OpenAPI

OpenAPI Queries List¶

This page contains all queries from OpenAPI.

2.0¶

Below are listed queries related to OpenAPI 2.0:

Query	Severity	Category	More info
Security Definitions Undefined or Empty ^{_{e3f026e8-fdb4-4d5a-bcfd-bd94452073fe}}	High	Access Control	Query details Documentation
Non OAuth2 Security Requirement Defining OAuth2 Scopes ^{_{ba239cb9-f342-4c20-812d-7b5a2aa6969e}}	High	Structure and Semantics	Query details Documentation
Security Requirement Not Defined In Security Definition ^{_{a599b0d1-ff89-4cb8-9ece-9951854c06f6}}	High	Structure and Semantics	Query details Documentation
Implicit Flow in OAuth2 (v2) ^{_{e9817ad8-a8c9-4038-8a2f-db0e6e7b284b}}	Medium	Access Control	Query details Documentation
Global Security Using Password Flow ^{_{2da46be4-4317-4650-9285-56d7103c4f93}}	Medium	Access Control	Query details Documentation
Security Definitions Allows Password Flow ^{_{773116aa-2e6d-416f-bd85-f0301cc05d76}}	Medium	Access Control	Query details Documentation
Invalid OAuth2 Authorization URL (v2) ^{_{33d96c65-977d-4c33-943f-440baca49185}}	Medium	Access Control	Query details Documentation
Invalid OAuth2 Token URL (v2) ^{_{274f910a-0665-4f08-b66d-7058fe927dba}}	Medium	Access Control	Query details Documentation
Operation Using Password Flow ^{_{2e44e632-d617-43cb-b294-6bfe72a08938}}	Medium	Access Control	Query details Documentation
Path Scheme Accepts HTTP (v2) ^{_{a6847dc6-f4ea-45ac-a81f-93291ae6c573}}	Medium	Encryption	Query details Documentation
Global Schemes Uses HTTP ^{_{f30ee711-0082-4480-85ab-31d922d9a2b2}}	Medium	Encryption	Query details Documentation
Schemes Uses HTTP ^{_{a46928f1-43d7-4671-94e0-2dd99746f389}}	Medium	Encryption	Query details Documentation
Operation Object Without 'consumes' ^{_{0c79e50e-b3cf-490c-b8f6-587c644d4d0c}}	Medium	Insecure Configurations	Query details Documentation
Operation Object Without 'produces' ^{_{be3e170e-1572-461e-a8b6-d963def581ec}}	Medium	Insecure Configurations	Query details Documentation
Undefined Scope 'securityDefinition' On Global 'security' Field ^{_{9aa6e95c-d964-4239-a3a8-9f37a3c5a31f}}	Low	Access Control	Query details Documentation
Undefined Scope 'securityDefinition' On 'security' Field On Operations ^{_{3847280c-9193-40bc-8009-76168e822ce2}}	Low	Access Control	Query details Documentation
Security Definitions Using Basic Auth ^{_{221015a8-aa2a-43f5-b00b-ad7d2b1d47a8}}	Low	Access Control	Query details Documentation
Operation Using Basic Auth ^{_{ceefb058-8065-418f-9c4c-584a78c7e104}}	Low	Access Control	Query details Documentation
Operation Using Implicit Flow ^{_{f42dfe7e-787d-4478-a75e-a5f3d8a2269e}}	Low	Access Control	Query details Documentation
Operation Summary Too Long ^{_{d47940ca-5970-45cc-bdd1-4d81398cee1f}}	Low	Best Practices	Query details Documentation
Unknown Prefix (v2) ^{_{3b615f00-c443-4ba9-acc4-7c308716917d}}	Info	Best Practices	Query details Documentation
Schema with 'additionalProperties' set as Boolean ^{_{3a01790c-ebee-4da6-8fd3-e78657383b75}}	Info	Best Practices	Query details Documentation
Invalid Media Type Value (v2) ^{_{f985a7d2-d404-4a7f-9814-f645f791e46e}}	Info	Best Practices	Query details Documentation
Global Responses Definition Not Being Used ^{_{0b76d993-ee52-43e0-8b39-3787d2ddabf1}}	Info	Best Practices	Query details Documentation
Constraining Enum Property ^{_{be1d8733-3731-40c7-a845-734741c6871d}}	Info	Best Practices	Query details Documentation
Global Schema Definition Not Being Used ^{_{6d2e0790-cc3d-4c74-b973-d4e8b09f4455}}	Info	Best Practices	Query details Documentation
Global Parameter Definition Not Being Used ^{_{b30981fa-a12e-49c7-a5bb-eeafb61d0f0f}}	Info	Best Practices	Query details Documentation
Object Without Required Property (v2) ^{_{5e5ecb9d-04b5-4e4f-b5a5-6ee04279b275}}	Info	Structure and Semantics	Query details Documentation
BasePath With Wrong Format ^{_{b4803607-ed72-4d60-99e2-3fa6edf471c6}}	Info	Structure and Semantics	Query details Documentation
Operation Object Parameters With 'body' And 'formatData' locations ^{_{eb3f9744-d24e-4614-b1ff-2a9514eca21c}}	Info	Structure and Semantics	Query details Documentation
Unknown Property (v2) ^{_{429b2106-ba37-43ba-9727-7f699cc611e1}}	Info	Structure and Semantics	Query details Documentation
File Parameter With Wrong Consumes Property ^{_{7f91992f-b4c8-43bf-9bf9-fae9ecdb6e3a}}	Info	Structure and Semantics	Query details Documentation
Responses JSON Reference Does Not Exists (v2) ^{_{e9db5fb4-6a84-4abb-b4af-3b94fbdace6d}}	Info	Structure and Semantics	Query details Documentation
Multi 'collectionformat' Not Valid For 'in' Parameter ^{_{750f6448-27c0-49f8-a153-b81735c1e19c}}	Info	Structure and Semantics	Query details Documentation
