Unknown Prefix (v3)

  • Query id: a5375be3-521c-43bb-9eab-e2432e368ee4
  • Query name: Unknown Prefix (v3)
  • Platform: OpenAPI
  • Severity: Info
  • Category: Best Practices
  • CWE: 20
  • URL: Github

Description

The media type prefix should be set as 'application', 'audio', 'font', 'example', 'image', 'message', 'model', 'multipart', 'text' or 'video'
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0",
    "contact": {
      "name": "contact",
      "url": "https://www.google.com/",
      "email": "user@gmail.c"
    }
  },
  "paths": {
    "/": {
      "get": {
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "responses": {
          "200": {
            "description": "200 response",
            "content": {
              "application/json": {
                "examples": {
                  "foo": {
                    "value": {
                      "versions": [
                        {
                          "status": "CURRENT",
                          "updated": "2011-01-21T11:33:21Z",
                          "id": "v2.0",
                          "links": [
                            {
                              "href": "http://127.0.0.1:8774/v2/",
                              "rel": "self"
                            }
                          ]
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "components": {
    "responses": {
      "ResponseExample": {
        "description": "200 response",
        "content": {
          "applicasdsadtion/json": {
            "schema": {
              "discriminator": {
                "propertyName": "petType"
              },
              "properties": {
                "code": {
                  "type": "string",
                  "format": "binary"
                },
                "message": {
                  "type": "string"
                }
              },
              "type": "object"
            },
            "encoding": {
              "profileImage": {
                "contentType": "image/png, image/jpeg"
              }
            }
          }
        }
      }
    }
  }
}
Positive test num. 2 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0",
    "contact": {
      "name": "contact",
      "url": "https://www.google.com/",
      "email": "user@gmail.c"
    }
  },
  "paths": {
    "/": {
      "get": {
        "responses": {
          "200": {
            "description": "200 response",
            "content": {
              "ddddd/json": {
                "schema": {
                  "type": "object",
                  "discriminator": {
                    "propertyName": "petType"
                  },
                  "properties": {
                    "code": {
                      "type": "string",
                      "format": "binary"
                    },
                    "message": {
                      "type": "string"
                    }
                  }
                },
                "encoding": {
                  "profileImage": {
                    "contentType": "image/png, image/jpeg"
                  }
                }
              }
            }
          }
        },
        "operationId": "listVersionsv2",
        "summary": "List API versions"
      }
    }
  }
}
Positive test num. 3 - yaml file
openapi: 3.0.0
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  "/":
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        "200":
          description: 200 response
          content:
            application/json:
              examples:
                foo:
                  value:
                    versions:
                      - status: CURRENT
                        updated: "2011-01-21T11:33:21Z"
                        id: v2.0
                        links:
                          - href: http://127.0.0.1:8774/v2/
                            rel: self
components:
  responses:
    ResponseExample:
      description: 200 response
      content:
        sssssss/json:
          schema:
            type: object
            discriminator:
              propertyName: petType
            properties:
              code:
                type: string
                format: binary
              message:
                type: string
          encoding:
            profileImage:
              contentType: image/png, image/jpeg

Positive test num. 4 - yaml file
openapi: 3.0.0
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  "/":
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        "200":
          description: 200 response
          content:
            applicatisdsdsdon/json:
              schema:
                type: object
                discriminator:
                  propertyName: petType
                properties:
                  code:
                    type: string
                    format: binary
                  message:
                    type: string
              encoding:
                profileImage:
                  contentType: image/png, image/jpeg

Code samples without security vulnerabilities

Negative test num. 1 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0",
    "contact": {
      "name": "contact",
      "url": "https://www.google.com/",
      "email": "user@gmail.c"
    }
  },
  "paths": {
    "/": {
      "get": {
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "responses": {
          "200": {
            "description": "200 response",
            "content": {
              "application/json": {
                "examples": {
                  "foo": {
                    "value": {
                      "versions": [
                        {
                          "status": "CURRENT",
                          "updated": "2011-01-21T11:33:21Z",
                          "id": "v2.0",
                          "links": [
                            {
                              "href": "http://127.0.0.1:8774/v2/",
                              "rel": "self"
                            }
                          ]
                        }
                      ]
                    }
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "components": {
    "responses": {
      "ResponseExample": {
        "description": "200 response",
        "content": {
          "application/json": {
            "schema": {
              "discriminator": {
                "propertyName": "petType"
              },
              "properties": {
                "code": {
                  "type": "string",
                  "format": "binary"
                },
                "message": {
                  "type": "string"
                }
              },
              "type": "object"
            },
            "encoding": {
              "code": {
                "contentType": "image/png, image/jpeg"
              }
            }
          }
        }
      }
    }
  }
}
Negative test num. 2 - json file
{
  "openapi": "3.0.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0",
    "contact": {
      "name": "contact",
      "url": "https://www.google.com/",
      "email": "user@gmail.c"
    }
  },
  "paths": {
    "/": {
      "get": {
        "responses": {
          "200": {
            "description": "200 response",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "discriminator": {
                    "propertyName": "petType"
                  },
                  "properties": {
                    "code": {
                      "type": "string",
                      "format": "binary"
                    },
                    "message": {
                      "type": "string"
                    }
                  }
                },
                "encoding": {
                  "code": {
                    "contentType": "image/png, image/jpeg"
                  }
                }
              }
            }
          }
        },
        "operationId": "listVersionsv2",
        "summary": "List API versions"
      }
    }
  }
}
Negative test num. 3 - yaml file
openapi: 3.0.0
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  "/":
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        "200":
          description: 200 response
          content:
            application/json:
              examples:
                foo:
                  value:
                    versions:
                      - status: CURRENT
                        updated: "2011-01-21T11:33:21Z"
                        id: v2.0
                        links:
                          - href: http://127.0.0.1:8774/v2/
                            rel: self
components:
  responses:
    ResponseExample:
      description: 200 response
      content:
        application/json:
          schema:
            type: object
            discriminator:
              propertyName: petType
            properties:
              code:
                type: string
                format: binary
              message:
                type: string
          encoding:
            code:
              contentType: image/png, image/jpeg

Negative test num. 4 - yaml file
openapi: 3.0.0
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  "/":
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        "200":
          description: 200 response
          content:
            application/json:
              schema:
                type: object
                discriminator:
                  propertyName: petType
                properties:
                  code:
                    type: string
                    format: binary
                  message:
                    type: string
              encoding:
                code:
                  contentType: image/png, image/jpeg