Type Has Invalid Keyword (v3)

  • Query id: a9228976-10cf-4b5f-b902-9e962aad037a
  • Query name: Type Has Invalid Keyword (v3)
  • Platform: OpenAPI
  • Severity: Info
  • Category: Structure and Semantics
  • CWE: Ongoing
  • URL: Github

Description

Schema Object define type should not use a keyword of another type
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "responses": {
          "200": {
            "description": "Success",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/MyObject"
                },
                "examples": {
                  "objectExample": {
                    "$ref": "#/components/examples/objectExample"
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "components": {
    "schemas": {
      "MyObject": {
        "type": "object",
        "required": [
          "id"
        ],
        "properties": {
          "id": {
            "type": "integer",
            "minimum": 1
          },
          "name": {
            "type": "string",
            "minLength": 3
          },
          "phones": {
            "type": "array",
            "items": {
              "type": "number",
              "pattern": "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
            },
            "minItems": 1
          }
        }
      }
    },
    "examples": {
      "objectExample": {
        "value": {
          "id": "1",
          "name": "new object"
        },
        "summary": "A sample object"
      }
    }
  }
}
Positive test num. 2 - yaml file
swagger: "2.0"
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  /:
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        "200":
          description: Success
          headers:
            X-Rate-Limit-Limit:
              description: The number of allowed requests in the current period
              type: integer
              minLength: 3
Positive test num. 3 - yaml file
openapi: "3.0.2"
info:
  title: POI Search
  version: "1.0.1"
servers:
  - url: https://api.server.test/v1
paths:
  /test:
    summary: test test
components:
  schemas:
    PointGenre:
      type: string
      minimum: 13
      maximum: 13

