Unknown Property (v2)
- Query id: 429b2106-ba37-43ba-9727-7f699cc611e1
- Query name: Unknown Property (v2)
- Platform: OpenAPI
- Severity: Info
- Category: Structure and Semantics
- CWE: Ongoing
- URL: Github
Description¶
All properties defined in OpenAPI objects should be known
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"summary": "List API versions",
"responses": {
"200": {
"description": "OK"
}
},
"operationId": "listVersionsv2"
},
"parameters": [
{
"descripption": "ID of pet to use",
"required": true,
"type": "array",
"items": {
"type": "string"
},
"collectionFormat": "csv",
"name": "id",
"in": "path"
}
]
}
},
"definitions": {
"ErrorModel": {
"type": "object",
"required": [
"message",
"code"
],
"propppperties": {
"message": {
"type": "string"
},
"code": {
"type": "integer",
"minimum": 100,
"maximum": 600
}
}
}
}
}
Positive test num. 2 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"nameee": "contact",
"url": "https://www.google.com/",
"email": "user@gmail.com"
}
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response"
}
}
}
}
},
"taggs": [
{
"name": "pets"
}
]
}
Positive test num. 3 - yaml file
swagger: "2.0"
info:
title: Simple API Overview
version: 1.0.0
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: OK
parameters:
- name: id
in: path
descripption: ID of pet to use
required: true
type: array
items:
type: string
collectionFormat: csv
definitions:
ErrorModel:
type: object
required:
- message
- code
propppperties:
message:
type: string
code:
type: integer
minimum: 100
maximum: 600
Positive test num. 4 - yaml file
Code samples without security vulnerabilities¶
Negative test num. 1 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"summary": "List API versions",
"responses": {
"200": {
"description": "OK"
}
},
"operationId": "listVersionsv2"
},
"parameters": [
{
"description": "ID of pet to use",
"required": true,
"type": "array",
"items": {
"type": "string"
},
"collectionFormat": "csv",
"name": "id",
"in": "path"
}
]
}
},
"definitions": {
"ErrorModel": {
"type": "object",
"required": [
"message",
"code"
],
"properties": {
"message": {
"type": "string"
},
"code": {
"type": "integer",
"minimum": 100,
"maximum": 600
}
}
}
}
}
Negative test num. 2 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "user@gmail.com"
}
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response"
}
}
}
}
},
"tags": [
{
"name": "pets"
}
]
}
Negative test num. 3 - yaml file
swagger: "2.0"
info:
title: Simple API Overview
version: 1.0.0
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: OK
parameters:
- name: id
in: path
description: ID of pet to use
required: true
type: array
items:
type: string
collectionFormat: csv
definitions:
ErrorModel:
type: object
required:
- message
- code
properties:
message:
type: string
code:
type: integer
minimum: 100
maximum: 600