Schema: Invalid parameters in path¶
Identifier:
invalid_parameters_in_path
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner |
|---|---|---|
Description¶
When endpoints arent set up correctly with defined path parameters, it can lead to unexpected behavior. Developers might accidentally make mistakes when specifying the location of input values in URLs, which can cause the server to misinterpret data and even open a door for attacks like injections. If an API misroutes requests or can be tricked into processing unexpected input, it risks exposing data or behavior that wasn't intended to be public, so its important to follow the proper guidelines and carefully validate inputs.
References:
- https://swagger.io/docs/specification/paths-and-operations/
- https://swagger.io/specification/#path-templating
Configuration¶
Example¶
Example configuration:
---
security_tests:
invalid_parameters_in_path:
assets_allowed:
- REST
- GRAPHQL
- WEBAPP
skip: false
Reference¶
assets_allowed¶
Type : List[AssetType]*
List of assets that this check will cover.
skip¶
Type : boolean
Skip the test if true.