Type Has Invalid Keyword (v3)
- Query id: a9228976-10cf-4b5f-b902-9e962aad037a
- Query name: Type Has Invalid Keyword (v3)
- Platform: OpenAPI
- Severity: Info
- Category: Structure and Semantics
- CWE: 20
- URL: Github
Description¶
Schema Object define type should not use a keyword of another type
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/MyObject"
},
"examples": {
"objectExample": {
"$ref": "#/components/examples/objectExample"
}
}
}
}
}
}
}
}
},
"components": {
"schemas": {
"MyObject": {
"type": "object",
"required": [
"id"
],
"properties": {
"id": {
"type": "integer",
"minimum": 1
},
"name": {
"type": "string",
"minLength": 3
},
"phones": {
"type": "array",
"items": {
"type": "number",
"pattern": "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
},
"minItems": 1
}
}
}
},
"examples": {
"objectExample": {
"value": {
"id": "1",
"name": "new object"
},
"summary": "A sample object"
}
}
}
}
Positive test num. 2 - yaml file
swagger: "2.0"
info:
title: Simple API Overview
version: 1.0.0
paths:
/:
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: Success
headers:
X-Rate-Limit-Limit:
description: The number of allowed requests in the current period
type: integer
minLength: 3
Positive test num. 3 - yaml file
openapi: "3.0.2"
info:
title: POI Search
version: "1.0.1"
servers:
- url: https://api.server.test/v1
paths:
/test:
summary: test test
components:
schemas:
PointGenre:
type: string
minimum: 13
maximum: 13
Positive test num. 4 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/MyObject"
},
"examples": {
"objectExample": {
"$ref": "#/components/examples/objectExample"
}
}
}
}
}
}
}
}
},
"components": {
"schemas": {
"MyObject": {
"type": "object",
"required": [
"id"
],
"properties": {
"id": {
"type": "integer",
"minLength": 1
},
"name": {
"type": "string",
"minLength": 3
},
"phones": {
"type": "array",
"items": {
"type": "string",
"pattern": "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
},
"minItems": 1
}
}
}
},
"examples": {
"objectExample": {
"value": {
"id": "1",
"name": "new object"
},
"summary": "A sample object"
}
}
}
}
Positive test num. 5 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/MyObject"
},
"examples": {
"objectExample": {
"$ref": "#/components/examples/objectExample"
}
}
}
}
}
}
}
}
},
"components": {
"schemas": {
"MyObject": {
"type": "object",
"required": [
"id"
],
"properties": {
"id": {
"type": "integer"
},
"name": {
"type": "string",
"minLength": 3,
"required": true
},
"phones": {
"type": "array",
"items": {
"type": "string",
"pattern": "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
},
"minItems": 1
}
}
}
},
"examples": {
"objectExample": {
"value": {
"id": "1",
"name": "new object"
},
"summary": "A sample object"
}
}
}
}
Positive test num. 6 - yaml file
openapi: 3.0.0
info:
title: Simple API Overview
version: 1.0.0
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MyObject"
examples:
objectExample:
"$ref": "#/components/examples/objectExample"
components:
schemas:
MyObject:
type: object
required:
- id
properties:
id:
type: integer
minimum: 1
name:
type: string
minLength: 3
phones:
type: array
items:
type: number
pattern: "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
minItems: 1
examples:
objectExample:
value:
id: '1'
name: new object
summary: A sample object
Positive test num. 7 - yaml file
openapi: 3.0.0
info:
title: Simple API Overview
version: 1.0.0
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MyObject"
examples:
objectExample:
"$ref": "#/components/examples/objectExample"
components:
schemas:
MyObject:
type: object
required:
- id
properties:
id:
type: integer
minLength: 1
name:
type: string
minLength: 3
phones:
type: array
items:
type: string
pattern: "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
minItems: 1
examples:
objectExample:
value:
id: '1'
name: new object
summary: A sample object
Positive test num. 8 - yaml file
openapi: 3.0.0
info:
title: Simple API Overview
version: 1.0.0
paths:
/:
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/MyObject"
examples:
objectExample:
$ref: "#/components/examples/objectExample"
components:
schemas:
MyObject:
type: object
required:
- id
properties:
id:
type: integer
minimum: 1
name:
type: string
minLength: 3
phones:
type: array
items:
type: number
pattern: '\(\d{3}\) ?\d{3}-\d{4}'
minItems: 1
examples:
objectExample:
value:
id: "1"
name: new object
summary: A sample object
Positive test num. 9 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"responses": {
"200": {
"description": "Success"
}
},
"operationId": "listVersionsv2",
"summary": "List API versions"
},
"parameters": [
{
"name": "id",
"in": "body",
"description": "ID of pet to use",
"required": true,
"schema": {
"type": "object",
"required": [
"id"
],
"properties": {
"id": {
"type": "integer",
"minimum": 1
},
"name": {
"type": "string",
"minLength": 3
},
"phones": {
"items": {
"type": "number",
"pattern": "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
},
"minItems": 1,
"type": "array"
}
}
}
},
{
"name": "start_date",
"in": "query",
"type": "string",
"format": "date",
"description": "The start date for the report. Must be used together with `end_date`. This parameter is incompatible with `rdate`.\n",
"maximum": 8,
"minLength": 6
}
]
}
}
}
Positive test num. 10 - yaml file
swagger: "2.0"
info:
title: Simple API Overview
version: 1.0.0
paths:
/:
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: Success
parameters:
- name: id
in: body
description: ID of pet to use
required: true
schema:
type: object
required:
- id
properties:
id:
type: integer
minimum: 1
name:
type: string
minLength: 3
phones:
type: array
items:
type: number
pattern: '\(\d{3}\) ?\d{3}-\d{4}'
minItems: 1
- name: start_date
in: query
type: string
format: date
description: >
The start date for the report. Must be used together with `end_date`.
