Response Code Missing (v3)

  • Query id: 6c35d2c6-09f2-4e5c-a094-e0e91327071d
  • Query name: Response Code Missing (v3)
  • Platform: OpenAPI
  • Severity: Medium
  • Category: Networking and Firewall
  • URL: Github

Description

500, 429 and 400 responses should be defined for all operations, except head operation. 415 response should be defined for the post, put, and patch operations. 404 response should be defined for the get, put, head, delete operations. 200 response should be defined for options operation. 401 and 403 response should be defined for all operations when the security field is defined.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API",
    "version": "1.0.0"
  },
  "paths": {
    "/item": {
      "put": {
        "operationId": "putItem",
        "summary": "Put item",
        "responses": {
          "default": {
            "description": "Error"
          }
        }
      },
      "options": {
        "operationId": "optionsItem",
        "summary": "Options item",
        "responses": {
          "default": {
            "description": "Error"
          }
        }
      }
    }
  },
  "components": {
    "schemas": {
      "Error": {
        "type": "object",
        "properties": {
          "code": {
            "type": "string"
          },
          "message": {
            "type": "string"
          }
        },
        "required": [
          "code",
          "message"
        ]
      }
    }
  }
}
Positive test num. 2 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API",
    "version": "1.0.0"
  },
  "paths": {
    "/item": {
      "put": {
        "operationId": "putItem",
        "summary": "Put item",
        "responses": {
          "500": {
            "description": "500 response"
          },
          "429": {
            "description": "429 response"
          },
          "400": {
            "description": "400 response"
          },
          "404": {
            "description": "404 response"
          },
          "415": {
            "description": "415 response"
          }
        }
      }
    }
  },
  "security": [
    {
      "petstore_auth": [
        "write:pets",
        "read:pets"
      ]
    }
  ],
  "components": {
    "schemas": {
      "Error": {
        "type": "object",
        "properties": {
          "code": {
            "type": "string"
          },
          "message": {
            "type": "string"
          }
        },
        "required": [
          "code",
          "message"
        ]
      }
    }
  }
}
Positive test num. 3 - yaml file
openapi: 3.0.0
info:
  title: Simple API
  version: 1.0.0
paths:
  "/item":
    put:
      operationId: putItem
      summary: Put item
      responses:
        default:
          description: Error
    options:
      operationId: optionsItem
      summary: Options item
      responses:
        default:
          description: Error
components:
  schemas:
    Error:
      type: object
      properties:
        code:
          type: string
        message:
          type: string
      required:
        - code
        - message

Positive test num. 4 - yaml file
openapi: 3.0.0
info:
  title: Simple API
  version: 1.0.0
paths:
  "/item":
    put:
      operationId: putItem
      summary: Put item
      responses:
        "500":
          description: 500 response
        "429":
          description: 429 response
        "400":
          description: 400 response
        "404":
          description: 404 response
        "415":
          description: 415 response
components:
  schemas:
    Error:
      type: object
      properties:
        code:
          type: string
        message:
          type: string
      required:
        - code
        - message
security:
  - petstore_auth:
      - write:pets
      - read:pets
Positive test num. 5 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API",
    "version": "1.0.0"
  },
  "paths": {
    "/item": {
      "put": {
        "operationId": "putItem",
        "summary": "Put item",
        "responses": {
          "500": {
            "description": "500 response"
          },
          "429": {
            "description": "429 response"
          },
          "400": {
            "description": "400 response"
          },
          "404": {
            "description": "404 response"
          },
          "415": {
            "description": "415 response"
          }
        }
      }
    }
  },
  "security": [
    {
      "petstore_auth": [
        "write:pets",
        "read:pets"
      ]
    }
  ]
}
Positive test num. 6 - yaml file
swagger: "2.0"
info:
  title: Simple API
  version: 1.0.0
paths:
  "/item":
    put:
      operationId: putItem
      summary: Put item
      responses:
        "500":
          description: 500 response
        "429":
          description: 429 response
        "400":
          description: 400 response
        "404":
          description: 404 response
        "415":
          description: 415 response
security:
  - petstore_auth:
      - write:pets
      - read:pets

