Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

owasp:api8:2023-define-error-validation does not detect non 400, 422 4XX responses #65

Open
ydidio opened this issue Apr 16, 2024 · 0 comments
Open

owasp:api8:2023-define-error-validation does not detect non 400, 422 4XX responses #65

ydidio opened this issue Apr 16, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@ydidio
Copy link

ydidio commented Apr 16, 2024

Context

We exported the OWASP top 10 2023 security rules and replaced the 2019 version. The rule in the title should detect any 4XX rule but we instead find ourselves having to write a custom rule to detect them. I'll show an example as seen through Stoplight.

Current Behavior

Inside our template, within the responses to a get operation we have multiple 4XX responses, including 400. When commenting or deleting the 400 response (as seen in this example), the error arises even though you can see a 401 response right below it.
image
image

Expected Behavior

The error should not be raised since there are multiple 4XX, and the rule dictates that any 4XX response can be defined, not only 400 and 422.
image

Possible Workaround/Solution

We implemented a custom function that does recognize 4XX responses, but the rule should be able to do so.
@mnaumanali94 mnaumanali94 added the enhancement New feature or request label Sep 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mnaumanali94 @ydidio