Parameter File Type Not In 'formData' ^{_{c3cab8c4-6c52-47a9-942b-c27f26fbd7d2}}	Info	Structure and Semantics	Query details Documentation
Operation Example Mismatch Produces MimeType ^{_{2cf35b40-ded3-43d6-9633-c8dcc8bcc822}}	Info	Structure and Semantics	Query details Documentation
Parameter Object With Incorrect Ref (v2) ^{_{2596545e-1757-4ff7-a15a-8a9a180a42f3}}	Info	Structure and Semantics	Query details Documentation
Non Body Parameter Without Schema ^{_{73c3bc54-3cc6-4c0a-b30a-e19f2abfc951}}	Info	Structure and Semantics	Query details Documentation
Body Parameter With Wrong Property ^{_{c38d630d-a415-4e3e-bac2-65475979ba88}}	Info	Structure and Semantics	Query details Documentation
Body Parameter Without Schema ^{_{ed48229d-d43e-4da7-b453-5f98d964a57a}}	Info	Structure and Semantics	Query details Documentation
Multiple Body Parameters In The Same Operation ^{_{b90033cf-ad9f-4fb9-acd1-1b9d6d278c87}}	Info	Structure and Semantics	Query details Documentation
Property Not Unique ^{_{750b40be-4bac-4f59-bdc4-1ca0e6c3450e}}	Info	Structure and Semantics	Query details Documentation
Response Object With Incorrect Ref (v2) ^{_{bccfa089-89e4-47e0-a0e5-185fe6902220}}	Info	Structure and Semantics	Query details Documentation
Parameter JSON Reference Does Not Exists (v2) ^{_{fb889ae9-2d16-40b5-b41f-9da716c5abc1}}	Info	Structure and Semantics	Query details Documentation
Host With Invalid Pattern ^{_{3d7d7b6c-fb0a-475e-8a28-c125e30d15f0}}	Info	Structure and Semantics	Query details Documentation
Schema Object Incorrect Ref (v2) ^{_{0220e1c5-65d1-49dd-b7c2-cef6d6cb5283}}	Info	Structure and Semantics	Query details Documentation
Schema JSON Reference Does Not Exists (v2) ^{_{98295b32-ec09-4b5b-89a9-39853197f914}}	Info	Structure and Semantics	Query details Documentation

SHARED (V2/V3)¶

Below are listed queries related to OpenAPI SHARED (V2/V3):

Query	Severity	Category	More info
Global Security Field Is Undefined (v2) ^{_{74703c89-0ea2-49ab-a7db-bf04f19f5a57}}	High	Access Control	Global security field should be defined to prevent API to have insecure paths and have this rules defined on securityDefinitions Documentation
Global Security Field Is Undefined (v3) ^{_{8af270ce-298b-4405-9922-82a10aee7a4f}}	High	Access Control	Query details Documentation
Global security field has an empty object (v2) ^{_{292919fb-7b26-4454-bee9-ce29094768dd}}	High	Access Control	Documentation
Global security field has an empty object (v3) ^{_{543e38f4-1eee-479e-8eb0-15257013aa0a}}	High	Access Control	Query details Documentation
Security Field On Operations Has An Empty Array (v2) ^{_{5d29effc-5d68-481f-9721-d74e5919226b}}	High	Access Control	Documentation
Security Field On Operations Has An Empty Array (v3) ^{_{663c442d-f918-4f62-b096-0bf5dcbeb655}}	High	Access Control	Query details Documentation
Security Field On Operations Has An Empty Object Definition (v2) ^{_{74581e3b-1d55-4323-a139-5959a7b3abc5}}	High	Access Control	Documentation
Security Field On Operations Has An Empty Object Definition (v3) ^{_{baade968-7467-41e4-bf22-83ca222f5800}}	High	Access Control	Query details Documentation
No Global And Operation Security Defined (v2) ^{_{586abcee-9653-462d-ad7b-2638a32bd6e6}}	High	Access Control	Documentation
No Global And Operation Security Defined (v3) ^{_{96729c6b-7400-4d9e-9807-17f00cdde4d2}}	High	Access Control	Query details Documentation
Cleartext API Key In Operation Security (v2) ^{_{99733b39-6413-4ed8-8acf-dc7cdc9b4e51}}	High	Access Control	Documentation
Cleartext API Key In Operation Security (v3) ^{_{d90d4e40-44c1-4125-87a0-e072c3e195b5}}	High	Access Control	Query details Documentation
Global Security Field Has An Empty Array (v2) ^{_{da31d54b-ad54-41dc-95eb-8b3828629213}}	High	Access Control	Documentation
Global Security Field Has An Empty Array (v3) ^{_{d674aea4-ba8b-454b-bb97-88a772ea33f0}}	High	Access Control	Query details Documentation
Array Without Maximum Number of Items (v2) ^{_{99eb2c95-2040-4104-9e7c-e16f7474d218}}	High	Insecure Configurations	Array schema/parameter should have the field 'maxItems' set Documentation
Array Without Maximum Number of Items (v3) ^{_{6998389e-66b2-473d-8d05-c8d71ac4d04d}}	High	Insecure Configurations	Query details Documentation
Array Items Has No Type (v2) ^{_{8697a1a4-82c6-4603-8ac8-57529756744e}}	High	Insecure Configurations	Schema/Parameter array items type should be defined Documentation
Array Items Has No Type (v3) ^{_{be0e0df7-f3d9-42a1-9b6f-d425f94872c4}}	High	Insecure Configurations	Query details Documentation
Cleartext API Key In Global Security (v2) ^{_{70d3873e-d537-46e5-ac3b-4e48fbdd29b4}}	Medium	Access Control	Documentation
