Operation Object Without 'consumes'
- Query id: 0c79e50e-b3cf-490c-b8f6-587c644d4d0c
- Query name: Operation Object Without 'consumes'
- Platform: OpenAPI
- Severity: Medium
- Category: Insecure Configurations
- CWE: 710
- URL: Github
Description¶
Operation Object should have 'consumes' field defined for 'POST', 'PUT' and 'PATCH' operations
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"put": {
"operationId": "updateVersionsv2",
"summary": "Update API versions",
"produces": [
"application/json",
"application/xml"
],
"parameters": []
}
}
}
}
Positive test num. 2 - yaml file
swagger: "2.0"
info:
title: Simple API Overview
version: 1.0.0
paths:
"/":
put:
operationId: updateVersionsv2
summary: Update API versions
produces:
- application/json
- application/xml
parameters: []
Code samples without security vulnerabilities¶
Negative test num. 1 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"put": {
"operationId": "updateVersionsv2",
"summary": "Update API versions",
"produces": [
"application/json",
"application/xml"
],
"consumes": [
"application/x-www-form-urlencoded"
],
"parameters": []
}
}
}
}