OpenAPI
OpenAPI Queries List¶
This page contains all queries from OpenAPI.
2.0¶
Below are listed queries related to OpenAPI 2.0:
| Query | Severity | Category | More info |
|---|---|---|---|
| Security Definitions Undefined or Empty e3f026e8-fdb4-4d5a-bcfd-bd94452073fe |
High | Access Control | Query details Documentation |
| Security Requirement Not Defined In Security Definition a599b0d1-ff89-4cb8-9ece-9951854c06f6 |
High | Structure and Semantics | Query details Documentation |
| Global Security Using Password Flow 2da46be4-4317-4650-9285-56d7103c4f93 |
Medium | Access Control | Query details Documentation |
| Implicit Flow in OAuth2 (v2) e9817ad8-a8c9-4038-8a2f-db0e6e7b284b |
Medium | Access Control | Query details Documentation |
| Invalid OAuth2 Authorization URL (v2) 33d96c65-977d-4c33-943f-440baca49185 |
Medium | Access Control | Query details Documentation |
| Invalid OAuth2 Token URL (v2) 274f910a-0665-4f08-b66d-7058fe927dba |
Medium | Access Control | Query details Documentation |
| Operation Using Basic Auth ceefb058-8065-418f-9c4c-584a78c7e104 |
Medium | Access Control | Query details Documentation |
| Operation Using Implicit Flow f42dfe7e-787d-4478-a75e-a5f3d8a2269e |
Medium | Access Control | Query details Documentation |
| Operation Using Password Flow 2e44e632-d617-43cb-b294-6bfe72a08938 |
Medium | Access Control | Query details Documentation |
| Security Definitions Allows Password Flow 773116aa-2e6d-416f-bd85-f0301cc05d76 |
Medium | Access Control | Query details Documentation |
| Security Definitions Using Basic Auth 221015a8-aa2a-43f5-b00b-ad7d2b1d47a8 |
Medium | Access Control | Query details Documentation |
| Global Schemes Uses HTTP f30ee711-0082-4480-85ab-31d922d9a2b2 |
Medium | Encryption | Query details Documentation |
| Path Scheme Accepts HTTP (v2) a6847dc6-f4ea-45ac-a81f-93291ae6c573 |
Medium | Encryption | Query details Documentation |
| Schemes Uses HTTP a46928f1-43d7-4671-94e0-2dd99746f389 |
Medium | Encryption | Query details Documentation |
| Operation Object Without 'consumes' 0c79e50e-b3cf-490c-b8f6-587c644d4d0c |
Medium | Insecure Configurations | Query details Documentation |
| Operation Object Without 'produces' be3e170e-1572-461e-a8b6-d963def581ec |
Medium | Insecure Configurations | Query details Documentation |
| Non OAuth2 Security Requirement Defining OAuth2 Scopes ba239cb9-f342-4c20-812d-7b5a2aa6969e |
Medium | Structure and Semantics | Query details Documentation |
| Undefined Scope 'securityDefinition' On 'security' Field On Operations 3847280c-9193-40bc-8009-76168e822ce2 |
Low | Access Control | Query details Documentation |
| Undefined Scope 'securityDefinition' On Global 'security' Field 9aa6e95c-d964-4239-a3a8-9f37a3c5a31f |
Low | Access Control | Query details Documentation |
| Constraining Enum Property be1d8733-3731-40c7-a845-734741c6871d |
Info | Best Practices | Query details Documentation |
| Global Parameter Definition Not Being Used b30981fa-a12e-49c7-a5bb-eeafb61d0f0f |
Info | Best Practices | Query details Documentation |
| Global Responses Definition Not Being Used 0b76d993-ee52-43e0-8b39-3787d2ddabf1 |
Info | Best Practices | Query details Documentation |
| Global Schema Definition Not Being Used 6d2e0790-cc3d-4c74-b973-d4e8b09f4455 |
Info | Best Practices | Query details Documentation |
| Invalid Media Type Value (v2) f985a7d2-d404-4a7f-9814-f645f791e46e |
Info | Best Practices | Query details Documentation |
| Operation Summary Too Long d47940ca-5970-45cc-bdd1-4d81398cee1f |
Info | Best Practices | Query details Documentation |
| Schema with 'additionalProperties' set as Boolean 3a01790c-ebee-4da6-8fd3-e78657383b75 |
Info | Best Practices | Query details Documentation |
| Unknown Prefix (v2) 3b615f00-c443-4ba9-acc4-7c308716917d |
Info | Best Practices | Query details Documentation |
| BasePath With Wrong Format b4803607-ed72-4d60-99e2-3fa6edf471c6 |
Info | Structure and Semantics | Query details Documentation |
| Body Parameter With Wrong Property c38d630d-a415-4e3e-bac2-65475979ba88 |
Info | Structure and Semantics | Query details Documentation |
| Body Parameter Without Schema ed48229d-d43e-4da7-b453-5f98d964a57a |
Info | Structure and Semantics | Query details Documentation |
| File Parameter With Wrong Consumes Property 7f91992f-b4c8-43bf-9bf9-fae9ecdb6e3a |
Info | Structure and Semantics | Query details Documentation |
| Host With Invalid Pattern 3d7d7b6c-fb0a-475e-8a28-c125e30d15f0 |
Info | Structure and Semantics | Query details Documentation |
| Multi 'collectionformat' Not Valid For 'in' Parameter 750f6448-27c0-49f8-a153-b81735c1e19c |
Info | Structure and Semantics | Query details Documentation |
| Multiple Body Parameters In The Same Operation b90033cf-ad9f-4fb9-acd1-1b9d6d278c87 |
Info | Structure and Semantics | Query details Documentation |
| Non Body Parameter Without Schema 73c3bc54-3cc6-4c0a-b30a-e19f2abfc951 |
Info | Structure and Semantics | Query details Documentation |
| Object Without Required Property (v2) 5e5ecb9d-04b5-4e4f-b5a5-6ee04279b275 |
Info | Structure and Semantics | Query details Documentation |
| Operation Example Mismatch Produces MimeType 2cf35b40-ded3-43d6-9633-c8dcc8bcc822 |
Info | Structure and Semantics | Query details Documentation |
| Operation Object Parameters With 'body' And 'formatData' locations eb3f9744-d24e-4614-b1ff-2a9514eca21c |