Cleartext API Key In Global Security (v3) ^{_{9c238c97-1991-4c0b-9c7d-6c7912e1dc7c}}	Medium	Access Control	Query details Documentation
API Key Exposed In Global Security (v2) ^{_{533a0d13-6e89-4551-ae33-bce14e5849c1}}	Medium	Access Control	Documentation
API Key Exposed In Global Security (v3) ^{_{aecee30b-8ea1-4776-a99c-d6d600f0862f}}	Medium	Access Control	Query details Documentation
JSON Object Schema Without Type (v2) ^{_{62d52544-82ef-4b75-8308-cad49d50212b}}	Medium	Insecure Configurations	Documentation
JSON Object Schema Without Type (v3) ^{_{e2ffa504-d22a-4c94-b6c5-f661849d2db7}}	Medium	Insecure Configurations	Query details Documentation
Numeric Schema Without Format (v2) ^{_{3ed8fc82-c2bb-49e0-811f-c53923674c49}}	Medium	Insecure Configurations	Documentation
Numeric Schema Without Format (v3) ^{_{fbf699b5-ef74-4542-9cf1-f6eeac379373}}	Medium	Insecure Configurations	Query details Documentation
Pattern Undefined (v2) ^{_{afde15cf-9444-4126-8c62-41cd79db1d1d}}	Medium	Insecure Configurations	String schema/parameter/header should have 'pattern' defined. Documentation
Pattern Undefined (v3) ^{_{00b78adf-b83f-419c-8ed8-c6018441dd3a}}	Medium	Insecure Configurations	Query details Documentation
Schema Object is Empty (v2) ^{_{967575e5-eb44-4c24-aadb-7e33608ed30a}}	Medium	Insecure Configurations	Documentation
Schema Object is Empty (v3) ^{_{500ce696-d501-41dd-86eb-eceb011a386f}}	Medium	Insecure Configurations	Query details Documentation
String Schema with Broad Pattern (v2) ^{_{e4a019f0-9af3-49c8-bf68-1939a6ff240d}}	Medium	Insecure Configurations	Documentation
String Schema with Broad Pattern (v3) ^{_{8c81d6c0-716b-49ec-afa5-2d62da4e3f3c}}	Medium	Insecure Configurations	Query details Documentation
JSON Object Schema Without Properties (v2) ^{_{3d28f751-bc18-4f83-ace0-216b6086410b}}	Medium	Insecure Configurations	Documentation
JSON Object Schema Without Properties (v3) ^{_{9d967a2b-9d64-41a6-abea-dfc4960299bd}}	Medium	Insecure Configurations	Query details Documentation
Maximum Length Undefined (v2) ^{_{2ec86e48-ab90-4cb6-a131-0502afd1f442}}	Medium	Insecure Configurations	String schema/parameter/header should have 'maxLength' defined. Documentation
Maximum Length Undefined (v3) ^{_{8c8261c2-19a9-4ef7-ad37-b8bc7bdd4d85}}	Medium	Insecure Configurations	Query details Documentation
Numeric Schema Without Minimum (v2) ^{_{efd1dfc8-da91-4909-a3f3-c23abc5ec799}}	Medium	Insecure Configurations	Documentation
Numeric Schema Without Minimum (v3) ^{_{181bd815-767e-4e95-a24d-bb3c87328e19}}	Medium	Insecure Configurations	Query details Documentation
Numeric Schema Without Maximum (v2) ^{_{203eee11-15b6-4d47-b888-4c7f534967ee}}	Medium	Insecure Configurations	Documentation
Numeric Schema Without Maximum (v3) ^{_{2ea04bef-c769-409e-9179-ee3a50b5c0ac}}	Medium	Insecure Configurations	Query details Documentation
Success Response Code Undefined for Patch Operation (v2) ^{_{f36e87cc-a209-4f37-8571-66833e4aead7}}	Medium	Networking and Firewall	Documentation
Success Response Code Undefined for Patch Operation (v3) ^{_{1908a8ee-927d-4166-8f18-241152170cc1}}	Medium	Networking and Firewall	Query details Documentation
Success Response Code Undefined for Post Operation (v2) ^{_{9fedee41-2e6d-4091-b011-4a16b4c18c70}}	Medium	Networking and Firewall	Documentation
Success Response Code Undefined for Post Operation (v3) ^{_{f368dd2d-9344-4146-a05b-7c6faa1269ad}}	Medium	Networking and Firewall	Query details Documentation
Success Response Code Undefined for Delete Operation (v2) ^{_{ad432855-b7fb-4429-92a3-93b5ce34f0b1}}	Medium	Networking and Firewall	Documentation
Success Response Code Undefined for Delete Operation (v3) ^{_{3b497874-ae59-46dd-8d72-1868a3b8f150}}	Medium	Networking and Firewall	Query details Documentation
Success Response Code Undefined for Head Operation (v2) ^{_{4f0b30e3-a498-4dd7-b3f2-f4b6471a8d5a}}	Medium	Networking and Firewall	Documentation
Success Response Code Undefined for Head Operation (v3) ^{_{3b066059-f411-4554-ac8d-96f32bff90da}}	Medium	Networking and Firewall	Query details Documentation
Success Response Code Undefined for Get Operation (v2) ^{_{9b633f3b-c94b-4fbb-a65b-1a4e9134fb63}}	Medium	Networking and Firewall	Documentation
Success Response Code Undefined for Get Operation (v3) ^{_{b2f275be-7d64-4064-b418-be6b431363a7}}	Medium	Networking and Firewall	Query details Documentation
Response Code Missing (v2) ^{_{6e96ed39-bf45-4089-99ba-f1fe7cf6966f}}	Medium	Networking and Firewall	Documentation
Response Code Missing (v3) ^{_{6c35d2c6-09f2-4e5c-a094-e0e91327071d}}	Medium	Networking and Firewall	Query details Documentation
