Success Response Code Undefined for Trace Operation

Query id: 105e20dd-8449-4d71-95c6-d5dac96639af
Query name: Success Response Code Undefined for Trace Operation
Platform: OpenAPI
Severity: Medium
Category: Networking and Firewall
URL: Github

Description¶

Trace should define the '200' successful code
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Postitive test num. 1 - json file

Postitive test num. 2 - yaml file

 in   pa

{ "openapi": "3.0.0", "info": { "title": "Simple API", "version": "1.0.0" }, "paths": { "/item": { "trace": { "operationId": "traceItem", "summary": "Trace item", class="w">        "responses": { "default": { "description": "Error", "schema": { "$ref": "#/components/schemas/Error" } } } } } }, "components": { "schemas": { "Error": { "type": "object", "properties": { "code": { "type": "string" }, "message": { "type": "string" } }, "required": [ "code", "message" ] } } } } openapi: 3.0.0 fo: title: Simple API version: 1.0.0 ths: "/item": trace: operationId: traceItem summary: Trace item class="w">      responses: default: description: Error schema: "$ref": "#/components/schemas/Error" >components: schemas: Error: type: object properties: code: type: string message: type: string required: - code - message
Code samples without security vulnerabilities¶
Negative test num. 1 - json file{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API",
    "version": "1.0.0"
  },
  "paths": {
    "/item": {
      "trace": {
        "operationId": "traceItem",
        "summary": "Trace item",
        "responses": {
          "200": {
            "description": "success"
          },
          "default": {
            "description": "Success"
          }
        }
      },
      "patch": {
        "operationId": "updateItem",
        "summary": "Update item",
        "responses": {
          "default": {
            "description": "Error",
            "schema": {
              "$ref": "#/components/schemas/Error"
            }
          }
        }
      }
    }
  },
  "components": {
    "schemas": {
      "Error": {
        "type": "object",
        "properties": {
          "code": {
            "type": "string"
          },
          "message": {
            "type": "string"
          }
        },
        "required": [
          "code",
          "message"
        ]
      }
    }
  }
}

Negative test num. 2 - yaml fileopenapi: 3.0.0
info:
  title: Simple API
  version: 1.0.0
paths:
  "/item":
    trace:
      operationId: traceItem
      summary: Trace item
      responses:
        "200":
          description: success
        default:
          description: Success
    patch:
      operationId: updateItem
      summary: Update item
      responses:
        default:
          description: Error
          schema:
            "$ref": "#/components/schemas/Error"
components:
  schemas:
    Error:
      type: object
      properties:
        code:
          type: string
        message:
          type: string
      required:
        - code
        - message