Fix the out of scope issue with swagger option

tests/cli/test_options.py

@@ -455,3 +455,18 @@ async def test_basic_usage(_, __):
 
     with mock.patch.object(sys, "argv", testsagrs):
         await wapiti_main()
+
+@pytest.mark.asyncio
+@mock.patch("wapitiCore.controller.wapiti.Wapiti.add_start_url")
+async def test_out_of_scope_swagger(mock_add_start_url):
+    """Test with out of scope swagger"""
+    testsagrs = [
+        "wapiti",
+        "--url", "http://testphp.vulnweb.com/",
+        "--swagger", "./tests/data/openapi3.yaml",
+        "-m", ""
+    ]
+
+    with mock.patch.object(sys, "argv", testsagrs):
+        await wapiti_main()
+        mock_add_start_url.assert_not_called()

wapitiCore/main/wapiti.py

@@ -194,8 +194,14 @@ async def wapiti_main():
 
     if args.swagger_uri:
         swagger = Swagger(swagger_url=args.swagger_uri, base_url=url)
+        nb_out = 0
         for request in swagger.get_requests():
-            wap.add_start_url(request)
+            if wap.target_scope.check(request):
+                wap.add_start_url(request)
+            else: 
+                nb_out += 1
+        if nb_out > 0:
+            logging.warning(f"[!] {nb_out} out of scope requests from the Swagger file are not added.")
 
     try:
         for start_url in args.starting_urls:

wapitiCore/parsers/swagger.py

@@ -197,10 +197,8 @@ def is_valid_url(url) -> bool:
 
 
     def _get_routes(self, swagger_dict: dict, swagger_url: str, base_url: str) -> dict:
-        if Swagger.is_valid_url(swagger_url):
-            url = swagger_url
-        else:
-            url = base_url
+        # We use the url from the -u unless the swagger file has one
+        url = base_url
         request = {}
         base_path = self._get_base_url(swagger_dict, url)
         for path in swagger_dict['paths']: