Object Using Enum With Keyword (v3)

  • Query id: 2e9b6612-8f69-42e0-a5b8-ed17739c2f3a
  • Query name: Object Using Enum With Keyword (v3)
  • Platform: OpenAPI
  • Severity: Info
  • Category: Best Practices
  • CWE: Ongoing
  • URL: Github

Description

Schema Object properties should not contain 'enum' and schema keywords
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0",
    "contact": {
      "name": "contact",
      "url": "https://www.google.com/",
      "email": "user@gmail.com"
    }
  },
  "paths": {},
  "components": {
    "schemas": {
      "Pet": {
        "type": "object",
        "discriminator": {
          "propertyName": "petType"
        },
        "properties": {
          "name": {
            "type": "string"
          },
          "petType": {
            "type": "string"
          }
        },
        "required": [
          "name",
          "petType"
        ]
      },
      "Cat": {
        "description": "A representation of a cat. Note that `Cat` will be used as the discriminator value.",
        "allOf": [
          {
            "$ref": "#/components/schemas/Pet"
          },
          {
            "type": "object",
            "properties": {
              "huntingSkill": {
                "type": "string",
                "description": "The measured skill for hunting",
                "default": "lazy",
                "enum": [
                  "clueless",
                  "lazy",
                  "adventurous",
                  "aggressive"
                ],
                "minLength": 4
              }
            },
            "required": [
              "huntingSkill"
            ]
          }
        ]
      },
      "Dog": {
        "description": "A representation of a dog. Note that `Dog` will be used as the discriminator value.",
        "allOf": [
          {
            "$ref": "#/components/schemas/Pet"
          },
          {
            "type": "object",
            "properties": {
              "packSize": {
                "type": "integer",
                "format": "int32",
                "description": "the size of the pack the dog is from",
                "default": 0,
                "minimum": 0
              }
            },
            "required": [
              "packSize"
            ]
          }
        ]
      }
    }
  }
}
Positive test num. 2 - yaml file
openapi: 3.0.0
info:
  title: Simple API Overview
  version: 1.0.0
  contact:
    name: contact
    url: https://www.google.com/
    email: user@gmail.com
paths: {}
components:
  schemas:
    Pet:
      type: object
      discriminator:
        propertyName: petType
      properties:
        name:
          type: string
        petType:
          type: string
      required:
        - name
        - petType
    Cat:
      description:
        A representation of a cat. Note that `Cat` will be used as the
        discriminator value.
      allOf:
        - "$ref": "#/components/schemas/Pet"
        - type: object
          properties:
            huntingSkill:
              type: string
              description: The measured skill for hunting
              default: lazy
              enum:
                - clueless
                - lazy
                - adventurous
                - aggressive
              minLength: 4
          required:
            - huntingSkill
    Dog:
      description:
        A representation of a dog. Note that `Dog` will be used as the
        discriminator value.
      allOf:
        - "$ref": "#/components/schemas/Pet"
        - type: object
          properties:
            packSize:
              type: integer
              format: int32
              description: the size of the pack the dog is from
              default: 0
              minimum: 0
          required:
            - packSize
Positive test num. 3 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0",
    "contact": {
      "name": "contact",
      "url": "https://www.google.com/",
      "email": "user@gmail.com"
    }
  },
  "paths": {},
  "definitions": {
    "Pet": {
      "type": "object",
      "discriminator": "petType",
      "properties": {
        "name": {
          "type": "string"
        },
        "petType": {
          "type": "string"
        }
      },
      "required": [
        "name",
        "petType"
      ]
    },
    "Cat": {
      "description": "A representation of a cat. Note that `Cat` will be used as the discriminator value.",
      "allOf": [
        {
          "$ref": "#/definitions/Pet"
        },
        {
          "type": "object",
          "properties": {
            "huntingSkill": {
              "type": "string",
              "description": "The measured skill for hunting",
              "default": "lazy",
              "enum": [
                "clueless",
                "lazy",
                "adventurous",
                "aggressive"
              ],
              "minLength": 4
            }
          },
          "required": [
            "huntingSkill"
          ]
        }
      ]
    },
    "Dog": {
      "description": "A representation of a dog. Note that `Dog` will be used as the discriminator value.",
      "allOf": [
        {
          "$ref": "#/definitions/Pet"
        },
        {
          "properties": {
            "packSize": {
              "type": "integer",
              "format": "int32",
              "description": "the size of the pack the dog is from",
              "default": 0,
              "minimum": 0
            }
          },
          "required": [
            "packSize"
          ],
          "type": "object"
        }
      ]
    }
  }
}