Response on operations that should not have a body has declared content (v2) ^{_{268defd2-2839-4e15-8cbc-de86eb38c231}}	Medium	Networking and Firewall	If a response is head or its code is 204 or 304, it shouldn't have a schema defined Documentation
Response on operations that should not have a body has declared content (v3) ^{_{12a7210b-f4b4-47d0-acac-0a819e2a0ca3}}	Medium	Networking and Firewall	Query details Documentation
Response on operations that should have a body has undefined schema (v2) ^{_{31afbcb7-70e0-48bb-a31a-3374f95cf859}}	Medium	Networking and Firewall	Documentation
Response on operations that should have a body has undefined schema (v3) ^{_{a92be1d5-d762-484a-86d6-8cd0907ba100}}	Medium	Networking and Firewall	Query details Documentation
Success Response Code Undefined for Put Operation (v2) ^{_{965a043f-5f3c-4d0a-be72-d9ce12fdb4d6}}	Medium	Networking and Firewall	Documentation
Success Response Code Undefined for Put Operation (v3) ^{_{60b5f56b-66ff-4e1c-9b62-5753e16825bc}}	Medium	Networking and Firewall	Query details Documentation
Default Response Undefined On Operations (v2) ^{_{5f34c7ae-4f3f-4cbb-8fe3-a11d6961062f}}	Medium	Networking and Firewall	Documentation
Default Response Undefined On Operations (v3) ^{_{86e3702f-c868-44b2-b61d-ea5316c18110}}	Medium	Networking and Firewall	Query details Documentation
API Key Exposed In Operation Security (v2) ^{_{392599e4-a4e2-403d-bc56-3fe05755782d}}	Low	Access Control	Documentation
API Key Exposed In Operation Security (v3) ^{_{281b8071-6226-4a43-911d-fec246d422c2}}	Low	Access Control	Query details Documentation
Invalid Format (v2) ^{_{caf1793e-95dd-4b18-8d90-8f3c0ab5bddf}}	Low	Insecure Configurations	Documentation
Invalid Format (v3) ^{_{d929c031-078f-4241-b802-e224656ad890}}	Low	Insecure Configurations	Query details Documentation
JSON '$ref' alongside other properties (v2) ^{_{f34c1c68-4773-4df0-a103-6e2ca32e585f}}	Info	Best Practices	Documentation
JSON '$ref' alongside other properties (v3) ^{_{96beb800-566f-49a9-a0ea-dbdf4bc80429}}	Info	Best Practices	Query details Documentation
Path Without Operation (v2) ^{_{609cd557-66b4-41fa-8edd-2abc6c7cfd08}}	Info	Best Practices	Documentation
Path Without Operation (v3) ^{_{84c826c9-1893-4b34-8cdd-db97645b4bf3}}	Info	Best Practices	Query details Documentation
Invalid Global External Documentation URL (v2) ^{_{46d3b74d-9fe9-45bf-9e9e-efb7f701ee28}}	Info	Best Practices	Documentation
Invalid Global External Documentation URL (v3) ^{_{b2d9dbf6-539c-4374-a1fd-210ddf5563a8}}	Info	Best Practices	Query details Documentation
Invalid Operation External Documentation URL (v2) ^{_{25635c31-ee32-4708-88e5-fced87516f51}}	Info	Best Practices	Documentation
Invalid Operation External Documentation URL (v3) ^{_{5ea61624-3733-4a3a-8ca4-b96fec9c5aeb}}	Info	Best Practices	Query details Documentation
Invalid Tag External Documentation URL (v2) ^{_{b4a7d925-738b-4219-99d9-87d6ee262a03}}	Info	Best Practices	Documentation
Invalid Tag External Documentation URL (v3) ^{_{5aea1d7e-b834-4749-b143-2c7ec3bd5922}}	Info	Best Practices	Query details Documentation
Invalid Schema External Documentation URL (v2) ^{_{f7fa95b7-d819-484c-9a2b-665dd1bba25e}}	Info	Best Practices	Documentation
Invalid Schema External Documentation URL (v3) ^{_{6952a7e0-6e48-4285-bbc1-27c64e60f888}}	Info	Best Practices	Query details Documentation
Invalid Contact Email (v2) ^{_{d83bebc8-4e5e-4241-b783-cba9fb5a1c9a}}	Info	Best Practices	Documentation
Invalid Contact Email (v3) ^{_{b1a7fcb0-2afe-4d5c-a6a1-4e6311fc29e7}}	Info	Best Practices	Query details Documentation
Example Not Compliant With Schema Type (v2) ^{_{448db771-06ea-4dee-b48c-1689cbfb4b43}}	Info	Best Practices	Documentation
Example Not Compliant With Schema Type (v3) ^{_{881a6e71-c2a7-4fe2-b9c3-dfcf08895331}}	Info	Best Practices	Query details Documentation
Header Parameter Named as 'Authorization' (v2) ^{_{e2e00c97-7171-4fb4-b461-d631df9a711c}}	Info	Best Practices	Documentation
Header Parameter Named as 'Authorization' (v3) ^{_{8c84f75e-5048-4926-a4cb-33e7b3431300}}	Info	Best Practices	Query details Documentation
Required Property With Default Value (v2) ^{_{f7ab6c83-ef89-40e1-8a99-32e2599fb665}}	Info	Best Practices	Documentation
Required Property With Default Value (v3) ^{_{013bdb4b-9246-4248-b0c3-7fb0fee42a29}}	Info	Best Practices	Query details Documentation
Invalid Contact URL (v2) ^{_{c7000383-16d0-4509-8cd3-585e5ea2e2f2}}	Info	Best Practices	Documentation
Invalid Contact URL (v3) ^{_{332cf2ad-380d-4b90-b436-46f8e635cf38}}	Info	Best Practices	Query details Documentation
Invalid License URL (v2) ^{_{de2b4910-8484-46d6-a055-dc1e793ee3ff}}	Info	Best Practices	Documentation