Info | Structure and Semantics | Query details Documentation |
| Parameter File Type Not In 'formData' c3cab8c4-6c52-47a9-942b-c27f26fbd7d2 |
Info | Structure and Semantics | Query details Documentation |
| Parameter JSON Reference Does Not Exist (v2) fb889ae9-2d16-40b5-b41f-9da716c5abc1 |
Info | Structure and Semantics | Query details Documentation |
| Parameter Object With Incorrect Ref (v2) 2596545e-1757-4ff7-a15a-8a9a180a42f3 |
Info | Structure and Semantics | Query details Documentation |
| Property Not Unique 750b40be-4bac-4f59-bdc4-1ca0e6c3450e |
Info | Structure and Semantics | Query details Documentation |
| Response Object With Incorrect Ref (v2) bccfa089-89e4-47e0-a0e5-185fe6902220 |
Info | Structure and Semantics | Query details Documentation |
| Responses JSON Reference Does Not Exists (v2) e9db5fb4-6a84-4abb-b4af-3b94fbdace6d |
Info | Structure and Semantics | Query details Documentation |
| Schema JSON Reference Does Not Exist (v2) 98295b32-ec09-4b5b-89a9-39853197f914 |
Info | Structure and Semantics | Query details Documentation |
| Schema Object Incorrect Ref (v2) 0220e1c5-65d1-49dd-b7c2-cef6d6cb5283 |
Info | Structure and Semantics | Query details Documentation |
| Unknown Property (v2) 429b2106-ba37-43ba-9727-7f699cc611e1 |
Info | Structure and Semantics | Query details Documentation |
3.0¶
Below are listed queries related to OpenAPI 3.0:
| Query | Severity | Category | More info |
|---|---|---|---|
| Cleartext Credentials With Basic Authentication For Operation 86b1fa30-9790-4980-994d-a27e0f6f27c1 |
Medium | Access Control | Query details Documentation |
| Field 'securityScheme' On Components Is Undefined 8db5544e-4874-4baa-9322-e9f75a2d219e |
Medium | Access Control | Query details Documentation |
| Global Security Scheme Using Basic Authentication 77276d82-4f45-4cf1-8e2b-4d345b936228 |
Medium | Access Control | Query details Documentation |
| Invalid OAuth2 Authorization URL (v3) 52c0d841-60d6-4a81-88dd-c35fef36d315 |
Medium | Access Control | Query details Documentation |
| Invalid OAuth2 Token URL (v3) 3ba0cca1-b815-47bf-ac62-1e584eb64a05 |
Medium | Access Control | Query details Documentation |
| OAuth2 With Implicit Flow 39cb32f2-3a42-4af0-8037-82a7a9654b6c |
Medium | Access Control | Query details Documentation |
| OAuth2 With Password Flow 3979b0a4-532c-4ea7-86e4-34c090eaa4f2 |
Medium | Access Control | Query details Documentation |
| Security Scheme HTTP Unknown Scheme 06764426-3c56-407e-981f-caa25db1c149 |
Medium | Access Control | Query details Documentation |
| Global Server Object Uses HTTP 2d8c175a-6d90-412b-8b0e-e034ea49a1fe |
Medium | Encryption | Query details Documentation |
| Path Server Object Uses HTTP (v3) 9670f240-7b4d-4955-bd93-edaa9fa38b58 |
Medium | Encryption | Query details Documentation |
| Media Type Object Without Schema f79b9d26-e945-44e7-98a1-b93f0f7a68a0 |
Medium | Insecure Configurations | Query details Documentation |
| Parameter Object Without Schema 8fe1846f-52cc-4413-ace9-1933d7d23672 |
Medium | Insecure Configurations | Query details Documentation |
| Header Object Without Schema 50de3b5b-6465-4e06-a9b0-b4c2ba34326b |
Medium | Networking and Firewall | Query details Documentation |
| API Key Exposed In Global Security Scheme 40e1d1bf-11a9-4f63-a3a2-a8b84c602839 |
Low | Access Control | Query details Documentation |
| Security Scheme Using HTTP Basic 68e5fcac-390c-4939-a373-6074b7be7c71 |
Low | Access Control | Query details Documentation |
| Security Scheme Using HTTP Digest a4247b11-890b-45df-bf42-350a7a3af9be |
Low | Access Control | Query details Documentation |
| Security Scheme Using HTTP Negotiate f525cc92-9050-4c41-a75c-890dc6f64449 |
Low | Access Control | Query details Documentation |
| Security Scheme Using Oauth 1.0 1bc3205c-0d60-44e6-84f3-44fbf4dac5b3 |
Low | Access Control | Query details Documentation |
| Undefined Scope 'securityScheme' On 'security' Field On Operations 462d6a1d-fed9-4d75-bb9e-3de902f35e6e |
Low | Access Control | Query details Documentation |
| Undefined Scope 'securityScheme' On Global 'security' Field 23a9e2d9-8738-4556-a71c-2802b6ffa022 |
Low | Access Control | Query details Documentation |
| Additional Properties Too Permissive 9f88c88d-824d-4d9a-b985-e22977046042 |
Low | Insecure Configurations | Query details Documentation |
| Additional Properties Too Restrictive a19c3bbd-c056-40d7-9e1c-eeb0634e320d |
Low | Insecure Configurations | Query details Documentation |
| Success Response Code Undefined for Trace Operation 105e20dd-8449-4d71-95c6-d5dac96639af |
Low | Networking and Firewall | Query details Documentation |
| Components Callback Definition Is Unused d15db953-a553-4b8a-9a14-a3d62ea3d79d |
Info | Best Practices | Query details Documentation |
| Components Example Definition Is Unused b05bb927-2df5-43cc-8d7b-6825c0e71625 |
Info | Best Practices | Query details Documentation |
| Components Header Definition Is Unused a68da022-e95a-4bc2-97d3-481e0bd6d446 |
Info | Best Practices | Query details Documentation |
| Components Link Definition Is Unused c19779a9-5774-4d2f-a3a1-a99831730375 |
Info | Best Practices | Query details Documentation |
| Components Parameter Definition Is Unused 698a464e-bb3e-4ba8-ab5e-e6599b7644a0 |
Info | Best Practices | Query details Documentation |
