Response Code Missing (v3)
- Query id: 6c35d2c6-09f2-4e5c-a094-e0e91327071d
- Query name: Response Code Missing (v3)
- Platform: OpenAPI
- Severity: Medium
- Category: Networking and Firewall
- URL: Github
Description¶
500, 429 and 400 responses should be defined for all operations, except head operation. 415 response should be defined for the post, put, and patch operations. 404 response should be defined for the get, put, head, delete operations. 200 response should be defined for options operation. 401 and 403 response should be defined for all operations when the security field is defined.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API",
"version": "1.0.0"
},
"paths": {
"/item": {
"put": {
"operationId": "putItem",
"summary": "Put item",
"responses": {
"default": {
"description": "Error"
}
}
},
"options": {
"operationId": "optionsItem",
"summary": "Options item",
"responses": {
"default": {
"description": "Error"
}
}
}
}
},
"components": {
"schemas": {
"Error": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
]
}
}
}
}
Positive test num. 2 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API",
"version": "1.0.0"
},
"paths": {
"/item": {
"put": {
"operationId": "putItem",
"summary": "Put item",
"responses": {
"500": {
"description": "500 response"
},
"429": {
"description": "429 response"
},
"400": {
"description": "400 response"
},
"404": {
"description": "404 response"
},
"415": {
"description": "415 response"
}
}
}
}
},
"security": [
{
"petstore_auth": [
"write:pets",
"read:pets"
]
}
],
"components": {
"schemas": {
"Error": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
]
}
}
}
}
Positive test num. 3 - yaml file
openapi: 3.0.0
info:
title: Simple API
version: 1.0.0
paths:
"/item":
put:
operationId: putItem
summary: Put item
responses:
default:
description: Error
options:
operationId: optionsItem
summary: Options item
responses:
default:
description: Error
components:
schemas:
Error:
type: object
properties:
code:
type: string
message:
type: string
required:
- code
- message
Positive test num. 4 - yaml file
openapi: 3.0.0
info:
title: Simple API
version: 1.0.0
paths:
"/item":
put:
operationId: putItem
summary: Put item
responses:
"500":
description: 500 response
"429":
description: 429 response
"400":
description: 400 response
"404":
description: 404 response
"415":
description: 415 response
components:
schemas:
Error:
type: object
properties:
code:
type: string
message:
type: string
required:
- code
- message
security:
- petstore_auth:
- write:pets
- read:pets
Positive test num. 5 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API",
"version": "1.0.0"
},
"paths": {
"/item": {
"put": {
"operationId": "putItem",
"summary": "Put item",
"responses": {
"500": {
"description": "500 response"
},
"429": {
"description": "429 response"
},
"400": {
"description": "400 response"
},
"404": {
"description": "404 response"
},
"415": {
"description": "415 response"
}
}
}
}
},
"security": [
{
"petstore_auth": [
"write:pets",
"read:pets"
]
}
]
}
Positive test num. 6 - yaml file
swagger: "2.0"
info:
title: Simple API
version: 1.0.0
paths:
"/item":
put:
operationId: putItem
summary: Put item
responses:
"500":
description: 500 response
"429":
description: 429 response
"400":
description: 400 response
"404":
description: 404 response
"415":
description: 415 response
security:
- petstore_auth:
- write:pets
- read:pets
Code samples without security vulnerabilities¶
Negative test num. 1 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API",
"version": "1.0.0"
},
"paths": {
"/item": {
"put": {
"operationId": "putItem",
"summary": "Put item",
"responses": {
"500": {
"description": "500 response"
},
"429": {
"description": "429 response"
},
"400": {
"description": "400 response"
},
"404": {
"description": "404 response"
},
"415": {
"description": "415 response"
}
}
},
"options": {
"operationId": "optionsItem",
"summary": "Options item",
"responses": {
"200": {
"description": "200 response"
},
"500": {
"description": "500 response"
},
"429": {
"description": "429 response"
},
"400": {
"description": "400 response"
}
}
}
}
},
"components": {
"schemas": {
"Error": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
]
}
}
}
}
Negative test num. 2 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API",
"version": "1.0.0"
},
"paths": {
"/item": {
"put": {
"operationId": "putItem",
"summary": "Put item",
"responses": {
"500": {
"description": "500 response"
},
"429": {
"description": "429 response"
},
"400": {
"description": "400 response"
},
"404": {
"description": "404 response"
},
"415": {
"description": "415 response"
},
"401": {
"description": "401 response"
},
"403": {
"description": "403 response"
}
}
}
}
},
"security": [
{
"petstore_auth": [
"write:pets",
"read:pets"
]
}
],
"components": {
"schemas": {
"Error": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
]
}
}
}
}
Negative test num. 3 - yaml file
openapi: 3.0.0
info:
title: Simple API
version: 1.0.0
paths:
"/item":
put:
operationId: putItem
summary: Put item
responses:
"500":
description: 500 response
"429":
description: 429 response
"400":
description: 400 response
"404":
description: 404 response
"415":
description: 415 response
options:
operationId: optionsItem
summary: Options item
responses:
"200":
description: 200 response
"500":
description: 500 response
"429":
description: 429 response
"400":
description: 400 response
components:
schemas:
Error:
type: object
properties:
code:
type: string
message:
type: string
required:
- code
- message
Negative test num. 4 - yaml file
openapi: 3.0.0
info:
title: Simple API
version: 1.0.0
paths:
"/item":
put:
operationId: putItem
summary: Put item
responses:
"500":
description: 500 response
"429":
description: 429 response
"400":
description: 400 response
"404":
description: 404 response
"415":
description: 415 response
"401":
description: 401 response
"403":
description: 403 response
components:
schemas:
Error:
type: object
properties:
code:
type: string
message:
type: string
required:
- code
- message
security:
- petstore_auth:
- write:pets
- read:pets
Negative test num. 5 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API",
"version": "1.0.0"
},
"paths": {
"/item": {
"put": {
"operationId": "putItem",
"summary": "Put item",
"responses": {
"500": {
"description": "500 response"
},
"429": {
"description": "429 response"
},
"400": {
"description": "400 response"
},
"404": {
"description": "404 response"
},
"415": {
"description": "415 response"
},
"401": {
"description": "401 response"
},
"403": {
"description": "403 response"
}
}
}
}
},
"security": [
{
"petstore_auth": [
"write:pets",
"read:pets"
]
}
]
}
Negative test num. 6 - yaml file
swagger: "2.0"
info:
title: Simple API
version: 1.0.0
paths:
"/item":
put:
operationId: putItem
summary: Put item
responses:
"500":
description: 500 response
"429":
description: 429 response
"400":
description: 400 response
"404":
description: 404 response
"415":
description: 415 response
"401":
description: 401 response
"403":
description: 403 response
security:
- petstore_auth:
- write:pets
- read:pets