Schema Object Properties With Duplicated Keys (v3)
- Query id: 10c61e4b-eed5-49cf-9c7d-d4bf02e9edfa
- Query name: Schema Object Properties With Duplicated Keys (v3)
- Platform: OpenAPI
- Severity: Info
- Category: Structure and Semantics
- CWE: 20
- URL: Github
Description¶
Schema Object Property key should be unique through out the fields 'properties', 'allOf', 'additionalProperties'
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "user@gmail.c"
}
},
"paths": {},
"components": {
"schemas": {
"ErrorModel": {
"type": "object",
"required": [
"message",
"code"
],
"properties": {
"message": {
"type": "string"
},
"code": {
"type": "integer",
"minimum": 100,
"maximum": 600
}
},
"allOf": [
{
"$ref": "#/components/schemas/ErrorModel"
},
{
"type": "object",
"required": [
"code"
],
"properties": {
"code": {
"type": "integer",
"minimum": 100,
"maximum": 600
}
}
}
],
"additionalProperties": [
{
"type": "object",
"required": [
"code"
],
"properties": {
"code": {
"type": "string"
}
}
}
]
}
}
}
}
Positive test num. 2 - yaml file
openapi: 3.0.0
info:
title: Simple API Overview
version: 1.0.0
contact:
name: contact
url: https://www.google.com/
email: user@gmail.c
paths: {}
components:
schemas:
ErrorModel:
type: object
required:
- message
- code
properties:
message:
type: string
code:
type: integer
minimum: 100
maximum: 600
allOf:
- "$ref": "#/components/schemas/ErrorModel"
- type: object
required:
- code
properties:
code:
type: integer
minimum: 100
maximum: 600
additionalProperties:
- type: object
required:
- code
properties:
code:
type: string
Positive test num. 3 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "user@gmail.c"
}
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": {
"schema": {
"type": "object",
"discriminator": {
"propertyName": "petType"
},
"properties": {
"message": {
"type": "string"
},
"code": {
"type": "integer",
"minimum": 100,
"maximum": 600
}
},
"allOf": [
{
"$ref": "#/components/schemas/ErrorModel"
},
{
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string"
}
}
}
],
"additionalProperties": [
{
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string"
}
}
}
]
}
}
}
}
}
}
}
}
}
Positive test num. 4 - yaml file
openapi: 3.0.0
info:
title: Simple API Overview
version: 1.0.0
contact:
name: contact
url: https://www.google.com/
email: user@gmail.c
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: 200 response
content:
application/json:
schema:
type: object
discriminator:
propertyName: petType
properties:
message:
type: string
code:
type: integer
minimum: 100
maximum: 600
allOf:
- "$ref": "#/components/schemas/ErrorModel"
- type: object
required:
- message
properties:
message:
type: string
additionalProperties:
- type: object
required:
- message
properties:
message:
type: string
Positive test num. 5 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "user@gmail.c"
}
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": {
"schema": {
"type": "object",
"discriminator": {
"propertyName": "petType"
},
"properties": {
"message": {
"type": "string"
},
"code": {
"type": "integer",
"minimum": 100,
"maximum": 600
}
},
"allOf": [
{
"$ref": "#/definitions/ErrorModel"
},
{
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string"
}
}
}
],
"additionalProperties": [
{
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string"
}
}
}
]
}
}
}
}
}
}
}
}
}
Positive test num. 6 - yaml file
swagger: '2.0'
info:
title: Simple API Overview
version: 1.0.0
contact:
name: contact
url: https://www.google.com/
email: user@gmail.c
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
'200':
description: 200 response
content:
application/json:
schema:
type: object
discriminator:
propertyName: petType
properties:
message:
type: string
code:
type: integer
minimum: 100
maximum: 600
allOf:
- "$ref": "#/definitions/ErrorModel"
- type: object
required:
- message