This parameter is incompatible with `rdate`.
maximum: 8
minLength: 6
Positive test num. 11 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "Success",
"headers": {
"X-Rate-Limit-Limit": {
"description": "The number of allowed requests in the current period",
"type": "integer",
"minLength": 3
}
}
}
}
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/MyObject"
},
"examples": {
"objectExample": {
"$ref": "#/components/examples/objectExample"
}
}
}
}
}
}
}
}
},
"components": {
"schemas": {
"MyObject": {
"type": "object",
"required": [
"id"
],
"properties": {
"id": {
"type": "integer",
"minimum": 1
},
"name": {
"type": "string",
"minLength": 3
},
"phones": {
"type": "array",
"items": {
"type": "string",
"pattern": "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
},
"minItems": 1
}
}
}
},
"examples": {
"objectExample": {
"value": {
"id": "1",
"name": "new object"
},
"summary": "A sample object"
}
}
}
}
Negative test num. 2 - yaml file
---
openapi: 3.0.0
info:
title: Simple API Overview
version: 1.0.0
paths:
"/":
get:
operationId: listVersionsv2
summary: List API versions
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MyObject"
examples:
objectExample:
"$ref": "#/components/examples/objectExample"
components:
schemas:
MyObject:
type: object
required:
- id
properties:
id:
type: integer
minimum: 1
name:
type: string
minLength: 3
phones:
type: array
items:
type: string
pattern: "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
minItems: 1
examples:
objectExample:
value:
id: '1'
name: new object
summary: A sample object
Negative test num. 3 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"responses": {
"200": {
"description": "Success"
}
},
"operationId": "listVersionsv2",
"summary": "List API versions"
},
"parameters": [
{
"name": "id",
"in": "body",
"description": "ID of pet to use",
"required": true,
"schema": {
"type": "object",
"required": [
"id"
],
"properties": {
"id": {
"type": "integer",
"minimum": 1
},
"name": {
"type": "string",
"minLength": 3
},
"phones": {
"type": "array",
"items": {
"type": "string",
"pattern": "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
},
"minItems": 1
}
}
}
},
{
"name": "start_date",
"in": "query",
"type": "string",
"format": "date",
"description": "The start date for the report. Must be used together with `end_date`. This parameter is incompatible with `rdate`.\n",
"maxLength": 8,
"minLength": 6
}
]
}
}
}
Negative test num. 4 - yaml file
swagger: "2.0"
info:
title: Simple API Overview
version: 1.0.0
paths:
/:
get:
operationId: listVersionsv2
summary: List API versions
responses:
"200":
description: Success
parameters:
- name: id
in: body
description: ID of pet to use
required: true
schema:
type: object
required:
- id
properties:
id:
type: integer
minimum: 1
name:
type: string
minLength: 3
phones:
type: array
items:
type: string
pattern: "\\(\\d{3}\\) ?\\d{3}-\\d{4}"
minItems: 1
- name: start_date
in: query
type: string
format: date
description: >
The start date for the report. Must be used together with `end_date`.
This parameter is incompatible with `rdate`.
maxLength: 8
minLength: 6
Negative test num. 5 - json file
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0"
},
"paths": {
"/": {
"get": {
"operationId": "listVersionsv2",
"summary": "List API versions",
"responses": {
"200": {
"description": "Success",
"headers": {
"X-Rate-Limit-Limit": {
"description": "The number of allowed requests in the current period",
"type": "integer",
"minimum": 3
}
}
}
}
}
}
}
}