| Components Request Body Definition Is Unused 6b76f589-9713-44ab-97f5-59a3dba1a285 |
Info | Best Practices | Query details Documentation |
| Components Response Definition Is Unused 9c3ea128-7e9a-4b4c-8a32-75ad17a2d3ae |
Info | Best Practices | Query details Documentation |
| Components Schema Definition Is Unused 962fa01e-b791-4dcc-b04a-4a3e7389be5e |
Info | Best Practices | Query details Documentation |
| Encoding Header 'Content-Type' Improperly Defined 4cd8de87-b595-48b6-ab3c-1904567135ab |
Info | Best Practices | Query details Documentation |
| Invalid Media Type Value (v3) cf4a5f45-a27b-49df-843a-9911dbfe71d4 |
Info | Best Practices | Query details Documentation |
| Property 'allowEmptyValue' Ignored 59c2f769-7cc2-49c8-a3de-4e211135cfab |
Info | Best Practices | Query details Documentation |
| Property 'allowReserved' of Encoding Object Ignored 4190dda7-af03-4cf0-a128-70ac1661ca09 |
Info | Best Practices | Query details Documentation |
| Property 'explode' of Encoding Object Ignored a4dd69b8-49fa-45d2-a060-c76655405b05 |
Info | Best Practices | Query details Documentation |
| Property 'style' of Encoding Object Ignored d3ea644a-9a5c-4fee-941f-f8a6786c0470 |
Info | Best Practices | Query details Documentation |
| Unknown Prefix (v3) a5375be3-521c-43bb-9eab-e2432e368ee4 |
Info | Best Practices | Query details Documentation |
| Callback JSON Reference Does Not Exist f29904c8-6041-4bca-b043-dfa0546b8079 |
Info | Structure and Semantics | Query details Documentation |
| Callback Object With Incorrect Ref ba066cda-e808-450d-92b6-f29109754d45 |
Info | Structure and Semantics | Query details Documentation |
| Components Object Fixed Field Key Improperly Named 151331e2-11f4-4bb6-bd35-9a005e695087 |
Info | Structure and Semantics | Query details Documentation |
| Empty Array 5915c20f-dffa-4cee-b5d4-f457ddc0151a |
Info | Structure and Semantics | Query details Documentation |
| Encoding Map Key Mismatch Schema Defined Properties cd7a52cf-8d7f-4cfe-bbeb-6306d23f576b |
Info | Structure and Semantics | Query details Documentation |
| Example JSON Reference Does Not Exist 6a2c219f-da5e-4745-941e-5ea8cde23356 |
Info | Structure and Semantics | Query details Documentation |
| Example JSON Reference Outside Components Examples bac56e3c-1f71-4a74-8ae6-2fba07efcddb |
Info | Structure and Semantics | Query details Documentation |
| Header JSON Reference Does Not Exist 376c9390-7e9e-4cb8-a067-fd31c05451fd |
Info | Structure and Semantics | Query details Documentation |
| Header Object With Incorrect Ref 2d6646f4-2946-420f-8c14-3232d49ae0cb |
Info | Structure and Semantics | Query details Documentation |
| Invalid Content Type For Multiple Files Upload 26f06397-36d8-4ce7-b993-17711261d777 |
Info | Structure and Semantics | Query details Documentation |
| Link JSON Reference Does Not Exist 801f0c6a-a834-4467-89c6-ddecffb46b5a |
Info | Structure and Semantics | Query details Documentation |
| Link Object Incorrect Ref b9db8a10-020c-49ca-88c6-780e5fdb4328 |
Info | Structure and Semantics | Query details Documentation |
| Link Object OperationId Does Not Target Operation Object c5bb7461-aa57-470b-a714-3bc3d74f4669 |
Info | Structure and Semantics | Query details Documentation |
| Link Object With Both 'operationId' And 'operationRef' 60fb6621-9f02-473b-9424-ba9a825747d3 |
Info | Structure and Semantics | Query details Documentation |
| Object Without Required Property (v3) d172a060-8569-4412-8045-3560ebd477e8 |
Info | Structure and Semantics | Query details Documentation |
| Parameter JSON Reference Does Not Exist (v3) 2e275f16-b627-4d3f-ae73-a6153a23ae8f |
Info | Structure and Semantics | Query details Documentation |
| Parameter Object Content With Multiple Entries 8bfed1c6-2d59-4924-bc7f-9b9d793ed0df |
Info | Structure and Semantics | Query details Documentation |
| Parameter Object With Incorrect Ref (v3) d40f27e6-15fb-4b56-90f8-fc0ff0291c51 |
Info | Structure and Semantics | Query details Documentation |
| Parameter Object With Schema And Content 31dd6fc0-f274-493b-9614-e063086c19fc |
Info | Structure and Semantics | Query details Documentation |
| Parameter Object With Undefined Type 46facedc-f243-4108-ab33-583b807d50b0 |
Info | Structure and Semantics | Query details Documentation |
| Property 'allowReserved' Improperly Defined 7f203940-39c4-4ea7-91ee-7aba16bca9e2 |
Info | Structure and Semantics | Query details Documentation |
| Request Body JSON Reference Does Not Exist ca02f4e8-d3ae-4832-b7db-bb037516d9e7 |
Info | Structure and Semantics | Query details Documentation |
| Request Body Object With Incorrect Media Type 58f06434-a88c-4f74-826c-db7e10cc7def |
Info | Structure and Semantics | Query details Documentation |
| Request Body With Incorrect Ref 0f6cd0ab-c366-4595-84fc-fbd8b9901e4d |
Info | Structure and Semantics | Query details Documentation |
| Response JSON Reference Does Not Exist (v3) 7a01dfbd-da62-4165-aed7-71349ad42ab4 |
Info | Structure and Semantics | Query details Documentation |
| Response Object With Incorrect Ref (v3) b3871dd8-9333-4d6c-bd52-67eb898b71ab |
Info | Structure and Semantics | Query details Documentation |
| Schema JSON Reference Does Not Exist (v3) 015eac96-6313-43c0-84e5-81b1374fa637 |
Info | Structure and Semantics | Query details Documentation |
| Schema Object Incorrect Ref (v3) 4cac7ace-b0fb-477d-830d-65395d9109d9 |