Code samples without security vulnerabilities

Negative test num. 1 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API",
    "version": "1.0.0"
  },
  "paths": {
    "/item": {
      "put": {
        "operationId": "putItem",
        "summary": "Put item",
        "responses": {
          "500": {
            "description": "500 response"
          },
          "429": {
            "description": "429 response"
          },
          "400": {
            "description": "400 response"
          },
          "404": {
            "description": "404 response"
          },
          "415": {
            "description": "415 response"
          }
        }
      },
      "options": {
        "operationId": "optionsItem",
        "summary": "Options item",
        "responses": {
          "200": {
            "description": "200 response"
          },
          "500": {
            "description": "500 response"
          },
          "429": {
            "description": "429 response"
          },
          "400": {
            "description": "400 response"
          }
        }
      }
    }
  },
  "components": {
    "schemas": {
      "Error": {
        "type": "object",
        "properties": {
          "code": {
            "type": "string"
          },
          "message": {
            "type": "string"
          }
        },
        "required": [
          "code",
          "message"
        ]
      }
    }
  }
}
Negative test num. 2 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API",
    "version": "1.0.0"
  },
  "paths": {
    "/item": {
      "put": {
        "operationId": "putItem",
        "summary": "Put item",
        "responses": {
          "500": {
            "description": "500 response"
          },
          "429": {
            "description": "429 response"
          },
          "400": {
            "description": "400 response"
          },
          "404": {
            "description": "404 response"
          },
          "415": {
            "description": "415 response"
          },
          "401": {
            "description": "401 response"
          },
          "403": {
            "description": "403 response"
          }
        }
      }
    }
  },
  "security": [
    {
      "petstore_auth": [
        "write:pets",
        "read:pets"
      ]
    }
  ],
  "components": {
    "schemas": {
      "Error": {
        "type": "object",
        "properties": {
          "code": {
            "type": "string"
          },
          "message": {
            "type": "string"
          }
        },
        "required": [
          "code",
          "message"
        ]
      }
    }
  }
}
Negative test num. 3 - yaml file
openapi: 3.0.0
info:
  title: Simple API
  version: 1.0.0
paths:
  "/item":
    put:
      operationId: putItem
      summary: Put item
      responses:
        "500":
          description: 500 response
        "429":
          description: 429 response
        "400":
          description: 400 response
        "404":
          description: 404 response
        "415":
          description: 415 response
    options:
      operationId: optionsItem
      summary: Options item
      responses:
        "200":
          description: 200 response
        "500":
          description: 500 response
        "429":
          description: 429 response
        "400":
          description: 400 response

components:
  schemas:
    Error:
      type: object
      properties:
        code:
          type: string
        message:
          type: string
      required:
        - code
        - message

Negative test num. 4 - yaml file
openapi: 3.0.0
info:
  title: Simple API
  version: 1.0.0
paths:
  "/item":
    put:
      operationId: putItem
      summary: Put item
      responses:
        "500":
          description: 500 response
        "429":
          description: 429 response
        "400":
          description: 400 response
        "404":
          description: 404 response
        "415":
          description: 415 response
        "401":
          description: 401 response
        "403":
          description: 403 response
components:
  schemas:
    Error:
      type: object
      properties:
        code:
          type: string
        message:
          type: string
      required:
        - code
        - message
security:
  - petstore_auth:
      - write:pets
      - read:pets
Negative test num. 5 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API",
    "version": "1.0.0"
  },
  "paths": {
    "/item": {
      "put": {
        "operationId": "putItem",
        "summary": "Put item",
        "responses": {
          "500": {
            "description": "500 response"
          },
          "429": {
            "description": "429 response"
          },
          "400": {
            "description": "400 response"
          },
          "404": {
            "description": "404 response"
          },
          "415": {
            "description": "415 response"
          },
          "401": {
            "description": "401 response"
          },
          "403": {
            "description": "403 response"
          }
        }
      }
    }
  },
  "security": [
    {
      "petstore_auth": [
        "write:pets",
        "read:pets"
      ]
    }
  ]
}
Negative test num. 6 - yaml file
swagger: "2.0"
info:
  title: Simple API
  version: 1.0.0
paths:
  "/item":
    put:
      operationId: putItem
      summary: Put item
      responses:
        "500":
          description: 500 response
        "429":
          description: 429 response
        "400":
          description: 400 response
        "404":
          description: 404 response
        "415":
          description: 415 response
        "401":
          description: 401 response
        "403":
          description: 403 response
security:
  - petstore_auth:
      - write:pets
      - read:pets