Path Parameter Not Required (v3)
- Query id: 0de50145-e845-47f4-9a15-23bcf2125710
- Query name: Path Parameter Not Required (v3)
- Platform: OpenAPI
- Severity: Info
- Category: Structure and Semantics
- CWE: 665
- URL: Github
Description¶
The property 'required' determines whether the parameter is mandatory. If the parameter location is 'path', this property is required and its value must be true.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": {
"examples": {
"foo": {
"value": {
"versions": [
{
"status": "CURRENT",
"updated": "2011-01-21T11:33:21Z",
"id": "v2.0",
"links": [
{
"href": "http://127.0.0.1:8774/v2/",
"rel": "self"
}
]
}
]
}
}
}
}
}
}
}
},
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the API version",
"required": false,
"schema": {
"type": "integer"
}
}
]
}
}
}
Positive test num. 2 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: 200 response
content:
application/json:
examples:
foo:
value:
versions:
- status: CURRENT
updated: "2011-01-21T11:33:21Z"
id: v2.0
links:
- href: http://127.0.0.1:8774/v2/
rel: self
parameters:
- name: id
in: path
description: ID of the API version
required: false
schema:
type: integer
Positive test num. 3 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": {
"examples": {
"foo": {
"value": {
"versions": [
{
"status": "CURRENT",
"updated": "2011-01-21T11:33:21Z",
"id": "v2.0",
"links": [
{
"href": "http://127.0.0.1:8774/v2/",
"rel": "self"
}
]
}
]
}
}
}
}
}
}
}
},
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the API version",
"schema": {
"type": "integer"
}
}
]
}
}
}
Positive test num. 4 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: 200 response
content:
application/json:
examples:
foo:
value:
versions:
- status: CURRENT
updated: "2011-01-21T11:33:21Z"
id: v2.0
links:
- href: http://127.0.0.1:8774/v2/
rel: self
parameters:
- name: id
in: path
description: ID of the API version
schema:
type: integer
Positive test num. 5 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"components": {
"parameters": {
"idParam": {
"name": "id",
"in": "path",
"description": "ID of the API the version",
"required": false,
"schema": {
"type": "integer"
}
},
"nameParam": {
"name": "nameAPI",
"in": "path",
"description": "Name of the API the version",
"schema": {
"type": "integer"
}
}
}
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": {
"examples": {
"foo": {
"value": {
"versions": [
{
"status": "CURRENT",
"updated": "2011-01-21T11:33:21Z",
"id": "v2.0",
"links": [
{
"href": "http://127.0.0.1:8774/v2/",
"rel": "self"
}
]
}
]
}
}
}
}
}
}
}
},
"parameters": [
{
"$ref": "#components/parameters/idParam"
}
]
}
}
}
Positive test num. 6 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
components:
parameters:
idParam:
name: id
in: path
description: ID of the API version
required: false
schema:
type: integer
nameParam:
name: nameAPI
in: path
description: Name of the API version
schema:
type: integer
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: 200 response
content:
application/json:
examples:
foo:
value:
versions:
- status: CURRENT
updated: "2011-01-21T11:33:21Z"
id: v2.0
links:
- href: http://127.0.0.1:8774/v2/
rel: self
parameters:
- $ref: "#components/parameters/idParam"
Positive test num. 7 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response"
}
}
},
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the API version",
"type": "string"
}
]
}
}
}
Positive test num. 8 - yaml file
Code samples without security vulnerabilities¶
Negative test num. 1 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": {
"examples": {
"foo": {
"value": {
"versions": [
{
"status": "CURRENT",
"updated": "2011-01-21T11:33:21Z",
"id": "v2.0",
"links": [
{
"href": "http://127.0.0.1:8774/v2/",
"rel": "self"
}
]
}
]
}
}
}
}
}
}
}
},
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the API the version",
"required": true,
"schema": {
"type": "integer"
}
}
]
}
}
}
Negative test num. 2 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: 200 response
content:
application/json:
examples:
foo:
value:
versions:
- status: CURRENT
updated: "2011-01-21T11:33:21Z"
id: v2.0
links:
- href: http://127.0.0.1:8774/v2/
rel: self
parameters:
- name: id
in: path
description: ID of the API version
required: true
schema:
type: integer
Negative test num. 3 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"components": {
"parameters": {
"idParam": {
"name": "id",
"in": "path",
"description": "ID of the API the version",
"required": true,
"schema": {
"type": "integer"
}
}
}
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": {
"examples": {
"foo": {
"value": {
"versions": [
{
"status": "CURRENT",
"updated": "2011-01-21T11:33:21Z",
"id": "v2.0",
"links": [
{
"href": "http://127.0.0.1:8774/v2/",
"rel": "self"
}
]
}
]
}
}
}
}
}
}
}
},
"parameters": [
{
"$ref": "#components/parameters/idParam"
}
]
}
}
}
Negative test num. 4 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
components:
parameters:
idParam:
name: id
in: path
description: ID of the API version
required: true
schema:
type: integer
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: 200 response
content:
application/json:
examples:
foo:
value:
versions:
- status: CURRENT
updated: "2011-01-21T11:33:21Z"
id: v2.0
links:
- href: http://127.0.0.1:8774/v2/
rel: self
parameters:
- $ref: "#components/parameters/idParam"
Negative test num. 5 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response"
}
}
},
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the API version",
"type": "string",
"required": true
}
]
}
}
}