Body Parameter With Wrong Property

Query id: c38d630d-a415-4e3e-bac2-65475979ba88
Query name: Body Parameter With Wrong Property
Platform: OpenAPI
Severity: Info
Category: Structure and Semantics
URL: Github

Description¶

The Body Parameter Object should only have the following properties defined - 'name', 'in', 'description', 'required', and 'schema'
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - json file

Positive test num. 2 - yaml file

< in   pa

/span>

{ "swagger": "2.0", "info": { "title": "Simple API Overview", "version": "1.0.0" }, "paths": { "/": { "get": { "parameters": [ { "name": "limit2", "in": "body", "description": "max records to return", "required": true, "schema": { "type": "string" }, class="w">            "desc": { "type": "string" } } ], "operationId": "listVersionsv2", "summary": "List API versions", "responses": { "200": { "description": "200 response" } } } } }, "parameters": { "limitParam": { "name": "limit", "in": "body", "description": "max records to return", "required": true, "schema": { "type": "string" }, class="w">      "desc": { "type": "string" } } } } /span>swagger: "2.0" fo: title: Simple API Overview version: 1.0.0 ths: "/": get: operationId: listVersionsv2 summary: List API versions responses: "200": description: 200 response parameters: - name: limit2 in: body description: max records to return required: true schema: type: string class="w">          desc: type: string >parameters: limitParam: name: limit in: body description: max records to return required: true schema: type: string class="w">    desc: type: string
Code samples without security vulnerabilities¶
Negative test num. 1 - json file{
  "swagger": "2.0",
  "info": {
    "title": "Simple API Overview",
    "version": "1.0.0"
  },
  "paths": {
    "/": {
      "get": {
        "parameters": [
          {
            "name": "limit2",
            "in": "body",
            "description": "max records to return",
            "required": true,
            "schema": {
              "type": "integer"
            }
          }
        ],
        "operationId": "listVersionsv2",
        "summary": "List API versions",
        "responses": {
          "200": {
            "description": "200 response"
          }
        }
      }
    }
  },
  "parameters": {
    "limitParam": {
      "name": "limit",
      "in": "body",
      "description": "max records to return",
      "required": true,
      "schema": {
        "type": "integer"
      }
    }
  }
}

Negative test num. 2 - yaml fileswagger: "2.0"
info:
  title: Simple API Overview
  version: 1.0.0
paths:
  "/":
    get:
      operationId: listVersionsv2
      summary: List API versions
      responses:
        "200":
          description: 200 response
      parameters:
        - name: limit2
          in: body
          description: max records to return
          required: true
          schema:
            type: object
parameters:
  limitParam:
    name: limit
    in: body
    description: max records to return
    required: true
    schema:
      type: object