Invalid License URL (v3) ^{_{9239c289-9e4c-4d92-8be1-9d506057c971}}	Info	Best Practices	Query details Documentation
Header Parameter Named as 'Content-Type' (v2) ^{_{51978067-3b22-4c29-aaf3-96bf0bc28897}}	Info	Best Practices	Documentation
Header Parameter Named as 'Content-Type' (v3) ^{_{72d259ca-9741-48dd-9f62-eb11f2936b37}}	Info	Best Practices	Query details Documentation
Operation Without Successful HTTP Status Code (v2) ^{_{a1ee6ebe-3877-42ec-b9a6-e524e7d06aa2}}	Info	Best Practices	Documentation
Operation Without Successful HTTP Status Code (v3) ^{_{48e9e1fe-cf79-45b5-93e6-8b55ae5dadfd}}	Info	Best Practices	Query details Documentation
Object Using Enum With Keyword (v2) ^{_{7f15962a-d862-451c-ac9b-84ec13747aa6}}	Info	Best Practices	Schema/Parameter/Header Object properties should not contain 'enum' and schema keywords Documentation
Object Using Enum With Keyword (v3) ^{_{2e9b6612-8f69-42e0-a5b8-ed17739c2f3a}}	Info	Best Practices	Query details Documentation
Header Parameter Named as 'Accept' (v2) ^{_{3ddd74cc-6582-486c-8b0c-2b48cb38e0a3}}	Info	Best Practices	Documentation
Header Parameter Named as 'Accept' (v3) ^{_{f2702af5-6016-46cb-bbc8-84c766032095}}	Info	Best Practices	Query details Documentation
Header Response Name Is Invalid (v2) ^{_{86733e01-a435-4bd5-a8b0-5108be9dc1e4}}	Info	Best Practices	Documentation
Header Response Name Is Invalid (v3) ^{_{d4e43db5-54d8-4dda-b3c2-0dc6f31a46bd}}	Info	Best Practices	Query details Documentation
Schema Has A Required Property Undefined (v2) ^{_{811762c8-2e99-4f70-88f9-a63875a953b1}}	Info	Structure and Semantics	Documentation
Schema Has A Required Property Undefined (v3) ^{_{2bd608ae-8a1f-457f-b710-c237883cb313}}	Info	Structure and Semantics	Query details Documentation
Schema Object Properties With Duplicated Keys (v2) ^{_{ded017bf-fb13-4f8d-868b-84aebcc572ad}}	Info	Structure and Semantics	Documentation
Schema Object Properties With Duplicated Keys (v3) ^{_{10c61e4b-eed5-49cf-9c7d-d4bf02e9edfa}}	Info	Structure and Semantics	Query details Documentation
Path Is Ambiguous (v2) ^{_{b2468463-3ac4-4930-890c-f35b2bf4485d}}	Info	Structure and Semantics	Documentation
Path Is Ambiguous (v3) ^{_{237402e2-c2f0-46c9-9cf5-286160cf7bfc}}	Info	Structure and Semantics	Query details Documentation
Items Undefined (v2) ^{_{3e4d34d2-36cf-4449-976d-6c256db8fc49}}	Info	Structure and Semantics	Documentation
Items Undefined (v3) ^{_{a8e859da-4a43-4e7f-94b8-25d6e3bf8e90}}	Info	Structure and Semantics	Query details Documentation
OperationId Not Unique (v2) ^{_{21245007-91c4-40e5-964e-40c85d1e5aa6}}	Info	Structure and Semantics	Documentation
OperationId Not Unique (v3) ^{_{c254adc4-ef25-46e1-8270-b7944adb4198}}	Info	Structure and Semantics	Query details Documentation
Property Defining Minimum Greater Than Maximum (v2) ^{_{b5102ea9-6527-4bb7-94fc-9b4076150e55}}	Info	Structure and Semantics	Documentation
Property Defining Minimum Greater Than Maximum (v3) ^{_{ab2af219-cd08-4233-b5a1-a788aac88b51}}	Info	Structure and Semantics	Query details Documentation
Default Invalid (v2) ^{_{78dfd8f0-a6ee-48ec-af8c-e4d9b3292a07}}	Info	Structure and Semantics	The field 'default' of Schema/Parameter/Header Object should be consistent with the schema's/parameter's/header's type Documentation
Default Invalid (v3) ^{_{a96bbc06-8cde-4295-ad3c-ee343a7f658e}}	Info	Structure and Semantics	Query details Documentation
Properties Missing Required Property (v2) ^{_{71beb6ab-8b70-4816-a9ac-a0ff1fb22a62}}	Info	Structure and Semantics	Documentation
Properties Missing Required Property (v3) ^{_{3fb03214-25d4-4bd4-867c-c2d8d708a483}}	Info	Structure and Semantics	Query details Documentation
Paths Object is Empty (v2) ^{_{3e6c7b1c-8a8d-43ab-98b9-65159f44db4a}}	Info	Structure and Semantics	Documentation
Paths Object is Empty (v3) ^{_{815021c8-a50c-46d9-b192-24f71072c400}}	Info	Structure and Semantics	Query details Documentation
Path Parameter With No Corresponding Template Path (v2) ^{_{194ef1f8-360e-4c14-8ed2-e83e2bafa142}}	Info	Structure and Semantics	Documentation
Path Parameter With No Corresponding Template Path (v3) ^{_{69d7aefd-149d-47b8-8d89-1c2181a8067b}}	Info	Structure and Semantics	Query details Documentation
Schema Discriminator Not Required (v2) ^{_{be6a3722-af60-438c-b1b9-2a03e2958ab7}}	Info	Structure and Semantics	Documentation
Schema Discriminator Not Required (v3) ^{_{b481d46c-9c61-480f-86d9-af07146dc4a4}}	Info	Structure and Semantics	Query details Documentation
Schema Object With Circular Ref (v2) ^{_{cbff2508-85c9-4448-a8b3-770070edf5ca}}	Info	Structure and Semantics	Documentation
Schema Object With Circular Ref (v3) ^{_{1a1aea94-745b-40a7-b860-0702ea6ee636}}	Info	Structure and Semantics	Query details Documentation
