Undefined Scope 'securityScheme' On Global 'security' Field
- Query id: 23a9e2d9-8738-4556-a71c-2802b6ffa022
- Query name: Undefined Scope 'securityScheme' On Global 'security' Field
- Platform: OpenAPI
- Severity: Low
- Category: Access Control
- URL: Github
Description¶
Using an scope on global security field that is undefined on 'securityScheme' can be defined by an attacker
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": null
}
}
}
}
}
},
"security": {
"oAuth2AuthCodeNeg2": [
"read:api",
"error:api"
]
},
"components": {
"securitySchemes": {
"oAuth2AuthCodeNeg2": {
"type": "oauth2",
"description": "For more information, see https://api.my.company.com/docs/oauth",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://api.my.company.com/oauth/authorize",
"tokenUrl": "https://api.my.company.com/oauth/token",
"scopes": {
"read:api": "read your apis",
"admin:api": "admin scope"
}
},
"password": {
"tokenUrl": "https://api.my.company.com/oauth/token",
"scopes": {
"write:api": "write your apis"
}
}
}
}
}
}
}
Postitive test num. 2 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": null
}
}
}
}
}
},
"security": [
{
"oAuth2AuthCodeNeg2": [
"error:api",
"write:api"
]
}
],
"components": {
"securitySchemes": {
"oAuth2AuthCodeNeg2": {
"type": "oauth2",
"description": "For more information, see https://api.my.company.com/docs/oauth",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://api.my.company.com/oauth/authorize",
"tokenUrl": "https://api.my.company.com/oauth/token",
"scopes": {
"read:api": "read your apis",
"admin:api": "admin scope"
}
},
"password": {
"tokenUrl": "https://api.my.company.com/oauth/token",
"scopes": {
"write:api": "write your apis"
}
}
}
}
}
}
}
Postitive test num. 3 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
'200':
description: 200 response
content:
application/json:
security:
oAuth2AuthCodeNeg2:
- read:api
- error:api
components:
securitySchemes:
oAuth2AuthCodeNeg2:
type: oauth2
description: For more information, see https://api.my.company.com/docs/oauth
flows:
authorizationCode:
authorizationUrl: https://api.my.company.com/oauth/authorize
tokenUrl: https://api.my.company.com/oauth/token
scopes:
read:api: read your apis
admin:api: admin scope
password:
tokenUrl: https://api.my.company.com/oauth/token
scopes:
write:api: write your apis
Postitive test num. 4 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
'200':
description: 200 response
content:
application/json:
security:
- oAuth2AuthCodeNeg2:
- error:api
- write:api
components:
securitySchemes:
oAuth2AuthCodeNeg2:
type: oauth2
description: For more information, see https://api.my.company.com/docs/oauth
flows:
authorizationCode:
authorizationUrl: https://api.my.company.com/oauth/authorize
tokenUrl: https://api.my.company.com/oauth/token
scopes:
read:api: read your apis
admin:api: admin scope
password:
tokenUrl: https://api.my.company.com/oauth/token
scopes:
write:api: write your apis
Code samples without security vulnerabilities¶
Negative test num. 1 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": null
}
}
}
}
}
},
"security": [
{
"oAuth2AuthCodeNeg2": [
"read:api",
"write:api"
]
}
],
"components": {
"securitySchemes": {
"oAuth2AuthCodeNeg2": {
"type": "oauth2",
"description": "For more information, see https://api.my.company.com/docs/oauth",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://api.my.company.com/oauth/authorize",
"tokenUrl": "https://api.my.company.com/oauth/token",
"scopes": {
"read:api": "read your apis",
"admin:api": "admin scope"
}
},
"password": {
"tokenUrl": "https://api.my.company.com/oauth/token",
"scopes": {
"write:api": "write your apis"
}
}
}
}
}
}
}
Negative test num. 2 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": null
}
}
}
}
}
},
"security": {
"oAuth2AuthCodeNeg2": [
"read:api",
"write:api"
]
},
"components": {
"securitySchemes": {
"oAuth2AuthCodeNeg2": {
"type": "oauth2",
"description": "For more information, see https://api.my.company.com/docs/oauth",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://api.my.company.com/oauth/authorize",
"tokenUrl": "https://api.my.company.com/oauth/token",
"scopes": {
"read:api": "read your apis",
"admin:api": "admin scope"
}
},
"password": {
"tokenUrl": "https://api.my.company.com/oauth/token",
"scopes": {
"write:api": "write your apis"
}
}
}
}
}
}
}
Negative test num. 3 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
'200':
description: 200 response
content:
application/json:
security:
- oAuth2AuthCodeNeg2:
- read:api
- write:api
components:
securitySchemes:
oAuth2AuthCodeNeg2:
type: oauth2
description: For more information, see https://api.my.company.com/docs/oauth
flows:
authorizationCode:
authorizationUrl: https://api.my.company.com/oauth/authorize
tokenUrl: https://api.my.company.com/oauth/token
scopes:
read:api: read your apis
admin:api: admin scope
password:
tokenUrl: https://api.my.company.com/oauth/token
scopes:
write:api: write your apis
Negative test num. 4 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
'200':
description: 200 response
content:
application/json:
security:
oAuth2AuthCodeNeg2:
- read:api
- write:api
components:
securitySchemes:
oAuth2AuthCodeNeg2:
type: oauth2
description: For more information, see https://api.my.company.com/docs/oauth
flows:
authorizationCode:
authorizationUrl: https://api.my.company.com/oauth/authorize
tokenUrl: https://api.my.company.com/oauth/token
scopes:
read:api: read your apis
admin:api: admin scope
password:
tokenUrl: https://api.my.company.com/oauth/token
scopes:
write:api: write your apis