Undefined Scope 'securityDefinition' On 'security' Field On Operations
- Query id: 3847280c-9193-40bc-8009-76168e822ce2
- Query name: Undefined Scope 'securityDefinition' On 'security' Field On Operations
- Platform: OpenAPI
- Severity: Low
- Category: Access Control
- URL: Github
Description¶
Using an scope on security of operations that is undefined on 'securityDefinitions' can be defined by an attacker
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
swagger: "2.0"
info:
title: Simple API Overview
version: 1.0.0
paths:
/:
get:
operationId: listVersionsv2
summary: List API versions
security:
- oAuth2AuthCodeNeg2:
- read:api
- error:api
responses:
"200":
description: Success
securityDefinitions:
oAuth2AuthCodeNeg2:
type: oauth2
description: For more information, see https://api.my.company.com/docs/oauth
flow: authorizationCode
authorizationUrl: https://api.my.company.com/oauth/authorize
tokenUrl: https://api.my.company.com/oauth/token
scopes:
read:api: read your apis
Positive test num. 2 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"security": [
{
"oAuth2AuthCodeNeg2": [
"read:api",
"error:api"
]
}
],
"responses": {
"200": {
"description": "Success"
}
}
}
}
},
"securityDefinitions": {
"oAuth2AuthCodeNeg2": {
"type": "oauth2",
"description": "For more information, see https://api.my.company.com/docs/oauth",
"flow": "authorizationCode",
"authorizationUrl": "https://api.my.company.com/oauth/authorize",
"tokenUrl": "https://api.my.company.com/oauth/token",
"scopes": {
"read:api": "read your apis"
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
swagger: "2.0"
info:
title: Simple API Overview
version: 1.0.0
paths:
/:
get:
operationId: listVersionsv2
summary: List API versions
security:
- oAuth2AuthCodeNeg2:
- read:api
responses:
"200":
description: Success
securityDefinitions:
oAuth2AuthCodeNeg2:
type: oauth2
description: For more information, see https://api.my.company.com/docs/oauth
flow: authorizationCode
authorizationUrl: https://api.my.company.com/oauth/authorize
tokenUrl: https://api.my.company.com/oauth/token
scopes:
read:api: read your apis
Negative test num. 2 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"security": [
{
"oAuth2AuthCodeNeg2": [
"read:api"
]
}
],
"responses": {
"200": {
"description": "Success"
}
}
}
}
},
"securityDefinitions": {
"oAuth2AuthCodeNeg2": {
"type": "oauth2",
"description": "For more information, see https://api.my.company.com/docs/oauth",
"flow": "authorizationCode",
"authorizationUrl": "https://api.my.company.com/oauth/authorize",
"tokenUrl": "https://api.my.company.com/oauth/token",
"scopes": {
"read:api": "read your apis"
}
}
}
}