Responses With Wrong HTTP Status Code (v2) ^{_{069a5378-2091-43f0-aa3b-ee8f20996e99}}	Info	Structure and Semantics	Documentation
Responses With Wrong HTTP Status Code (v3) ^{_{d86655c0-92f6-4ffc-b4d5-5b5775804c27}}	Info	Structure and Semantics	Query details Documentation
Non-Array Schema With Items (v2) ^{_{9d47956b-29cd-43b1-9e6e-b39a4d484353}}	Info	Structure and Semantics	Documentation
Non-Array Schema With Items (v3) ^{_{20cb3159-b219-496b-8dac-54ae3ab2021a}}	Info	Structure and Semantics	Query details Documentation
Type Has Invalid Keyword (v2) ^{_{492c6cbb-f3f8-4807-aa4f-42b8b1c46b59}}	Info	Structure and Semantics	Schema/Parameter/Header Object define type should not use a keyword of another type Documentation
Type Has Invalid Keyword (v3) ^{_{a9228976-10cf-4b5f-b902-9e962aad037a}}	Info	Structure and Semantics	Query details Documentation
Parameter Objects Headers With Duplicated Name (v2) ^{_{bd2cbef5-62c4-40f1-af07-4b7f9ced6616}}	Info	Structure and Semantics	Documentation
Parameter Objects Headers With Duplicated Name (v3) ^{_{05505192-ba2c-4a81-9b25-dcdbcc973746}}	Info	Structure and Semantics	Query details Documentation
Parameters Name In Combination Not Unique (v2) ^{_{ab871897-ec02-4835-9818-702536ee1dda}}	Info	Structure and Semantics	Documentation
Parameters Name In Combination Not Unique (v3) ^{_{f5b2e6af-76f5-496d-8482-8f898c5fdb4a}}	Info	Structure and Semantics	Query details Documentation
Schema Enum Invalid (v2) ^{_{8fe6d18a-ad4c-4397-8884-e3a9da57f4c9}}	Info	Structure and Semantics	Documentation
Schema Enum Invalid (v3) ^{_{03856cb2-e46c-4daf-bfbf-214ec93c882b}}	Info	Structure and Semantics	Query details Documentation
Property 'allowEmptyValue' Improperly Defined (v2) ^{_{0bc1477d-0922-478b-ae16-674a7634a1a8}}	Info	Structure and Semantics	Documentation
Property 'allowEmptyValue' Improperly Defined (v3) ^{_{4bcbcd52-3028-469f-bc14-02c7dbba2df2}}	Info	Structure and Semantics	Query details Documentation
Path Parameter Not Required (v2) ^{_{ccd0613f-cb77-4684-a892-183bd2674d12}}	Info	Structure and Semantics	Documentation
Path Parameter Not Required (v3) ^{_{0de50145-e845-47f4-9a15-23bcf2125710}}	Info	Structure and Semantics	Query details Documentation
Template Path With No Corresponding Path Parameter (v2) ^{_{e7656d8d-7288-4bbe-b07b-22b389be75ce}}	Info	Structure and Semantics	Documentation
Template Path With No Corresponding Path Parameter (v3) ^{_{561710b1-b845-4562-95ce-2397a05ccef4}}	Info	Structure and Semantics	Query details Documentation
Responses Object Is Empty (v2) ^{_{6172e7ab-d2b7-45f8-a7db-1603931d8ba3}}	Info	Structure and Semantics	Documentation
Responses Object Is Empty (v3) ^{_{990eaf09-d6f1-4c3c-b174-a517b1de8917}}	Info	Structure and Semantics	Query details Documentation
Schema Discriminator Mismatch Defined Properties (v2) ^{_{addc0eab-27f6-4c26-8526-d2ccd3732662}}	Info	Structure and Semantics	Documentation
Schema Discriminator Mismatch Defined Properties (v3) ^{_{40d3df21-c170-4dbe-9c02-4289b51f994f}}	Info	Structure and Semantics	Query details Documentation
Schema Discriminator Property Not String (v2) ^{_{949376f1-f560-4c6d-a016-63424ca931bb}}	Info	Structure and Semantics	Documentation
Schema Discriminator Property Not String (v3) ^{_{dadc2f36-1f5a-46c0-8289-75e626583123}}	Info	Structure and Semantics	Query details Documentation
Path Template is Empty (v2) ^{_{c201b7ad-6173-4598-a407-5edb04a1bcd7}}	Info	Structure and Semantics	Documentation
Path Template is Empty (v3) ^{_{ae13a37d-943b-47a7-a970-83c8598bcca3}}	Info	Structure and Semantics	Query details Documentation

3.0¶

Below are listed queries related to OpenAPI 3.0:

Query	Severity	Category	More info
Field 'securityScheme' On Components Is Undefined ^{_{8db5544e-4874-4baa-9322-e9f75a2d219e}}	High	Access Control	Query details Documentation
Cleartext Credentials With Basic Authentication For Operation ^{_{86b1fa30-9790-4980-994d-a27e0f6f27c1}}	High	Access Control	Query details Documentation
Implicit Flow in OAuth2 (v3) ^{_{4a1f3d75-ab73-41b2-83e7-06a93dc3a75a}}	Medium	Access Control	Query details Documentation
Security Scheme HTTP Unknown Scheme ^{_{06764426-3c56-407e-981f-caa25db1c149}}	Medium	Access Control	Query details Documentation
Security Scheme Using HTTP Negotiate ^{_{f525cc92-9050-4c41-a75c-890dc6f64449}}	Medium	Access Control	Query details Documentation
OAuth2 With Implicit Flow ^{_{39cb32f2-3a42-4af0-8037-82a7a9654b6c}}	Medium	Access Control	Query details Documentation
Invalid OAuth2 Authorization URL (v3) ^{_{52c0d841-60d6-4a81-88dd-c35fef36d315}}	Medium	Access Control	Query details Documentation
Security Scheme Using HTTP Basic ^{_{68e5fcac-390c-4939-a373-6074b7be7c71}}	Medium	Access Control	Query details Documentation