Info | Structure and Semantics | Query details Documentation |
| Schema With Both ReadOnly And WriteOnly d2361d58-361c-49f0-9e50-b957fd608b29 |
Info | Structure and Semantics | Query details Documentation |
| Security Field Undefined ab1263c2-81df-46f0-9f2c-0b62fdb68419 |
Info | Structure and Semantics | Query details Documentation |
| Security Operation Field Undefined 20a482d5-c5d9-4a7a-b7a4-60d0805047b4 |
Info | Structure and Semantics | Query details Documentation |
| Security Requirement Object With Wrong Scopes 37140f7f-724a-4c87-a536-e9cee1d61533 |
Info | Structure and Semantics | Query details Documentation |
| Server Object Variable Not Used 8aee4754-970d-4c5f-8142-a49dfe388b1a |
Info | Structure and Semantics | Query details Documentation |
| Server URL Not Absolute a0bf7382-5d5a-4224-924c-3db8466026c9 |
Info | Structure and Semantics | Query details Documentation |
| Server URL Uses Undefined Variables 8d0921d6-4131-461f-a253-99e873f8f77e |
Info | Structure and Semantics | Query details Documentation |
| Servers Array Undefined c66ebeaa-676c-40dc-a3ff-3e49395dcd5e |
Info | Structure and Semantics | Query details Documentation |
| Unknown Property (v3) fb7d81e7-4150-48c4-b914-92fc05da6a2f |
Info | Structure and Semantics | Query details Documentation |
SHARED (V2/V3)¶
Below are listed queries related to OpenAPI SHARED (V2/V3):
| Query | Severity | Category | More info |
|---|---|---|---|
| Global Security Field Has An Empty Array (v2) da31d54b-ad54-41dc-95eb-8b3828629213 |
High | Access Control | Security object need to have defined rules in its array and rules should be defined on securityScheme Documentation |
| Global Security Field Has An Empty Array (v3) d674aea4-ba8b-454b-bb97-88a772ea33f0 |
High | Access Control | Query details Documentation |
| Global security field has an empty object (v2) 292919fb-7b26-4454-bee9-ce29094768dd |
High | Access Control | Global security definition must not have empty objects Documentation |
| Global security field has an empty object (v3) 543e38f4-1eee-479e-8eb0-15257013aa0a |
High | Access Control | Query details Documentation |
| Global Security Field Is Undefined (v2) 74703c89-0ea2-49ab-a7db-bf04f19f5a57 |
High | Access Control | Global security field should be defined to prevent API to have insecure paths and have this rules defined on securityDefinitions Documentation |
| Global Security Field Is Undefined (v3) 8af270ce-298b-4405-9922-82a10aee7a4f |
High | Access Control | Query details Documentation |
| No Global And Operation Security Defined (v2) 586abcee-9653-462d-ad7b-2638a32bd6e6 |
High | Access Control | All paths should have security scheme, if it is omitted, global security field should be defined Documentation |
| No Global And Operation Security Defined (v3) 96729c6b-7400-4d9e-9807-17f00cdde4d2 |
High | Access Control | Query details Documentation |
| Security Field On Operations Has An Empty Array (v2) 5d29effc-5d68-481f-9721-d74e5919226b |
High | Access Control | Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error Documentation |
| Security Field On Operations Has An Empty Array (v3) 663c442d-f918-4f62-b096-0bf5dcbeb655 |
High | Access Control | Query details Documentation |
| Security Field On Operations Has An Empty Object Definition (v2) 74581e3b-1d55-4323-a139-5959a7b3abc5 |
High | Access Control | Security object for operations should not be empty object or has any empty object definition Documentation |
| Security Field On Operations Has An Empty Object Definition (v3) baade968-7467-41e4-bf22-83ca222f5800 |
High | Access Control | Query details Documentation |
| Array Without Maximum Number of Items (v2) 99eb2c95-2040-4104-9e7c-e16f7474d218 |
Medium | Insecure Configurations | Array schema/parameter should have the field 'maxItems' set Documentation |
| Array Without Maximum Number of Items (v3) 6998389e-66b2-473d-8d05-c8d71ac4d04d |
Medium | Insecure Configurations | Query details Documentation |
| JSON Object Schema Without Properties (v2) 3d28f751-bc18-4f83-ace0-216b6086410b |
Medium | Insecure Configurations | Schema of the JSON object should have properties defined and 'additionalProperties' set to false. Documentation |
| JSON Object Schema Without Properties (v3) 9d967a2b-9d64-41a6-abea-dfc4960299bd |
Medium | Insecure Configurations | Query details Documentation |
| JSON Object Schema Without Type (v2) 62d52544-82ef-4b75-8308-cad49d50212b |
Medium | Insecure Configurations | Schema of the JSON object should have 'type' defined. Documentation |
| JSON Object Schema Without Type (v3) e2ffa504-d22a-4c94-b6c5-f661849d2db7 |
Medium | Insecure Configurations | Query details Documentation |
| Pattern Undefined (v2) afde15cf-9444-4126-8c62-41cd79db1d1d |
Medium | Insecure Configurations | String schema/parameter/header should have 'pattern' defined. Documentation |
| Pattern Undefined (v3) 00b78adf-b83f-419c-8ed8-c6018441dd3a |
Medium | Insecure Configurations | Query details Documentation |
| Schema Object is Empty (v2) 967575e5-eb44-4c24-aadb-7e33608ed30a |
Medium | Insecure Configurations | The Schema Object should not be empty to avoid accepting any JSON values Documentation |
| Schema Object is Empty (v3) 500ce696-d501-41dd-86eb-eceb011a386f |
Medium | Insecure Configurations | Query details Documentation |
