Success Response Code Undefined for Delete Operation (v3)

Query id: 3b497874-ae59-46dd-8d72-1868a3b8f150
Query name: Success Response Code Undefined for Delete Operation (v3)
Platform: OpenAPI
Severity: Low
Category: Networking and Firewall
CWE: 665
URL: Github

Description¶

Delete should define at least one success response (200, 201, 202 or 204)
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - json file

{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API",
    "version": "1.0.0"
  },
  "paths": {
    "/item": {
      "delete": {
        "operationId": "deleteItem",
        "summary": "Delete item",
        "responses": {
          "default": {
            "description": "Error"
          }
        }
      }
    }
  }
}

Positive test num. 2 - json file

{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API",
    "version": "1.0.0"
  },
  "paths": {
    "/item": {
      "delete": {
        "operationId": "deleteItem",
        "summary": "Delete item",
        "responses": {
          "default": {
            "description": "Error"
          }
        }
      },
      "patch": {
        "operationId": "updateItem",
        "summary": "Update item",
        "responses": {
          "204": {
            "description": "Item updated successfully"
          },
          "default": {
            "description": "Error"
          }
        }
      }
    }
  }
}

Positive test num. 3 - yaml file

openapi: 3.0.0
info:
  title: Simple API
  version: 1.0.0
paths:
  "/item":
    delete:
      operationId: deleteItem
      summary: Delete item
      responses:
        default:
          description: Error

Positive test num. 4 - yaml file

openapi: 3.0.0
info:
  title: Simple API
  version: 1.0.0
paths:
  "/item":
    delete:
      operationId: deleteItem
      summary: Delete item
      responses:
        default:
          description: Error
    patch:
      operationId: updateItem
      summary: Update item
      responses:
        "204":
          description: Item updated successfully
        default:
          description: Error

Positive test num. 5 - json file

{
  "swagger": "2.0",
  "info": {
    "title": "Simple API",
    "version": "1.0.0"
  },
  "paths": {
    "/item": {
      "delete": {
        "operationId": "deleteItem",
        "summary": "Delete item",
        "responses": {
          "default": {
            "description": "Error"
          }
        }
      },
      "patch": {
        "operationId": "updateItem",
        "summary": "Update item",
        "responses": {
          "204": {
            "description": "Item updated successfully"
          },
          "default": {
            "description": "Error"
          }
        }
      }
    }
  }
}

Positive test num. 6 - yaml file

swagger: "2.0"
info:
  title: Simple API
  version: 1.0.0
paths:
  "/item":
    delete:
      operationId: deleteItem
      summary: Delete item
      responses:
        default:
          description: Error
    patch:
      operationId: updateItem
      summary: Update item
      responses:
        "204":
          description: Item updated successfully
        default:
          description: Error

Code samples without security vulnerabilities¶

Negative test num. 1 - json file

Negative test num. 2 - yaml file

< in   pa

Negative test num. 3 - json file

/span>

{ "openapi": "3.0.0", "info": { "title": "Simple API", "version": "1.0.0" }, "paths": { "/item": { "delete": { "operationId": "deleteItem", "summary": "Delete item", "responses": { "204": { "description": "Item deleted successfully" }, "default": { "description": "Error" } } }, "patch": { "operationId": "updateItem", "summary": "Update item", "responses": { "default": { "description": "Error" } } } } } } /span>openapi: 3.0.0 fo: title: Simple API version: 1.0.0 ths: "/item": delete: operationId: deleteItem summary: Delete item responses: "204": description: Item deleted successfully default: description: Error patch: operationId: updateItem summary: Update item responses: default: description: Error /span>{ "swagger": "2.0", "info": { "title": "Simple API", "version": "1.0.0" }, "paths": { "/item": { "delete": { "operationId": "deleteItem", "summary": "Delete item", "responses": { "204": { "description": "Item deleted successfully" }, "default": { "description": "Error" } } }, "patch": { "operationId": "updateItem", "summary": "Update item", "responses": { "default": { "description": "Error" } } } } } }
Negative test num. 4 - yaml file

swagger: "2.0"
info:
  title: Simple API
  version: 1.0.0
paths:
  "/item":
    delete:
      operationId: deleteItem
      summary: Delete item
      responses:
        "204":
          description: Item deleted successfully
        default:
          description: Error
    patch:
      operationId: updateItem
      summary: Update item
      responses:
        default:
          description: Error


Negative test num. 5 - json file

{
    "swagger": "2.0",
    "info": {
      "title": "Simple API",
      "version": "1.0.0"
    },
    "paths": {
      "/item": {
        "delete": {
          "operationId": "deleteItem",
          "summary": "Delete item",
          "responses": {
            "2XX": {
              "description": "Item deleted successfully"
            },
            "default": {
              "description": "Error"
            }
          }
        },
        "patch": {
          "operationId": "updateItem",
          "summary": "Update item",
          "responses": {
            "default": {
              "description": "Error"
            }
          }
        }
      }
    }
  }


Negative test num. 6 - yaml file

swagger: "2.0"
info:
  title: Simple API
  version: 1.0.0
paths:
  "/item":
    delete:
      operationId: deleteItem
      summary: Delete item
      responses:
        "2XX":
          description: Item deleted successfully
        default:
          description: Error
    patch:
      operationId: updateItem
      summary: Update item
      responses:
        default:
          description: Error