Security Scheme Using HTTP Digest ^{_{a4247b11-890b-45df-bf42-350a7a3af9be}}	Medium	Access Control	Query details Documentation
Invalid OAuth2 Token URL (v3) ^{_{3ba0cca1-b815-47bf-ac62-1e584eb64a05}}	Medium	Access Control	Query details Documentation
OAuth2 With Password Flow ^{_{3979b0a4-532c-4ea7-86e4-34c090eaa4f2}}	Medium	Access Control	Query details Documentation
Path Server Object Uses HTTP (v3) ^{_{9670f240-7b4d-4955-bd93-edaa9fa38b58}}	Medium	Encryption	Query details Documentation
Global Server Object Uses HTTP ^{_{2d8c175a-6d90-412b-8b0e-e034ea49a1fe}}	Medium	Encryption	Query details Documentation
Additional Properties Too Permissive ^{_{9f88c88d-824d-4d9a-b985-e22977046042}}	Medium	Insecure Configurations	Query details Documentation
Parameter Object Without Schema ^{_{8fe1846f-52cc-4413-ace9-1933d7d23672}}	Medium	Insecure Configurations	Query details Documentation
Media Type Object Without Schema ^{_{f79b9d26-e945-44e7-98a1-b93f0f7a68a0}}	Medium	Insecure Configurations	Query details Documentation
Additional Properties Too Restrictive ^{_{a19c3bbd-c056-40d7-9e1c-eeb0634e320d}}	Medium	Insecure Configurations	Query details Documentation
Header Object Without Schema ^{_{50de3b5b-6465-4e06-a9b0-b4c2ba34326b}}	Medium	Networking and Firewall	Query details Documentation
Success Response Code Undefined for Trace Operation ^{_{105e20dd-8449-4d71-95c6-d5dac96639af}}	Medium	Networking and Firewall	Query details Documentation
Global Security Scheme Using Basic Authentication ^{_{77276d82-4f45-4cf1-8e2b-4d345b936228}}	Low	Access Control	Query details Documentation
Undefined Scope 'securityScheme' On Global 'security' Field ^{_{23a9e2d9-8738-4556-a71c-2802b6ffa022}}	Low	Access Control	Query details Documentation
Security Scheme Using Oauth 1.0 ^{_{1bc3205c-0d60-44e6-84f3-44fbf4dac5b3}}	Low	Access Control	Query details Documentation
Undefined Scope 'securityScheme' On 'security' Field On Operations ^{_{462d6a1d-fed9-4d75-bb9e-3de902f35e6e}}	Low	Access Control	Query details Documentation
API Key Exposed In Global Security Scheme ^{_{40e1d1bf-11a9-4f63-a3a2-a8b84c602839}}	Low	Access Control	Query details Documentation
Components Response Definition Is Unused ^{_{9c3ea128-7e9a-4b4c-8a32-75ad17a2d3ae}}	Info	Best Practices	Query details Documentation
Encoding Header 'Content-Type' Improperly Defined ^{_{4cd8de87-b595-48b6-ab3c-1904567135ab}}	Info	Best Practices	Query details Documentation
Components Example Definition Is Unused ^{_{b05bb927-2df5-43cc-8d7b-6825c0e71625}}	Info	Best Practices	Query details Documentation
Unknown Prefix (v3) ^{_{a5375be3-521c-43bb-9eab-e2432e368ee4}}	Info	Best Practices	Query details Documentation
Invalid Media Type Value (v3) ^{_{cf4a5f45-a27b-49df-843a-9911dbfe71d4}}	Info	Best Practices	Query details Documentation
Components Link Definition Is Unused ^{_{c19779a9-5774-4d2f-a3a1-a99831730375}}	Info	Best Practices	Query details Documentation
Property 'allowReserved' of Encoding Object Ignored ^{_{4190dda7-af03-4cf0-a128-70ac1661ca09}}	Info	Best Practices	Query details Documentation
Components Header Definition Is Unused ^{_{a68da022-e95a-4bc2-97d3-481e0bd6d446}}	Info	Best Practices	Query details Documentation
Property 'allowEmptyValue' Ignored ^{_{59c2f769-7cc2-49c8-a3de-4e211135cfab}}	Info	Best Practices	Query details Documentation
Property 'explode' of Encoding Object Ignored ^{_{a4dd69b8-49fa-45d2-a060-c76655405b05}}	Info	Best Practices	Query details Documentation
Components Callback Definition Is Unused ^{_{d15db953-a553-4b8a-9a14-a3d62ea3d79d}}	Info	Best Practices	Query details Documentation
Property 'style' of Encoding Object Ignored ^{_{d3ea644a-9a5c-4fee-941f-f8a6786c0470}}	Info	Best Practices	Query details Documentation
Components Parameter Definition Is Unused ^{_{698a464e-bb3e-4ba8-ab5e-e6599b7644a0}}	Info	Best Practices	Query details Documentation
Components Schema Definition Is Unused ^{_{962fa01e-b791-4dcc-b04a-4a3e7389be5e}}	Info	Best Practices	Query details Documentation
Components Request Body Definition Is Unused ^{_{6b76f589-9713-44ab-97f5-59a3dba1a285}}	Info	Best Practices	Query details Documentation
Request Body JSON Reference Does Not Exists ^{_{ca02f4e8-d3ae-4832-b7db-bb037516d9e7}}	Info	Structure and Semantics	Query details Documentation
Object Without Required Property (v3) ^{_{d172a060-8569-4412-8045-3560ebd477e8}}	Info	Structure and Semantics	Query details Documentation
Parameter Object With Undefined Type ^{_{46facedc-f243-4108-ab33-583b807d50b0}}	Info	Structure and Semantics	Query details Documentation
Servers Array Undefined ^{_{c66ebeaa-676c-40dc-a3ff-3e49395dcd5e}}	Info	Structure and Semantics	Query details Documentation
