
    <trace>org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)</trace>
    <trace>org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)</trace>
    <trace>org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)</trace>
    <trace>org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)</trace>
    <trace>org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)</trace>
    <trace>org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)</trace>
    <trace>org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)</trace>
    <trace>org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)</trace>
    <trace>org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)</trace>
    <trace>java.base/java.lang.Thread.run(Thread.java:840)</trace>
  </stackTrace>
  <suppressedExceptions class="empty-list"/>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonygermano tonygermano tonygermano requested changes

@jonbartels jonbartels jonbartels approved these changes

+1 more reviewer

@kryskool kryskool kryskool approved these changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] OpenAPI YAML endpoint is broken

5 participants

@mgaffigan @kpalang @kryskool @jonbartels @tonygermano