Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid OWASP API1:2019 detection #230

Open
pcolmer opened this issue Jun 10, 2024 · 1 comment
Open

Invalid OWASP API1:2019 detection #230

pcolmer opened this issue Jun 10, 2024 · 1 comment
Assignees
@AdrianMachado

Comments

@pcolmer
Copy link

pcolmer commented Jun 10, 2024

I have an API that specifies a query parameter like this:

        - in: query
          name: location_id
          description: Optional parameter to limit results to a given org or ou location
          example: org:91522ce0-e52f-47d8-b034-5f3664f740e4
          schema:
            oneOf: 
              - $ref: "#/components/schemas/org_id"
              - $ref: "#/components/schemas/ou_id"

where org_id is thus:

    org_id:
      type: string
      pattern: ^org\:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
      maxLength: 40
      minLength: 40
      example: org:91522ce0-e52f-47d8-b034-5f3664f740e4

and ou_id is thus:

    ou_id:
      type: string
      pattern: ^ou\:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
      maxLength: 39
      minLength: 39
      example: ou:36e41ce2-9675-410d-ade0-ffcc3d8007f9

but this is being flagged up as a OWASP API1:2019 issue.
@AdrianMachado AdrianMachado self-assigned this Jun 19, 2024
@AdrianMachado
Copy link
Contributor

Hey @pcolmer - thanks for the feedback, I will look into this for you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdrianMachado AdrianMachado

Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pcolmer @AdrianMachado