| Response on operations that should have a body has undefined schema (v2) 31afbcb7-70e0-48bb-a31a-3374f95cf859 |
Medium | Networking and Firewall | If a response is not head or its code is not 204 or 304, it should have a schema defined Documentation |
| Response on operations that should have a body has undefined schema (v3) a92be1d5-d762-484a-86d6-8cd0907ba100 |
Medium | Networking and Firewall | Query details Documentation |
| API Key Exposed In Global Security (v2) 533a0d13-6e89-4551-ae33-bce14e5849c1 |
Low | Access Control | API Keys should be transported using a secure method such as HTTPS. Define a security scheme that uses a secure method to transport the API key. Documentation |
| API Key Exposed In Global Security (v3) aecee30b-8ea1-4776-a99c-d6d600f0862f |
Low | Access Control | Query details Documentation |
| API Key Exposed In Operation Security (v2) 392599e4-a4e2-403d-bc56-3fe05755782d |
Low | Access Control | API Keys should be transported using a secure method such as HTTPS. Define a security scheme that uses a secure method to transport the API key. Documentation |
| API Key Exposed In Operation Security (v3) 281b8071-6226-4a43-911d-fec246d422c2 |
Low | Access Control | Query details Documentation |
| Array Items Has No Type (v2) 8697a1a4-82c6-4603-8ac8-57529756744e |
Low | Insecure Configurations | Schema/Parameter array items type should be defined Documentation |
| Array Items Has No Type (v3) be0e0df7-f3d9-42a1-9b6f-d425f94872c4 |
Low | Insecure Configurations | Query details Documentation |
| Invalid Format (v2) caf1793e-95dd-4b18-8d90-8f3c0ab5bddf |
Low | Insecure Configurations | The format should be valid for the type defined. For integer type must be int32 or int64 and number type must be float or double Documentation |
| Invalid Format (v3) d929c031-078f-4241-b802-e224656ad890 |
Low | Insecure Configurations | Query details Documentation |
| Maximum Length Undefined (v2) 2ec86e48-ab90-4cb6-a131-0502afd1f442 |
Low | Insecure Configurations | String schema/parameter/header should have 'maxLength' defined. Documentation |
| Maximum Length Undefined (v3) 8c8261c2-19a9-4ef7-ad37-b8bc7bdd4d85 |
Low | Insecure Configurations | Query details Documentation |
| Numeric Schema Without Format (v2) 3ed8fc82-c2bb-49e0-811f-c53923674c49 |
Low | Insecure Configurations | Numeric schema (type set to 'integer' or 'number') should have 'format' defined. Documentation |
| Numeric Schema Without Format (v3) fbf699b5-ef74-4542-9cf1-f6eeac379373 |
Low | Insecure Configurations | Query details Documentation |
| Numeric Schema Without Maximum (v2) 203eee11-15b6-4d47-b888-4c7f534967ee |
Low | Insecure Configurations | Numeric schema (type set to 'integer' or 'number') should have 'maximum' defined. Documentation |
| Numeric Schema Without Maximum (v3) 2ea04bef-c769-409e-9179-ee3a50b5c0ac |
Low | Insecure Configurations | Query details Documentation |
| Numeric Schema Without Minimum (v2) efd1dfc8-da91-4909-a3f3-c23abc5ec799 |
Low | Insecure Configurations | Numeric schema (type set to 'integer' or 'number') should have 'minimum' defined. Documentation |
| Numeric Schema Without Minimum (v3) 181bd815-767e-4e95-a24d-bb3c87328e19 |
Low | Insecure Configurations | Query details Documentation |
| String Schema with Broad Pattern (v2) e4a019f0-9af3-49c8-bf68-1939a6ff240d |
Low | Insecure Configurations | String schema should restrict the pattern Documentation |
| String Schema with Broad Pattern (v3) 8c81d6c0-716b-49ec-afa5-2d62da4e3f3c |
Low | Insecure Configurations | Query details Documentation |
| Default Response Undefined On Operations (v2) 5f34c7ae-4f3f-4cbb-8fe3-a11d6961062f |
Low | Networking and Firewall | Operations responses should have a default response defined Documentation |
| Default Response Undefined On Operations (v3) 86e3702f-c868-44b2-b61d-ea5316c18110 |
Low | Networking and Firewall | Query details Documentation |
| Response Code Missing (v2) 6e96ed39-bf45-4089-99ba-f1fe7cf6966f |
Low | Networking and Firewall | 500, 429 and 400 responses should be defined for all operations, except head operation. 415 response should be defined for the post, put, and patch operations. 404 response should be defined for the get, put, head, delete operations. 200 response should be defined for options operation. 401 and 403 response should be defined for all operations when the security field is defined. Documentation |
| Response Code Missing (v3) 6c35d2c6-09f2-4e5c-a094-e0e91327071d |
Low | Networking and Firewall | Query details Documentation |
| Response on operations that should not have a body has declared content (v2) 268defd2-2839-4e15-8cbc-de86eb38c231 |
Low | Networking and Firewall | If a response is head or its code is 204 or 304, it shouldn't have a schema defined Documentation |
| Response on operations that should not have a body has declared content (v3) 12a7210b-f4b4-47d0-acac-0a819e2a0ca3 |
Low | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Delete Operation (v2) ad432855-b7fb-4429-92a3-93b5ce34f0b1 |
Low | Networking and Firewall | Delete should define at least one success response (200, 201, 202 or 204) Documentation |
| Success Response Code Undefined for Delete Operation (v3) 3b497874-ae59-46dd-8d72-1868a3b8f150 |
Low | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Get Operation (v2) 9b633f3b-c94b-4fbb-a65b-1a4e9134fb63 |
