Context
We exported the OWASP top 10 2023 security rules and replaced the 2019 version. The rule in the title should detect any 4XX rule but we instead find ourselves having to write a custom rule to detect them. I'll show an example as seen through Stoplight.
Current Behavior
Inside our template, within the responses to a get operation we have multiple 4XX responses, including 400. When commenting or deleting the 400 response (as seen in this example), the error arises even though you can see a 401 response right below it.
Expected Behavior
The error should not be raised since there are multiple 4XX, and the rule dictates that any 4XX response can be defined, not only 400 and 422.
Possible Workaround/Solution
We implemented a custom function that does recognize 4XX responses, but the rule should be able to do so.
Context
We exported the OWASP top 10 2023 security rules and replaced the 2019 version. The rule in the title should detect any 4XX rule but we instead find ourselves having to write a custom rule to detect them. I'll show an example as seen through Stoplight.
Current Behavior
Inside our template, within the responses to a get operation we have multiple 4XX responses, including 400. When commenting or deleting the 400 response (as seen in this example), the error arises even though you can see a 401 response right below it.
Expected Behavior
The error should not be raised since there are multiple 4XX, and the rule dictates that any 4XX response can be defined, not only 400 and 422.
Possible Workaround/Solution
We implemented a custom function that does recognize 4XX responses, but the rule should be able to do so.