Example JSON Reference Outside Components Examples
- Query id: bac56e3c-1f71-4a74-8ae6-2fba07efcddb
- Query name: Example JSON Reference Outside Components Examples
- Platform: OpenAPI
- Severity: Info
- Category: Structure and Semantics
- CWE: 20
- URL: Github
Description¶
Reference to examples should point to #/components/examples
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"components": {
"securitySchemes": {
"regularSecurity": {
"type": "http",
"scheme": "basic"
}
},
"schemas": {
"ErrorModel": {
"type": "object",
"properties": {
"code": {
"type": "string"
}
}
},
"Address": {
"type": "object",
"properties": {
"street": {
"type": "string"
}
},
"required": [
"street"
]
}
}
},
"paths": {
"/": {
"post": {
"operationId": "updateAddress",
"summary": "updateAddress",
"servers": [
{
"url": "http://kicsapi.com/",
"description": "server URL"
}
],
"responses": {
"200": {
"description": "a pet to be returned",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Address"
}
}
}
},
"default": {
"description": "Unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorModel"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Address"
},
"examples": {
"Address": {
"$ref": "#/components/schemas/Address"
}
}
}
}
}
}
}
}
}
Positive test num. 2 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
components:
securitySchemes:
regularSecurity:
type: http
scheme: basic
schemas:
ErrorModel:
type: object
properties:
code:
type: string
Address:
type: object
properties:
street:
type: string
required:
- street
paths:
"/":
post:
operationId: updateAddress
summary: updateAddress
servers:
- url: http://kicsapi.com/
description: server URL
responses:
'200':
description: a pet to be returned
content:
application/json:
schema:
$ref: '#/components/schemas/Address'
default:
description: Unexpected error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorModel'
requestBody:
content:
'application/json':
schema:
$ref: '#/components/schemas/Address'
examples:
Address:
$ref: '#/components/schemas/Address'
Code samples without security vulnerabilities¶
Negative test num. 1 - json file
{
"openapi": "3.0.0",
"info": {
"title": "Simple API overview",
"version": "1.0.0"
},
"components": {
"securitySchemes": {
"regularSecurity": {
"type": "http",
"scheme": "basic"
}
},
"schemas": {
"ErrorModel": {
"type": "object",
"properties": {
"code": {
"type": "string"
}
}
},
"Address": {
"type": "object",
"properties": {
"street": {
"type": "string"
}
},
"required": [
"street"
]
}
},
"examples": {
"Address": {
"summary": "user address",
"value": {
"street": "my street"
}
}
}
},
"paths": {
"/": {
"post": {
"operationId": "updateAddress",
"summary": "updateAddress",
"servers": [
{
"url": "http://kicsapi.com/",
"description": "server URL"
}
],
"responses": {
"200": {
"description": "a pet to be returned",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Address"
}
}
}
},
"default": {
"description": "Unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorModel"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Address"
},
"examples": {
"Address": {
"$ref": "#/components/examples/Address"
}
}
}
}
}
}
}
}
}
Negative test num. 2 - yaml file
openapi: 3.0.0
info:
title: Simple API overview
version: 1.0.0
components:
securitySchemes:
regularSecurity:
type: http
scheme: basic
schemas:
ErrorModel:
type: object
properties:
code:
type: string
Address:
type: object
properties:
street:
type: string
required:
- street
examples:
Address:
summary: user address
value: { "street": "my street" }
paths:
"/":
post:
operationId: updateAddress
summary: updateAddress
servers:
- url: http://kicsapi.com/
description: server URL
responses:
'200':
description: a pet to be returned
content:
application/json:
schema:
$ref: '#/components/schemas/Address'
default:
description: Unexpected error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorModel'
requestBody:
content:
'application/json':
schema:
$ref: '#/components/schemas/Address'
examples:
Address:
$ref: '#/components/examples/Address'