Low | Networking and Firewall | Get should define at least one success response (200 or 202) Documentation |
| Success Response Code Undefined for Get Operation (v3) b2f275be-7d64-4064-b418-be6b431363a7 |
Low | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Head Operation (v2) 4f0b30e3-a498-4dd7-b3f2-f4b6471a8d5a |
Low | Networking and Firewall | Head should define at least one success response (200 or 202) Documentation |
| Success Response Code Undefined for Head Operation (v3) 3b066059-f411-4554-ac8d-96f32bff90da |
Low | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Patch Operation (v2) f36e87cc-a209-4f37-8571-66833e4aead7 |
Low | Networking and Firewall | Patch should define at least one success response (200, 201, 202 or 204) Documentation |
| Success Response Code Undefined for Patch Operation (v3) 1908a8ee-927d-4166-8f18-241152170cc1 |
Low | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Post Operation (v2) 9fedee41-2e6d-4091-b011-4a16b4c18c70 |
Low | Networking and Firewall | Post should define at least one success response (200, 201, 202 or 204) Documentation |
| Success Response Code Undefined for Post Operation (v3) f368dd2d-9344-4146-a05b-7c6faa1269ad |
Low | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Put Operation (v2) 965a043f-5f3c-4d0a-be72-d9ce12fdb4d6 |
Low | Networking and Firewall | Put should define at least one success response (200, 201, 202 or 204) Documentation |
| Success Response Code Undefined for Put Operation (v3) 60b5f56b-66ff-4e1c-9b62-5753e16825bc |
Low | Networking and Firewall | Query details Documentation |
| Example Not Compliant With Schema Type (v2) 448db771-06ea-4dee-b48c-1689cbfb4b43 |
Info | Best Practices | Examples values and fields should be compliant with the schema type Documentation |
| Example Not Compliant With Schema Type (v3) 881a6e71-c2a7-4fe2-b9c3-dfcf08895331 |
Info | Best Practices | Query details Documentation |
| Header Parameter Named as 'Accept' (v2) 3ddd74cc-6582-486c-8b0c-2b48cb38e0a3 |
Info | Best Practices | The header Parameter should not be named as 'Accept'. If so, it will be ignored. Documentation |
| Header Parameter Named as 'Accept' (v3) f2702af5-6016-46cb-bbc8-84c766032095 |
Info | Best Practices | Query details Documentation |
| Header Parameter Named as 'Authorization' (v2) e2e00c97-7171-4fb4-b461-d631df9a711c |
Info | Best Practices | The header Parameter should not be named as 'Authorization'. If so, it will be ignored. Documentation |
| Header Parameter Named as 'Authorization' (v3) 8c84f75e-5048-4926-a4cb-33e7b3431300 |
Info | Best Practices | Query details Documentation |
| Header Parameter Named as 'Content-Type' (v2) 51978067-3b22-4c29-aaf3-96bf0bc28897 |
Info | Best Practices | The header Parameter should not be named as 'Content-Type'. If so, it will be ignored. Documentation |
| Header Parameter Named as 'Content-Type' (v3) 72d259ca-9741-48dd-9f62-eb11f2936b37 |
Info | Best Practices | Query details Documentation |
| Header Response Name Is Invalid (v2) 86733e01-a435-4bd5-a8b0-5108be9dc1e4 |
Info | Best Practices | The Header Response should not be named as 'Content-Type', 'Authorization' or 'Accept'. If so, it will be ignored. Documentation |
| Header Response Name Is Invalid (v3) d4e43db5-54d8-4dda-b3c2-0dc6f31a46bd |
Info | Best Practices | Query details Documentation |
| Invalid Contact Email (v2) d83bebc8-4e5e-4241-b783-cba9fb5a1c9a |
Info | Best Practices | Contact Object Email should be a valid email Documentation |
| Invalid Contact Email (v3) b1a7fcb0-2afe-4d5c-a6a1-4e6311fc29e7 |
Info | Best Practices | Query details Documentation |
| Invalid Contact URL (v2) c7000383-16d0-4509-8cd3-585e5ea2e2f2 |
Info | Best Practices | Contact Object URL should be a valid URL Documentation |
| Invalid Contact URL (v3) 332cf2ad-380d-4b90-b436-46f8e635cf38 |
Info | Best Practices | Query details Documentation |
| Invalid Global External Documentation URL (v2) 46d3b74d-9fe9-45bf-9e9e-efb7f701ee28 |
Info | Best Practices | Global External Documentation URL should be a valid URL Documentation |
| Invalid Global External Documentation URL (v3) b2d9dbf6-539c-4374-a1fd-210ddf5563a8 |
Info | Best Practices | Query details Documentation |
| Invalid License URL (v2) de2b4910-8484-46d6-a055-dc1e793ee3ff |
Info | Best Practices | License Object URL should be a valid URL Documentation |
| Invalid License URL (v3) 9239c289-9e4c-4d92-8be1-9d506057c971 |
Info | Best Practices | Query details Documentation |
| Invalid Operation External Documentation URL (v2) 25635c31-ee32-4708-88e5-fced87516f51 |
Info | Best Practices | Operation External Documentation URL should be a valid URL Documentation |
| Invalid Operation External Documentation URL (v3) 5ea61624-3733-4a3a-8ca4-b96fec9c5aeb |
Info | Best Practices | Query details Documentation |
| Invalid Schema External Documentation URL (v2) f7fa95b7-d819-484c-9a2b-665dd1bba25e |
Info | Best Practices | Schema External Documentation URL should be a valid URL Documentation |
| Invalid Schema External Documentation URL (v3) 6952a7e0-6e48-4285-bbc1-27c64e60f888 |
Info | Best Practices | Query details Documentation |
| Invalid Tag External Documentation URL (v2) b4a7d925-738b-4219-99d9-87d6ee262a03 |
Info | Best Practices | Tag External Documentation URL should be a valid URL Documentation |