Positive test num. 4 - yaml file
swagger: "2.0"
info:
  title: Simple API Overview
  version: 1.0.0
  contact:
    name: contact
    url: https://www.google.com/
    email: user@gmail.com
paths: {}
definitions:
  Pet:
    type: object
    discriminator: petType
    properties:
      name:
        type: string
      petType:
        type: string
    required:
      - name
      - petType
  Cat:
    description: A representation of a cat. Note that `Cat` will be used as the
      discriminator value.
    allOf:
      - "$ref": "#/definitions/Pet"
      - type: object
        properties:
          huntingSkill:
            type: string
            description: The measured skill for hunting
            default: lazy
            enum:
              - clueless
              - lazy
              - adventurous
              - aggressive
            minLength: 4
        required:
          - huntingSkill
  Dog:
    description: A representation of a dog. Note that `Dog` will be used as the
      discriminator value.
    allOf:
      - "$ref": "#/definitions/Pet"
      - type: object
        properties:
          packSize:
            type: integer
            format: int32
            description: the size of the pack the dog is from
            default: 0
            minimum: 0
        required:
          - packSize
Positive test num. 5 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0",
    "contact": {
      "name": "contact",
      "url": "https://www.google.com/",
      "email": "user@gmail.com"
    }
  },
  "paths": {
    "/": {
      "get": {
        "parameters": [
          {
            "in": "body",
            "name": "offset",
            "schema": {
              "properties": {
                "huntingSkill": {
                  "default": "lazy",
                  "enum": [
                    "clueless",
                    "lazy",
                    "adventurous",
                    "aggressive"
                  ],
                  "minLength": 4,
                  "type": "string",
                  "description": "The measured skill for hunting"
                }
              },
              "type": "object"
            }
          }
        ],
        "operationId": "op_id3",
        "responses": {
          "200": {
            "description": "200 response"
          }
        }
      }
    }
  }
}
Positive test num. 6 - yaml file
swagger: "2.0"
info:
  title: Simple API Overview
  version: 1.0.0
  contact:
    name: contact
    url: https://www.google.com/
    email: user@gmail.com
paths:
  "/":
    get:
      operationId: op_id3
      responses:
        "200":
          description: 200 response
      parameters:
        - in: body
          name: offset
          schema:
            type: object
            properties:
              huntingSkill:
                type: string
                description: The measured skill for hunting
                default: lazy
                enum:
                  - clueless
                  - lazy
                  - adventurous
                  - aggressive
                minLength: 4

