Skip to main content

Swagger rules

Description

Swagger rules are a set of rules that are used to validate the schema of a REST OpenAPI. They can be at the root of security issues due to their unstructured nature.

Remediation

Comply with the Swagger rules.

REST Specific

Asp.net

Ensure that your Swagger schema is properly structured and validated to prevent security issues. Use attributes and filters to enforce schema constraints.

Ruby on rails

Validate your Swagger schema with tools like swagger-blocks or rswag to ensure it adheres to the OpenAPI specification.

Next.js

Use libraries like swagger-jsdoc to integrate Swagger with your Next.js API routes, ensuring proper schema validation.

Laravel

Utilize Laravel packages like L5-Swagger to automatically generate and validate Swagger documentation for your API.

Express.js

Incorporate swagger-ui-express and swagger-jsdoc to create and serve Swagger documentation, ensuring your API schema is validated.

Django

Use Django REST framework with drf-yasg to generate a real-time validated Swagger schema for your API endpoints.

Symfony

Leverage the NelmioApiDocBundle to integrate Swagger with your Symfony project, ensuring your API schema is properly validated.

Spring boot

Use Springfox or springdoc-openapi to automatically generate and validate Swagger API documentation in your Spring Boot application.

Flask

Implement Flask-RESTPlus or Flask-RESTx to automatically create Swagger documentation that is validated against your API schema.

Nuxt

For Nuxt.js applications, use nuxt-swagger to define and validate your Swagger schema for API routes.

Configuration

Identifier: schema/swagger_rules

Examples

Ignore this check

{
"checks": {
"schema/swagger_rules": {
"skip": true
}
}
}

Score

  • Escape Severity: INFO

Compliance

  • OWASP: API9:2023
  • pci: 6.5.1
  • gdpr: Article-32
  • soc2: CC6.1
  • psd2: Article-95
  • iso27001: A.14.2
  • nist: SP800-53
  • fedramp: AR-1

Classification

Score

  • CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N