| Invalid Tag External Documentation URL (v3) 5aea1d7e-b834-4749-b143-2c7ec3bd5922 |
Info | Best Practices | Query details Documentation |
| JSON '$ref' alongside other properties (v2) f34c1c68-4773-4df0-a103-6e2ca32e585f |
Info | Best Practices | Each field on Open API specification which accepts '$ref', infers that field is using a reference object, which has only '$ref' key Documentation |
| JSON '$ref' alongside other properties (v3) 96beb800-566f-49a9-a0ea-dbdf4bc80429 |
Info | Best Practices | Query details Documentation |
| Object Using Enum With Keyword (v2) 7f15962a-d862-451c-ac9b-84ec13747aa6 |
Info | Best Practices | Schema/Parameter/Header Object properties should not contain 'enum' and schema keywords Documentation |
| Object Using Enum With Keyword (v3) 2e9b6612-8f69-42e0-a5b8-ed17739c2f3a |
Info | Best Practices | Query details Documentation |
| Operation Without Successful HTTP Status Code (v2) a1ee6ebe-3877-42ec-b9a6-e524e7d06aa2 |
Info | Best Practices | Operation Object should have at least one successful HTTP status code defined Documentation |
| Operation Without Successful HTTP Status Code (v3) 48e9e1fe-cf79-45b5-93e6-8b55ae5dadfd |
Info | Best Practices | Query details Documentation |
| Path Without Operation (v2) 609cd557-66b4-41fa-8edd-2abc6c7cfd08 |
Info | Best Practices | Path object should have at least one operation object defined Documentation |
| Path Without Operation (v3) 84c826c9-1893-4b34-8cdd-db97645b4bf3 |
Info | Best Practices | Query details Documentation |
| Required Property With Default Value (v2) f7ab6c83-ef89-40e1-8a99-32e2599fb665 |
Info | Best Practices | Required properties receive value from requests, which makes unnecessary declare a default value Documentation |
| Required Property With Default Value (v3) 013bdb4b-9246-4248-b0c3-7fb0fee42a29 |
Info | Best Practices | Query details Documentation |
| Default Invalid (v2) 78dfd8f0-a6ee-48ec-af8c-e4d9b3292a07 |
Info | Structure and Semantics | The field 'default' of Schema/Parameter/Header Object should be consistent with the schema's/parameter's/header's type Documentation |
| Default Invalid (v3) a96bbc06-8cde-4295-ad3c-ee343a7f658e |
Info | Structure and Semantics | Query details Documentation |
| Items Undefined (v2) 3e4d34d2-36cf-4449-976d-6c256db8fc49 |
Info | Structure and Semantics | Schema/Parameter items should be defined when the schema/parameter is set to an array. Documentation |
| Items Undefined (v3) a8e859da-4a43-4e7f-94b8-25d6e3bf8e90 |
Info | Structure and Semantics | Query details Documentation |
| Non-Array Schema With Items (v2) 9d47956b-29cd-43b1-9e6e-b39a4d484353 |
Info | Structure and Semantics | Non-Array Schema should not have 'items' defined Documentation |
| Non-Array Schema With Items (v3) 20cb3159-b219-496b-8dac-54ae3ab2021a |
Info | Structure and Semantics | Query details Documentation |
| OperationId Not Unique (v2) 21245007-91c4-40e5-964e-40c85d1e5aa6 |
Info | Structure and Semantics | OperationId should be unique when defined Documentation |
| OperationId Not Unique (v3) c254adc4-ef25-46e1-8270-b7944adb4198 |
Info | Structure and Semantics | Query details Documentation |
| Parameter Objects Headers With Duplicated Name (v2) bd2cbef5-62c4-40f1-af07-4b7f9ced6616 |
Info | Structure and Semantics | Parameter Objects should not have duplicate names for 'header' location, since HTTP headers are not case sensitive. Documentation |
| Parameter Objects Headers With Duplicated Name (v3) 05505192-ba2c-4a81-9b25-dcdbcc973746 |
Info | Structure and Semantics | Query details Documentation |
| Parameters Name In Combination Not Unique (v2) ab871897-ec02-4835-9818-702536ee1dda |
Info | Structure and Semantics | Parameters properties 'name' and 'in' should have unique combinations Documentation |
| Parameters Name In Combination Not Unique (v3) f5b2e6af-76f5-496d-8482-8f898c5fdb4a |
Info | Structure and Semantics | Query details Documentation |
| Path Is Ambiguous (v2) b2468463-3ac4-4930-890c-f35b2bf4485d |
Info | Structure and Semantics | All path should be unique, if has more than one operation, all operations should be part of same Path Object Documentation |
| Path Is Ambiguous (v3) 237402e2-c2f0-46c9-9cf5-286160cf7bfc |
Info | Structure and Semantics | Query details Documentation |
| Path Parameter Not Required (v2) ccd0613f-cb77-4684-a892-183bd2674d12 |
Info | Structure and Semantics | The property 'required' determines whether the parameter is mandatory. If the parameter location is 'path', this property is required and its value must be true. Documentation |
| Path Parameter Not Required (v3) 0de50145-e845-47f4-9a15-23bcf2125710 |
Info | Structure and Semantics | Query details Documentation |
| Path Parameter With No Corresponding Template Path (v2) 194ef1f8-360e-4c14-8ed2-e83e2bafa142 |
Info | Structure and Semantics | The path parameter must have a corresponding template path for a given operation Documentation |
| Path Parameter With No Corresponding Template Path (v3) 69d7aefd-149d-47b8-8d89-1c2181a8067b |
Info | Structure and Semantics | Query details Documentation |
| Path Template is Empty (v2) c201b7ad-6173-4598-a407-5edb04a1bcd7 |
Info | Structure and Semantics | All path templates should not be empty Documentation |
| Path Template is Empty (v3) ae13a37d-943b-47a7-a970-83c8598bcca3 |