Request Body Object With Incorrect Media Type ^{_{58f06434-a88c-4f74-826c-db7e10cc7def}}	Info	Structure and Semantics	Query details Documentation
Components Object Fixed Field Key Improperly Named ^{_{151331e2-11f4-4bb6-bd35-9a005e695087}}	Info	Structure and Semantics	Query details Documentation
Callback Object With Incorrect Ref ^{_{ba066cda-e808-450d-92b6-f29109754d45}}	Info	Structure and Semantics	Query details Documentation
Link Object OperationId Does Not Target Operation Object ^{_{c5bb7461-aa57-470b-a714-3bc3d74f4669}}	Info	Structure and Semantics	Query details Documentation
Example JSON Reference Outside Components Examples ^{_{bac56e3c-1f71-4a74-8ae6-2fba07efcddb}}	Info	Structure and Semantics	Query details Documentation
Schema With Both ReadOnly And WriteOnly ^{_{d2361d58-361c-49f0-9e50-b957fd608b29}}	Info	Structure and Semantics	Query details Documentation
Security Field Undefined ^{_{ab1263c2-81df-46f0-9f2c-0b62fdb68419}}	Info	Structure and Semantics	Query details Documentation
Parameter Object With Schema And Content ^{_{31dd6fc0-f274-493b-9614-e063086c19fc}}	Info	Structure and Semantics	Query details Documentation
Header Object With Incorrect Ref ^{_{2d6646f4-2946-420f-8c14-3232d49ae0cb}}	Info	Structure and Semantics	Query details Documentation
Unknown Property (v3) ^{_{fb7d81e7-4150-48c4-b914-92fc05da6a2f}}	Info	Structure and Semantics	Query details Documentation
Server Object Variable Not Used ^{_{8aee4754-970d-4c5f-8142-a49dfe388b1a}}	Info	Structure and Semantics	Query details Documentation
Response JSON Reference Does Not Exists (v3) ^{_{7a01dfbd-da62-4165-aed7-71349ad42ab4}}	Info	Structure and Semantics	Query details Documentation
Invalid Content Type For Multiple Files Upload ^{_{26f06397-36d8-4ce7-b993-17711261d777}}	Info	Structure and Semantics	Query details Documentation
Link JSON Reference Does Not Exists ^{_{801f0c6a-a834-4467-89c6-ddecffb46b5a}}	Info	Structure and Semantics	Query details Documentation
Encoding Map Key Mismatch Schema Defined Properties ^{_{cd7a52cf-8d7f-4cfe-bbeb-6306d23f576b}}	Info	Structure and Semantics	Query details Documentation
Callback JSON Reference Does Not Exists ^{_{f29904c8-6041-4bca-b043-dfa0546b8079}}	Info	Structure and Semantics	Query details Documentation
Request Body With Incorrect Ref ^{_{0f6cd0ab-c366-4595-84fc-fbd8b9901e4d}}	Info	Structure and Semantics	Query details Documentation
Parameter Object With Incorrect Ref (v3) ^{_{d40f27e6-15fb-4b56-90f8-fc0ff0291c51}}	Info	Structure and Semantics	Query details Documentation
Link Object With Both 'operationId' And 'operationRef' ^{_{60fb6621-9f02-473b-9424-ba9a825747d3}}	Info	Structure and Semantics	Query details Documentation
Security Requirement Object With Wrong Scopes ^{_{37140f7f-724a-4c87-a536-e9cee1d61533}}	Info	Structure and Semantics	Query details Documentation
Security Operation Field Undefined ^{_{20a482d5-c5d9-4a7a-b7a4-60d0805047b4}}	Info	Structure and Semantics	Query details Documentation
Parameter Object Content With Multiple Entries ^{_{8bfed1c6-2d59-4924-bc7f-9b9d793ed0df}}	Info	Structure and Semantics	Query details Documentation
Link Object Incorrect Ref ^{_{b9db8a10-020c-49ca-88c6-780e5fdb4328}}	Info	Structure and Semantics	Query details Documentation
Header JSON Reference Does Not Exists ^{_{376c9390-7e9e-4cb8-a067-fd31c05451fd}}	Info	Structure and Semantics	Query details Documentation
Empty Array ^{_{5915c20f-dffa-4cee-b5d4-f457ddc0151a}}	Info	Structure and Semantics	Query details Documentation
Server URL Uses Undefined Variables ^{_{8d0921d6-4131-461f-a253-99e873f8f77e}}	Info	Structure and Semantics	Query details Documentation
Response Object With Incorrect Ref (v3) ^{_{b3871dd8-9333-4d6c-bd52-67eb898b71ab}}	Info	Structure and Semantics	Query details Documentation
Example JSON Reference Does Not Exists ^{_{6a2c219f-da5e-4745-941e-5ea8cde23356}}	Info	Structure and Semantics	Query details Documentation
Property 'allowReserved' Improperly Defined ^{_{7f203940-39c4-4ea7-91ee-7aba16bca9e2}}	Info	Structure and Semantics	Query details Documentation
Parameter JSON Reference Does Not Exists (v3) ^{_{2e275f16-b627-4d3f-ae73-a6153a23ae8f}}	Info	Structure and Semantics	Query details Documentation
Schema Object Incorrect Ref (v3) ^{_{4cac7ace-b0fb-477d-830d-65395d9109d9}}	Info	Structure and Semantics	Query details Documentation
Schema JSON Reference Does Not Exists (v3) ^{_{015eac96-6313-43c0-84e5-81b1374fa637}}	Info	Structure and Semantics	Query details Documentation
Server URL Not Absolute ^{_{a0bf7382-5d5a-4224-924c-3db8466026c9}}	Info	Structure and Semantics	Query details Documentation