Invalid parameters in path¶
Description¶
Your current schema doesn't follow the OpenAPI Specification for path parameters. Ensure that the parameters are correctly defined in the path.
In the OpenAPI 3.0 specification, parameters in the path should be defined using curly braces, like so: /user/{id}/books.
Remediation¶
Update your OpenAPI schema to correctly define the path parameters according to the OpenAPI Specification. Ensure that the parameters are correctly defined in the path and that they follow the required format.
REST Specific¶
Asp_net
Ensure that all path parameters in your ASP.NET routes match the OpenAPI Specification by verifying the route templates in your controller actions. Use the [FromRoute] attribute to bind path parameters to action method parameters correctly.Ruby_on_rails
In Ruby on Rails, ensure that your route parameters are properly defined in the config/routes.rb file using the ':parameter' syntax. Validate the presence and types of path parameters in your controller actions, and use strong parameters to prevent unwanted parameters from being processed.Next_js
In Next.js, ensure that dynamic routes are correctly defined using file and folder naming conventions. For example, use `[param]` for dynamic parameters in the file name. Validate and sanitize path parameters in `getServerSideProps` or API routes to adhere to the OpenAPI Specification.Laravel
In Laravel, ensure that your route parameters match the expected pattern by using regular expression constraints in your route definitions. Also, validate path parameters using Laravel's built-in validation features or form request validation to adhere to the OpenAPI Specification.Express_js
In Express.js, define path parameters using the colon syntax in your route definitions. For example, use app.get('/users/:userId', handler) to capture the 'userId' parameter. Ensure all path parameters are declared in this manner and match the OpenAPI Specification.Django
In Django, ensure that your URL patterns use angle brackets to capture parameters from the path. For example, use 'path('items/Symfony
In Symfony, ensure that your route definitions include proper placeholders for parameters, and that the corresponding controller methods accept these parameters as arguments. Use the 'requirements' attribute to define parameter patterns according to the OpenAPI Specification.Spring_boot
In Spring Boot, ensure that path variables in your controller methods are properly annotated with @PathVariable and match the corresponding template placeholders in your @RequestMapping or @GetMapping annotations. Also, validate that the data types of the path variables are consistent with the expected parameter types in the OpenAPI definition.Flask
In Flask, ensure that path parameters are defined using angle brackets in your route. For example, use '@app.route('/resource/\Nuxt
Ensure that all dynamic segments in your Nuxt.js routes are properly defined according to the framework's conventions. Use the params object in your page components to access the path parameters.Fastapi
In FastAPI, ensure that path parameters match the function arguments and are of the correct type. Use Pydantic models for validation and declare path parameters using FastAPI's Path function for additional validation.Frappe
Ensure that path parameters in your Frappe framework routes are defined using curly braces, following the OpenAPI 3.0 specification, like `/user/{id}/books`.Genzio
Ensure that path parameters in your Genzio framework engine are defined using curly braces, following the OpenAPI 3.0 specification, such as `/resource/{parameter}`.Gin
Ensure that path parameters in your Gin framework routes are defined using curly braces, such as `/user/{id}/books`, to comply with the OpenAPI Specification.Gorilla
Ensure that path parameters in your Gorilla framework routes are defined using curly braces, such as `/user/{id}/books`, to comply with the OpenAPI 3.0 specification.Hapi
Ensure that path parameters in your Hapi route definitions are enclosed in curly braces, such as `/user/{id}/books`, to comply with the OpenAPI 3.0 specification.Hono
Ensure that path parameters in your Hono framework engine are defined using curly braces, following the OpenAPI 3.0 specification, such as `/user/{id}/books`.Jersey
Ensure that path parameters in your Jersey framework endpoints are correctly defined using curly braces, such as `/user/{id}/books`, to comply with the OpenAPI Specification.Koa
Ensure that path parameters in your Koa routes are defined using curly braces, following the OpenAPI 3.0 specification, like `/user/{id}/books`.Ktor
Ensure that path parameters in your Ktor routes are defined using curly braces, such as `/user/{id}/books`, to comply with the OpenAPI Specification.Leptos
Ensure that path parameters in your Leptos framework routes are defined using curly braces, following the OpenAPI 3.0 specification, like `/user/{id}/books`.Macaron
Ensure that path parameters in your Macaron framework routes are defined using curly braces, following the OpenAPI 3.0 specification, like `/user/{id}/books`.Phoenix
Ensure that path parameters in your Phoenix framework routes are defined using curly braces, such as `/user/:id/books`, to align with the OpenAPI Specification.Redwoodjs
Ensure that your RedwoodJS routes use parameterized paths by defining parameters within curly braces, such as `/user/{id}/profile`, to comply with the OpenAPI Specification.Rocket
Ensure path parameters in your Rocket framework routes are enclosed in curly braces, e.g., `/user/{id}/books`, to comply with OpenAPI 3.0 specifications.Sveltekit
Ensure that your SvelteKit routes use parameterized paths by defining parameters within curly braces, such as `/user/[id]/books`, to align with the OpenAPI Specification for path parameters.Configuration¶
Identifier:
schema/invalid_parameters_in_path
Examples¶
Ignore this check¶
Score¶
- Escape Severity:
Compliance¶
- OWASP: API9:2023
- OWASP LLM: LLM07:2023
- pci: 1.1
- gdpr: Article-32
- soc2: CC1
- psd2: Article-95
- iso27001: A.14.2
- nist: SP800-53
- fedramp: AC-2
Classification¶
- CWE: 758
Score¶
- CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N