Unknown Prefix (v2)

  • Query id: 3b615f00-c443-4ba9-acc4-7c308716917d
  • Query name: Unknown Prefix (v2)
  • Platform: OpenAPI
  • Severity: Info
  • Category: Best Practices
  • CWE: Ongoing
  • URL: Github

Description

The media type prefix should be set as 'application', 'audio', 'font', 'example', 'image', 'message', 'model', 'multipart', 'text' or 'video'
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "produces": [
          "aplication/json"
        ],
        "responses": {
          "200": {
            "schema": {
              "$ref": "#/definitions/User"
            }
          }
        },
        "parameters": [
          {
            "$ref": "#/parameters/limitParam"
          }
        ]
      }
    }
  },
  "parameters": {
    "limitParam": {
      "name": "limit",
      "in": "query",
      "description": "max records to return",
      "required": true,
      "schema": {
        "type": "integer"
      }
    }
  },
  "definitions": {
    "User": {
      "type": "object",
      "required": [
        "id",
        "name"
      ],
      "properties": {
        "id": {
          "type": "integer",
          "format": "int64"
        },
        "name": {
          "type": "string"
        }
      }
    }
  }
}
Positive test num. 2 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "responses": {
          "200": {
            "schema": {
              "$ref": "#/definitions/User"
            }
          }
        },
        "parameters": [
          {
            "$ref": "#/parameters/limitParam"
          }
        ]
      }
    }
  },
  "parameters": {
    "limitParam": {
      "name": "limit",
      "in": "query",
      "description": "max records to return",
      "required": true,
      "schema": {
        "type": "integer"
      }
    }
  },
  "produces": [
    "aplication/json"
  ],
  "definitions": {
    "User": {
      "type": "object",
      "required": [
        "id",
        "name"
      ],
      "properties": {
        "id": {
          "type": "integer",
          "format": "int64"
        },
        "name": {
          "type": "string"
        }
      }
    }
  }
}
Positive test num. 3 - yaml file
swagger: '2.0'
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  "/":
    get:
      operationId: listVersionsv2
      summary: List API versions
      produces:
      - aplication/json
      responses:
        '200':
          schema:
            "$ref": "#/definitions/User"
      parameters:
      - "$ref": "#/parameters/limitParam"
parameters:
  limitParam:
    name: limit
    in: query
    description: max records to return
    required: true
    schema:
      type: integer
definitions:
  User:
    type: object
    required:
    - id
    - name
    properties:
      id:
        type: integer
        format: int64
      name:
        type: string

Positive test num. 4 - yaml file
swagger: '2.0'
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  "/":
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        '200':
          schema:
            "$ref": "#/definitions/User"
      parameters:
      - "$ref": "#/parameters/limitParam"
parameters:
  limitParam:
    name: limit
    in: query
    description: max records to return
    required: true
    schema:
      type: integer
produces:
- aplication/json
definitions:
  User:
    type: object
    required:
    - id
    - name
    properties:
      id:
        type: integer
        format: int64
      name:
        type: string

Code samples without security vulnerabilities

Negative test num. 1 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "produces": [
          "application/json"
        ],
        "responses": {
          "200": {
            "schema": {
              "$ref": "#/definitions/User"
            }
          }
        },
        "parameters": [
          {
            "$ref": "#/parameters/limitParam"
          }
        ]
      }
    }
  },
  "parameters": {
    "limitParam": {
      "name": "limit",
      "in": "query",
      "description": "max records to return",
      "required": true,
      "schema": {
        "type": "integer"
      }
    }
  },
  "definitions": {
    "User": {
      "type": "object",
      "required": [
        "id",
        "name"
      ],
      "properties": {
        "id": {
          "type": "integer",
          "format": "int64"
        },
        "name": {
          "type": "string"
        }
      }
    }
  }
}
Negative test num. 2 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "responses": {
          "200": {
            "schema": {
              "$ref": "#/definitions/User"
            }
          }
        },
        "parameters": [
          {
            "$ref": "#/parameters/limitParam"
          }
        ]
      }
    }
  },
  "parameters": {
    "limitParam": {
      "name": "limit",
      "in": "query",
      "description": "max records to return",
      "required": true,
      "schema": {
        "type": "integer"
      }
    }
  },
  "produces": [
    "application/json"
  ],
  "definitions": {
    "User": {
      "type": "object",
      "required": [
        "id",
        "name"
      ],
      "properties": {
        "id": {
          "type": "integer",
          "format": "int64"
        },
        "name": {
          "type": "string"
        }
      }
    }
  }
}
Negative test num. 3 - yaml file
swagger: '2.0'
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  "/":
    get:
      operationId: listVersionsv2
      summary: List API versions
      produces:
      - application/json
      responses:
        '200':
          schema:
            "$ref": "#/definitions/User"
      parameters:
      - "$ref": "#/parameters/limitParam"
parameters:
  limitParam:
    name: limit
    in: query
    description: max records to return
    required: true
    schema:
      type: integer
definitions:
  User:
    type: object
    required:
    - id
    - name
    properties:
      id:
        type: integer
        format: int64
      name:
        type: string

Negative test num. 4 - yaml file
swagger: '2.0'
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  "/":
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        '200':
          schema:
            "$ref": "#/definitions/User"
      parameters:
      - "$ref": "#/parameters/limitParam"
parameters:
  limitParam:
    name: limit
    in: query
    description: max records to return
    required: true
    schema:
      type: integer
produces:
- application/json
definitions:
  User:
    type: object
    required:
    - id
    - name
    properties:
      id:
        type: integer
        format: int64
      name:
        type: string