Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Invalid OWASP API1:2019 detection #230

Open
pcolmer opened this issue Jun 10, 2024 · 1 comment
Open

Invalid OWASP API1:2019 detection #230

pcolmer opened this issue Jun 10, 2024 · 1 comment
Assignees
@AdrianMachado

Comments

@pcolmer
Copy link

pcolmer commented Jun 10, 2024

I have an API that specifies a query parameter like this:

        - in: query
          name: location_id
          description: Optional parameter to limit results to a given org or ou location
          example: org:91522ce0-e52f-47d8-b034-5f3664f740e4
          schema:
            oneOf: 
              - $ref: "#/components/schemas/org_id"
              - $ref: "#/components/schemas/ou_id"

where org_id is thus:

    org_id:
      type: string
      pattern: ^org\:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
      maxLength: 40
      minLength: 40
      example: org:91522ce0-e52f-47d8-b034-5f3664f740e4

and ou_id is thus:

    ou_id:
      type: string
      pattern: ^ou\:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
      maxLength: 39
      minLength: 39
      example: ou:36e41ce2-9675-410d-ade0-ffcc3d8007f9

but this is being flagged up as a OWASP API1:2019 issue.
@AdrianMachado AdrianMachado self-assigned this Jun 19, 2024
@AdrianMachado
Copy link
Contributor

Hey @pcolmer - thanks for the feedback, I will look into this for you

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@AdrianMachado AdrianMachado

Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pcolmer @AdrianMachado