Path Is Ambiguous (v3)
- Query id: 237402e2-c2f0-46c9-9cf5-286160cf7bfc
- Query name: Path Is Ambiguous (v3)
- Platform: OpenAPI
- Severity: Info
- Category: Structure and Semantics
- CWE: 20
- URL: Github
Description¶
All path should be unique, if has more than one operation, all operations should be part of same Path Object
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
paths:
"/users/{id}":
get:
parameters:
- in: path
name: id
required: true
description: The user ID
schema:
type: integer
minimum: 1
responses:
"200":
description: 200 response
"/users/{ids}":
get:
parameters:
- in: path
name: id
required: true
description: The user ID
schema:
type: integer
minimum: 1
responses:
"200":
description: 200 response
Positive test num. 2 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"paths": {
"/users/{id}": {
"get": {
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"description": "The user ID",
"schema": {
"type": "integer",
"minimum": 1
}
}
],
"responses": {
"200": {
"description": "200 response"
}
}
}
},
"/users/{ids}": {
"get": {
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"description": "The user ID",
"schema": {
"type": "integer",
"minimum": 1
}
}
],
"responses": {
"200": {
"description": "200 response"
}
}
}
}
}
}
Positive test num. 3 - yaml file
swagger: "2.0"
info:
title: Simple API Overview
version: 1.0.0
contact:
name: contact
url: https://www.google.com/
email: user@gmail.com
paths:
"/users/{id}":
get:
parameters:
- in: path
name: id
required: true
description: The user ID
type: string
responses:
"200":
description: 200 response
"/users/{ids}":
get:
parameters:
- in: path
name: id
required: true
description: The user ID
type: string
responses:
"200":
description: 200 response
Positive test num. 4 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "user@gmail.com"
}
},
"paths": {
"/users/{id}": {
"get": {
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"description": "The user ID",
"type": "string"
}
],
"responses": {
"200": {
"description": "200 response"
}
}
}
},
"/users/{ids}": {
"get": {
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"description": "The user ID",
"type": "string"
}
],
"responses": {
"200": {
"description": "200 response"
}
}
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
paths:
"/users/{id}":
get:
parameters:
- in: path
name: id
required: true
description: The user ID
schema:
type: integer
minimum: 1
responses:
"200":
description: 200 response
"/user/{id}":
get:
parameters:
- in: path
name: id
required: true
description: The user ID
schema:
type: integer
minimum: 1
responses:
"200":
description: 200 response
Negative test num. 2 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"paths": {
"/users/{id}": {
"get": {
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"description": "The user ID",
"schema": {
"type": "integer",
"minimum": 1
}
}
],
"responses": {
"200": {
"description": "200 response"
}
}
}
},
"/user/{id}": {
"get": {
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"description": "The user ID",
"schema": {
"type": "integer",
"minimum": 1
}
}
],
"responses": {
"200": {
"description": "200 response"
}
}
}
}
}
}
Negative test num. 3 - yaml file
swagger: "2.0"
info:
title: Simple API Overview
version: 1.0.0
contact:
name: contact
url: https://www.google.com/
email: user@gmail.com
paths:
"/users/{id}":
get:
parameters:
- in: path
name: id
required: true
description: The user ID
type: string
responses:
"200":
description: 200 response
"/user/{id}":
get:
parameters:
- in: path
name: id
required: true
description: The user ID
type: string
responses:
"200":
description: 200 response
Negative test num. 4 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "user@gmail.com"
}
},
"paths": {
"/users/{id}": {
"get": {
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"description": "The user ID",
"type": "string"
}
],
"responses": {
"200": {
"description": "200 response"
}
}
}
},
"/user/{id}": {
"get": {
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"description": "The user ID",
"type": "string"
}
],
"responses": {
"200": {
"description": "200 response"
}
}
}
}
}
}