properties:
message:
type: string
additionalProperties:
- type: object
required:
- message
properties:
message:
type: string
Code samples without security vulnerabilities¶
Negative test num. 1 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "user@gmail.c"
}
},
"paths": {},
"components": {
"schemas": {
"ErrorModel": {
"type": "object",
"required": [
"message",
"code"
],
"properties": {
"message": {
"type": "string"
},
"code": {
"type": "integer",
"minimum": 100,
"maximum": 600
}
},
"allOf": [
{
"$ref": "#/components/schemas/ErrorModel"
},
{
"type": "object",
"required": [
"rootCause"
],
"properties": {
"rootCause": {
"type": "string"
}
}
}
]
},
"ErrorModel_2": {
"type": "object",
"required": [
"message2",
"code2"
],
"properties": {
"message2": {
"type": "string"
},
"code2": {
"type": "integer",
"minimum": 100,
"maximum": 600
}
},
"allOf": [
{
"$ref": "#/components/schemas/ErrorModel"
},
{
"type": "object",
"required": [
"rootCause2"
],
"properties": {
"rootCause2": {
"type": "string"
}
}
}
]
}
}
}
}
Negative test num. 2 - yaml file
openapi: 3.0.0
info:
title: Simple API Overview
version: 1.0.0
contact:
name: contact
url: https://www.google.com/
email: user@gmail.c
paths: {}
components:
schemas:
ErrorModel:
type: object
required:
- message
- code
properties:
message:
type: string
code:
type: integer
minimum: 100
maximum: 600
allOf:
- "$ref": "#/components/schemas/ErrorModel"
- type: object
required:
- rootCause
properties:
rootCause:
type: string
ErrorModel_2:
type: object
required:
- message2
- code2
properties:
message2:
type: string
code2:
type: integer
minimum: 100
maximum: 600
allOf:
- "$ref": "#/components/schemas/ErrorModel"
- type: object
required:
- rootCause2
properties:
rootCause2:
type: string
Negative test num. 3 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "user@gmail.c"
}
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": {
"schema": {
"type": "object",
"discriminator": {
"propertyName": "petType"
},
"properties": {
"message": {
"type": "string"
},
"code": {
"type": "integer",
"minimum": 100,
"maximum": 600
}
},
"allOf": [
{
"$ref": "#/components/schemas/ErrorModel"
},
{
"type": "object",
"required": [
"rootCause"
],
"properties": {
"rootCause": {
"type": "string"
}
}
}
]
}
}
}
}
}
}
}
}
}
Negative test num. 4 - yaml file
openapi: 3.0.0
info:
title: Simple API Overview
version: 1.0.0
contact:
name: contact
url: https://www.google.com/
email: user@gmail.c
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: 200 response
content:
application/json:
schema:
type: object
discriminator:
propertyName: petType
properties:
message:
type: string
code:
type: integer
minimum: 100
maximum: 600
allOf:
- "$ref": "#/components/schemas/ErrorModel"
- type: object
required:
- rootCause
properties:
rootCause:
type: string
Negative test num. 5 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "user@gmail.c"
}
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": {
"schema": {
"type": "object",
"discriminator": {
"propertyName": "petType"
},
"properties": {
"message": {
"type": "string"
},
"code": {
"type": "integer",
"minimum": 100,
"maximum": 600
}
},
"allOf": [
{
"$ref": "#/definitions/ErrorModel"
},
{
"type": "object",
"required": [
"rootCause"
],
"properties": {
"rootCause": {
"type": "string"
}
}
}
]
}
}
}
}
}
}
}
}
}
Negative test num. 6 - yaml file
swagger: '2.0'
info:
title: Simple API Overview
version: 1.0.0
contact:
name: contact
url: https://www.google.com/
email: user@gmail.c
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
'200':
description: 200 response
content:
application/json:
schema:
type: object
discriminator:
propertyName: petType
properties:
message:
type: string
code:
type: integer
minimum: 100
maximum: 600
allOf:
- "$ref": "#/definitions/ErrorModel"
- type: object
required:
- rootCause
properties:
rootCause:
type: string