Positive test num. 4 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "responses": {
          "200": {
            "description": "Success",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/MyObject"
                },
                "examples": {
                  "objectExample": {
                    "$ref": "#/components/examples/objectExample"
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "components": {
    "schemas": {
      "MyObject": {
        "type": "object",
        "required": [
          "id"
        ],
        "properties": {
          "id": {
            "type": "integer",
            "minLength": 1
          },
          "name": {
            "type": "string",
            "minLength": 3
          },
          "phones": {
            "type": "array",
            "items": {
              "type": "string",
              "pattern": "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
            },
            "minItems": 1
          }
        }
      }
    },
    "examples": {
      "objectExample": {
        "value": {
          "id": "1",
          "name": "new object"
        },
        "summary": "A sample object"
      }
    }
  }
}
Positive test num. 5 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "responses": {
          "200": {
            "description": "Success",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/MyObject"
                },
                "examples": {
                  "objectExample": {
                    "$ref": "#/components/examples/objectExample"
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "components": {
    "schemas": {
      "MyObject": {
        "type": "object",
        "required": [
          "id"
        ],
        "properties": {
          "id": {
            "type": "integer"
          },
          "name": {
            "type": "string",
            "minLength": 3,
            "required": true
          },
          "phones": {
            "type": "array",
            "items": {
              "type": "string",
              "pattern": "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
            },
            "minItems": 1
          }
        }
      }
    },
    "examples": {
      "objectExample": {
        "value": {
          "id": "1",
          "name": "new object"
        },
        "summary": "A sample object"
      }
    }
  }
}
Positive test num. 6 - yaml file
openapi: 3.0.0
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  "/":
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/MyObject"
              examples:
                objectExample:
                  "$ref": "#/components/examples/objectExample"
components:
  schemas:
    MyObject:
      type: object
      required:
      - id
      properties:
        id:
          type: integer
          minimum: 1
        name:
          type: string
          minLength: 3
        phones:
          type: array
          items:
            type: number
            pattern: "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
          minItems: 1
  examples:
    objectExample:
      value:
        id: '1'
        name: new object
      summary: A sample object
Positive test num. 7 - yaml file
openapi: 3.0.0
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  "/":
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/MyObject"
              examples:
                objectExample:
                  "$ref": "#/components/examples/objectExample"
components:
  schemas:
    MyObject:
      type: object
      required:
      - id
      properties:
        id:
          type: integer
          minLength: 1
        name:
          type: string
          minLength: 3
        phones:
          type: array
          items:
            type: string
            pattern: "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
          minItems: 1
  examples:
    objectExample:
      value:
        id: '1'
        name: new object
      summary: A sample object
Positive test num. 8 - yaml file
openapi: 3.0.0
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  /:
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        "200":
          description: Success
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/MyObject"
              examples:
                objectExample:
                  $ref: "#/components/examples/objectExample"
components:
  schemas:
    MyObject:
      type: object
      required:
        - id
      properties:
        id:
          type: integer
          minimum: 1
        name:
          type: string
          minLength: 3
        phones:
          type: array
          items:
            type: number
            pattern: '\(\d{3}\) ?\d{3}-\d{4}'
          minItems: 1
  examples:
    objectExample:
      value:
        id: "1"
        name: new object
      summary: A sample object
Positive test num. 9 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "responses": {
          "200": {
            "description": "Success"
          }
        },
        "operationId": "listVersionsv2",
        "summary": "List API versions"
      },
      "parameters": [
        {
          "name": "id",
          "in": "body",
          "description": "ID of pet to use",
          "required": true,
          "schema": {
            "type": "object",
            "required": [
              "id"
            ],
            "properties": {
              "id": {
                "type": "integer",
                "minimum": 1
              },
              "name": {
                "type": "string",
                "minLength": 3
              },
              "phones": {
                "items": {
                  "type": "number",
                  "pattern": "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
                },
                "minItems": 1,
                "type": "array"
              }
            }
          }
        },
        {
          "name": "start_date",
          "in": "query",
          "type": "string",
          "format": "date",
          "description": "The start date for the report. Must be used together with `end_date`. This parameter is incompatible with `rdate`.\n",
          "maximum": 8,
          "minLength": 6
        }
      ]
    }
  }
}
Positive test num. 10 - yaml file
swagger: "2.0"
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  /:
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        "200":
          description: Success
    parameters:
      - name: id
        in: body
        description: ID of pet to use
        required: true
        schema:
          type: object
          required:
            - id
          properties:
            id:
              type: integer
              minimum: 1
            name:
              type: string
              minLength: 3
            phones:
              type: array
              items:
                type: number
                pattern: '\(\d{3}\) ?\d{3}-\d{4}'
              minItems: 1
      - name: start_date
        in: query
        type: string
        format: date
        description: >
          The start date for the report. Must be used together with `end_date`.
          This parameter is incompatible with `rdate`.
        maximum: 8
        minLength: 6
Positive test num. 11 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "responses": {
          "200": {
            "description": "Success",
            "headers": {
              "X-Rate-Limit-Limit": {
                "description": "The number of allowed requests in the current period",
                "type": "integer",
                "minLength": 3
              }
            }
          }
        }
      }
    }
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "responses": {
          "200": {
            "description": "Success",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/MyObject"
                },
                "examples": {
                  "objectExample": {
                    "$ref": "#/components/examples/objectExample"
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "components": {
    "schemas": {
      "MyObject": {
        "type": "object",
        "required": [
          "id"
        ],
        "properties": {
          "id": {
            "type": "integer",
            "minimum": 1
          },
          "name": {
            "type": "string",
            "minLength": 3
          },
          "phones": {
            "type": "array",
            "items": {
              "type": "string",
              "pattern": "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
            },
            "minItems": 1
          }
        }
      }
    },
    "examples": {
      "objectExample": {
        "value": {
          "id": "1",
          "name": "new object"
        },
        "summary": "A sample object"
      }
    }
  }
}
Negative test num. 2 - yaml file
---
openapi: 3.0.0
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  "/":
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/MyObject"
              examples:
                objectExample:
                  "$ref": "#/components/examples/objectExample"
components:
  schemas:
    MyObject:
      type: object
      required:
      - id
      properties:
        id:
          type: integer
          minimum: 1
        name:
          type: string
          minLength: 3
        phones:
          type: array
          items:
            type: string
            pattern: "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
          minItems: 1
  examples:
    objectExample:
      value:
        id: '1'
        name: new object
      summary: A sample object
Negative test num. 3 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "responses": {
          "200": {
            "description": "Success"
          }
        },
        "operationId": "listVersionsv2",
        "summary": "List API versions"
      },
      "parameters": [
        {
          "name": "id",
          "in": "body",
          "description": "ID of pet to use",
          "required": true,
          "schema": {
            "type": "object",
            "required": [
              "id"
            ],
            "properties": {
              "id": {
                "type": "integer",
                "minimum": 1
              },
              "name": {
                "type": "string",
                "minLength": 3
              },
              "phones": {
                "type": "array",
                "items": {
                  "type": "string",
                  "pattern": "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
                },
                "minItems": 1
              }
            }
          }
        },
        {
          "name": "start_date",
          "in": "query",
          "type": "string",
          "format": "date",
          "description": "The start date for the report. Must be used together with `end_date`. This parameter is incompatible with `rdate`.\n",
          "maxLength": 8,
          "minLength": 6
        }
      ]
    }
  }
}

Negative test num. 4 - yaml file
swagger: "2.0"
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  /:
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        "200":
          description: Success
    parameters:
      - name: id
        in: body
        description: ID of pet to use
        required: true
        schema:
          type: object
          required:
            - id
          properties:
            id:
              type: integer
              minimum: 1
            name:
              type: string
              minLength: 3
            phones:
              type: array
              items:
                type: string
                pattern: "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
              minItems: 1
      - name: start_date
        in: query
        type: string
        format: date
        description: >
          The start date for the report. Must be used together with `end_date`.
          This parameter is incompatible with `rdate`.
        maxLength: 8
        minLength: 6
Negative test num. 5 - json file
{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "responses": {
          "200": {
            "description": "Success",
            "headers": {
              "X-Rate-Limit-Limit": {
                "description": "The number of allowed requests in the current period",
                "type": "integer",
                "minimum": 3
              }
            }
          }
        }
      }
    }
  }
}
Negative test num. 6 - yaml file
swagger: "2.0"
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  /:
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        "200":
          description: Success
          headers:
            X-Rate-Limit-Limit:
              description: The number of allowed requests in the current period
              type: integer
              minimum: 3