Open UncleGoogle opened 5 months ago
Hi @UncleGoogle ,
Thank you for your inputs! Our internal AppSec team will check it soon. We will keep you updated.
(APPSEC-2558)
@UncleGoogle KICS is not scanning the code sample you provided, seems like it's an invalid one (we also checked it by using this tool). Kindly provide a valid openapi file so we can have a better look into it.
Hi @gabriel-cx . Sure, I've extracted full example:
swagger: '2.0'
info:
title: Example API
version: '1.0'
schemes:
- https
produces:
- application/json
paths:
/v1/dataSourceTypes:
get:
tags:
- data_sources
parameters:
- name: limit
in: query
required: false
default: 300
type: integer
format: int32
description: ''
- name: offset
in: query
required: false
type: integer
format: int32
description: ''
- name: order_field
in: query
required: false
type: string
description: ''
- name: order_direction
in: query
required: false
enum:
- ASC
- DESC
type: string
description: ''
responses:
200:
description: Successful Response
schema:
type: string
headers: {}
408:
description: Backend call time-out
schema:
type: string
headers: {}
delete:
tags:
- data_sources
deprecated: false
produces:
- application/json
consumes:
- application/json
parameters:
- name: ids
in: query
required: true
type: array
items:
type: string
description: ''
- name: recursive
in: query
required: false
type: boolean
description: ''
responses:
200:
description: Successful Response
schema:
type: string
headers: {}
404:
description: DataSource ID not found
schema:
type: string
headers: {}
408:
description: Backend call time-out
schema:
type: string
headers: {}
Hi @UncleGoogle ,
Thank you!! We will analyze your inputs and we will keep you updated.
In the openapi v2 docs we can see this
so in this example parameters are valid (talking about "inner" itemes"):
Expected Behavior
No error
Actual Behavior
error 5e5ecb9d-04b5-4e4f-b5a5-6ee04279b275 is raised with descriprtion:
Specifications