Open
Description
I have an API that specifies a query parameter like this:
- in: query
name: location_id
description: Optional parameter to limit results to a given org or ou location
example: org:91522ce0-e52f-47d8-b034-5f3664f740e4
schema:
oneOf:
- $ref: "#/components/schemas/org_id"
- $ref: "#/components/schemas/ou_id"
where org_id is thus:
org_id:
type: string
pattern: ^org\:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
maxLength: 40
minLength: 40
example: org:91522ce0-e52f-47d8-b034-5f3664f740e4
and ou_id is thus:
ou_id:
type: string
pattern: ^ou\:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
maxLength: 39
minLength: 39
example: ou:36e41ce2-9675-410d-ade0-ffcc3d8007f9
but this is being flagged up as a OWASP API1:2019 issue.
Metadata
Metadata
Assignees
Labels
No labels