Security Test: Invalid references¶

Description¶

Default Severity:

Invalid references occur when a system points to components that don't actually exist. This usually happens when you're expecting everything to be defined in one file, but then you end up with a pointer to something missing, causing errors or unexpected behavior when the system tries to use it. The real risk is that if these broken references aren’t caught, your application might crash or behave unpredictably, potentially opening up opportunities for attackers to exploit the error conditions. Developers commonly overlook validating references or assume they're all correctly defined, which can lead to security and stability issues down the line.

Reference:

https://swagger.io/specification/#relative-references-in-uris

Configuration¶

Identifier: schema/invalid_refs

Examples¶

All configuration available:

checks:
  schema/invalid_refs:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API9:2023
OWASP LLM Top 10	LLM01:2023
PCI DSS	`10.2.4`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.14.2`
NIST	`SP800-53`
FedRAMP	`AC-2`
CWE	`758`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N`