[BUG] Incorrect Path Construction When basePath is Root ("/") in Swagger/OpenAPI Specification

[DmytroPetrushenko]

Prerequisites

• Thoroughly read the README file.
• Checked the project requirements and ensured they are met.
• Searched for existing issues that may address the problem.
• Performed basic troubleshooting steps.

Description

When the basePath in the Swagger/OpenAPI specification is set to the root ("/"), Burp Suite constructs paths incorrectly, resulting in a double slash (//) at the beginning of each request path. This leads to URLs being generated as follows:
**https://example.com//api/v1/resources/{resourceId}?includeDetails=true&sortOrder=asc**

Steps to Reproduce

1. Create or edit an OpenAPI/Swagger specification file with the following properties:

• Set basePath to "/".
• Define a sample path, such as /api/v1/resources/{resourceId}, with some query parameters, e.g., includeDetails and sortOrder.

Example:

{
  "swagger": "2.0",
  "basePath": "/",
  "paths": {
    "/api/v1/resources/{resourceId}": {
      "get": {
        "summary": "Get Resource Details",
        "parameters": [
          {
            "name": "resourceId",
            "in": "path",
            "required": true,
            "type": "string"
          },
          {
            "name": "includeDetails",
            "in": "query",
            "required": false,
            "type": "boolean"
          },
          {
            "name": "sortOrder",
            "in": "query",
            "required": false,
            "type": "string",
            "enum": ["asc", "desc"]
          }
        ],
        "responses": {
          "200": {
            "description": "Successful operation"
          }
        }
      }
    }
  }
}

2. Import this specification file into Burp Suite using the OpenAPI/Swagger parser.

3. Observe the generated HTTP requests in Burp Suite.

Expected Result:
Paths should be generated as https://example.com/api/v1/resources/{resourceId}?includeDetails=true&sortOrder=asc.

Actual Result:
Paths are generated with a double slash, resulting in https://example.com//api/v1/resources/{resourceId}?includeDetails=true&sortOrder=asc.

Expected Behavior

When basePath is "/", paths should be constructed without the extra leading slash, as shown below:
**https://example.com/api/v1/resources/{resourceId}?includeDetails=true&sortOrder=asc**

Screenshots

No response

Environment

• OS: macOS Version 15.0.1 (24A348)
• Burp Suite version: Professional 2024.9.3
• OpenAPI Specification version: 2.0

Error Message

No response

Additional Context

No response

[vrtx-mortem]

Made a pull request for this issue. Just in case this wouldn't be approved here's the fix for a specs file instead:

jq '.paths |= with_entries( .key |= gsub("^/+"; "") )' swagger-api.json > swagger-api-fixed.json