Code samples without security vulnerabilities

Negative test num. 1 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0",
    "contact": {
      "name": "contact",
      "url": "https://www.google.com/",
      "email": "user@gmail.com"
    }
  },
  "paths": {},
  "components": {
    "schemas": {
      "Pet": {
        "type": "object",
        "discriminator": {
          "propertyName": "petType"
        },
        "properties": {
          "name": {
            "type": "string"
          },
          "petType": {
            "type": "string"
          }
        },
        "required": [
          "name",
          "petType"
        ]
      },
      "Cat": {
        "description": "A representation of a cat. Note that `Cat` will be used as the discriminator value.",
        "allOf": [
          {
            "$ref": "#/components/schemas/Pet"
          },
          {
            "type": "object",
            "properties": {
              "huntingSkill": {
                "type": "string",
                "description": "The measured skill for hunting",
                "default": "lazy",
                "enum": [
                  "clueless",
                  "lazy",
                  "adventurous",
                  "aggressive"
                ]
              }
            },
            "required": [
              "huntingSkill"
            ]
          }
        ]
      },
      "Dog": {
        "description": "A representation of a dog. Note that `Dog` will be used as the discriminator value.",
        "allOf": [
          {
            "$ref": "#/components/schemas/Pet"
          },
          {
            "type": "object",
            "properties": {
              "packSize": {
                "type": "integer",
                "format": "int32",
                "description": "the size of the pack the dog is from",
                "default": 0,
                "minimum": 0
              }
            },
            "required": [
              "packSize"
            ]
          }
        ]
      }
    }
  }
}
Negative test num. 2 - yaml file
openapi: 3.0.0
info:
  title: Simple API Overview
  version: 1.0.0
  contact:
    name: contact
    url: https://www.google.com/
    email: user@gmail.com
paths: {}
components:
  schemas:
    Pet:
      type: object
      discriminator:
        propertyName: petType
      properties:
        name:
          type: string
        petType:
          type: string
      required:
        - name
        - petType
    Cat:
      description:
        A representation of a cat. Note that `Cat` will be used as the
        discriminator value.
      allOf:
        - "$ref": "#/components/schemas/Pet"
        - type: object
          properties:
            huntingSkill:
              type: string
              description: The measured skill for hunting
              default: lazy
              enum:
                - clueless
                - lazy
                - adventurous
                - aggressive
          required:
            - huntingSkill
    Dog:
      description:
        A representation of a dog. Note that `Dog` will be used as the
        discriminator value.
      allOf:
        - "$ref": "#/components/schemas/Pet"
        - type: object
          properties:
            packSize:
              type: integer
              format: int32
              description: the size of the pack the dog is from
              default: 0
              minimum: 0
          required:
            - packSize
Negative test num. 3 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0",
    "contact": {
      "name": "contact",
      "url": "https://www.google.com/",
      "email": "user@gmail.com"
    }
  },
  "paths": {},
  "definitions": {
    "Pet": {
      "type": "object",
      "discriminator": "petType",
      "properties": {
        "name": {
          "type": "string"
        },
        "petType": {
          "type": "string"
        }
      },
      "required": [
        "name",
        "petType"
      ]
    },
    "Cat": {
      "description": "A representation of a cat. Note that `Cat` will be used as the discriminator value.",
      "allOf": [
        {
          "$ref": "#/definitions/Pet"
        },
        {
          "type": "object",
          "properties": {
            "huntingSkill": {
              "type": "string",
              "description": "The measured skill for hunting",
              "default": "lazy",
              "enum": [
                "clueless",
                "lazy",
                "adventurous",
                "aggressive"
              ]
            }
          },
          "required": [
            "huntingSkill"
          ]
        }
      ]
    },
    "Dog": {
      "description": "A representation of a dog. Note that `Dog` will be used as the discriminator value.",
      "allOf": [
        {
          "$ref": "#/definitions/Pet"
        },
        {
          "type": "object",
          "properties": {
            "packSize": {
              "type": "integer",
              "format": "int32",
              "description": "the size of the pack the dog is from",
              "default": 0,
              "minimum": 0
            }
          },
          "required": [
            "packSize"
          ]
        }
      ]
    }
  }
}

Negative test num. 4 - yaml file
swagger: "2.0"
info:
  title: Simple API Overview
  version: 1.0.0
  contact:
    name: contact
    url: https://www.google.com/
    email: user@gmail.com
paths: {}
definitions:
  Pet:
    type: object
    discriminator: petType
    properties:
      name:
        type: string
      petType:
        type: string
    required:
      - name
      - petType
  Cat:
    description: A representation of a cat. Note that `Cat` will be used as the
      discriminator value.
    allOf:
      - "$ref": "#/definitions/Pet"
      - type: object
        properties:
          huntingSkill:
            type: string
            description: The measured skill for hunting
            default: lazy
            enum:
              - clueless
              - lazy
              - adventurous
              - aggressive
        required:
          - huntingSkill
  Dog:
    description: A representation of a dog. Note that `Dog` will be used as the
      discriminator value.
    allOf:
      - "$ref": "#/definitions/Pet"
      - type: object
        properties:
          packSize:
            type: integer
            format: int32
            description: the size of the pack the dog is from
            default: 0
            minimum: 0
        required:
          - packSize
Negative test num. 5 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0",
    "contact": {
      "name": "contact",
      "url": "https://www.google.com/",
      "email": "user@gmail.com"
    }
  },
  "paths": {
    "/": {
      "get": {
        "parameters": [
          {
            "in": "body",
            "name": "offset",
            "schema": {
              "properties": {
                "huntingSkill": {
                  "type": "string",
                  "description": "The measured skill for hunting",
                  "default": "lazy",
                  "enum": [
                    "clueless",
                    "lazy",
                    "adventurous",
                    "aggressive"
                  ]
                }
              },
              "type": "object"
            }
          }
        ],
        "operationId": "op_id3",
        "responses": {
          "200": {
            "description": "200 response"
          }
        }
      }
    }
  }
}
Negative test num. 6 - yaml file
swagger: "2.0"
info:
  title: Simple API Overview
  version: 1.0.0
  contact:
    name: contact
    url: https://www.google.com/
    email: user@gmail.com
paths:
  "/":
    get:
      operationId: op_id3
      responses:
        "200":
          description: 200 response
      parameters:
        - in: body
          name: offset
          schema:
            type: object
            properties:
              huntingSkill:
                type: string
                description: The measured skill for hunting
                default: lazy
                enum:
                  - clueless
                  - lazy
                  - adventurous
                  - aggressive