Info | Structure and Semantics | Query details Documentation |
| Paths Object is Empty (v2) 3e6c7b1c-8a8d-43ab-98b9-65159f44db4a |
Info | Structure and Semantics | Paths object may be empty due to ACL constraints, meaning they are not exposed Documentation |
| Paths Object is Empty (v3) 815021c8-a50c-46d9-b192-24f71072c400 |
Info | Structure and Semantics | Query details Documentation |
| Properties Missing Required Property (v2) 71beb6ab-8b70-4816-a9ac-a0ff1fb22a62 |
Info | Structure and Semantics | Schema Object should have all required properties defined Documentation |
| Properties Missing Required Property (v3) 3fb03214-25d4-4bd4-867c-c2d8d708a483 |
Info | Structure and Semantics | Query details Documentation |
| Property 'allowEmptyValue' Improperly Defined (v2) 0bc1477d-0922-478b-ae16-674a7634a1a8 |
Info | Structure and Semantics | Property 'allowEmptyValue' should be only defined for query parameters and formData parameters Documentation |
| Property 'allowEmptyValue' Improperly Defined (v3) 4bcbcd52-3028-469f-bc14-02c7dbba2df2 |
Info | Structure and Semantics | Query details Documentation |
| Property Defining Minimum Greater Than Maximum (v2) b5102ea9-6527-4bb7-94fc-9b4076150e55 |
Info | Structure and Semantics | Property defining minimum has greater value than maximum defined Documentation |
| Property Defining Minimum Greater Than Maximum (v3) ab2af219-cd08-4233-b5a1-a788aac88b51 |
Info | Structure and Semantics | Query details Documentation |
| Responses Object Is Empty (v2) 6172e7ab-d2b7-45f8-a7db-1603931d8ba3 |
Info | Structure and Semantics | Responses Object should not be empty Documentation |
| Responses Object Is Empty (v3) 990eaf09-d6f1-4c3c-b174-a517b1de8917 |
Info | Structure and Semantics | Query details Documentation |
| Responses With Wrong HTTP Status Code (v2) 069a5378-2091-43f0-aa3b-ee8f20996e99 |
Info | Structure and Semantics | HTTP Responses status code should be in range of [200-599] Documentation |
| Responses With Wrong HTTP Status Code (v3) d86655c0-92f6-4ffc-b4d5-5b5775804c27 |
Info | Structure and Semantics | Query details Documentation |
| Schema Discriminator Mismatch Defined Properties (v2) addc0eab-27f6-4c26-8526-d2ccd3732662 |
Info | Structure and Semantics | Schema discriminator values should match defined properties. Documentation |
| Schema Discriminator Mismatch Defined Properties (v3) 40d3df21-c170-4dbe-9c02-4289b51f994f |
Info | Structure and Semantics | Query details Documentation |
| Schema Discriminator Not Required (v2) be6a3722-af60-438c-b1b9-2a03e2958ab7 |
Info | Structure and Semantics | The discriminator property in the Schema Object should be a required property Documentation |
| Schema Discriminator Not Required (v3) b481d46c-9c61-480f-86d9-af07146dc4a4 |
Info | Structure and Semantics | Query details Documentation |
| Schema Discriminator Property Not String (v2) 949376f1-f560-4c6d-a016-63424ca931bb |
Info | Structure and Semantics | Schema discriminator property should be a string Documentation |
| Schema Discriminator Property Not String (v3) dadc2f36-1f5a-46c0-8289-75e626583123 |
Info | Structure and Semantics | Query details Documentation |
| Schema Enum Invalid (v2) 8fe6d18a-ad4c-4397-8884-e3a9da57f4c9 |
Info | Structure and Semantics | The field 'enum' of Schema Object should be consistent with the schema's type Documentation |
| Schema Enum Invalid (v3) 03856cb2-e46c-4daf-bfbf-214ec93c882b |
Info | Structure and Semantics | Query details Documentation |
| Schema Has A Required Property Undefined (v2) 811762c8-2e99-4f70-88f9-a63875a953b1 |
Info | Structure and Semantics | Schema Object should not be have a required property that is not defined on properties Documentation |
| Schema Has A Required Property Undefined (v3) 2bd608ae-8a1f-457f-b710-c237883cb313 |
Info | Structure and Semantics | Query details Documentation |
| Schema Object Properties With Duplicated Keys (v2) ded017bf-fb13-4f8d-868b-84aebcc572ad |
Info | Structure and Semantics | Schema Object Property key should be unique through out the fields 'properties', 'allOf', 'additionalProperties' Documentation |
| Schema Object Properties With Duplicated Keys (v3) 10c61e4b-eed5-49cf-9c7d-d4bf02e9edfa |
Info | Structure and Semantics | Query details Documentation |
| Schema Object With Circular Ref (v2) cbff2508-85c9-4448-a8b3-770070edf5ca |
Info | Structure and Semantics | Schema Object should not reference it self in 'allOf', 'oneOf', 'anyOf' and 'not' properties Documentation |
| Schema Object With Circular Ref (v3) 1a1aea94-745b-40a7-b860-0702ea6ee636 |
Info | Structure and Semantics | Query details Documentation |
| Template Path With No Corresponding Path Parameter (v2) e7656d8d-7288-4bbe-b07b-22b389be75ce |
Info | Structure and Semantics | The template path must have a corresponding path parameter for a given operation Documentation |
| Template Path With No Corresponding Path Parameter (v3) 561710b1-b845-4562-95ce-2397a05ccef4 |
Info | Structure and Semantics | Query details Documentation |
| Type Has Invalid Keyword (v2) 492c6cbb-f3f8-4807-aa4f-42b8b1c46b59 |
Info | Structure and Semantics | Schema/Parameter/Header Object define type should not use a keyword of another type Documentation |
| Type Has Invalid Keyword (v3) a9228976-10cf-4b5f-b902-9e962aad037a |
Info | Structure and Semantics | Query details Documentation |