Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug(openapi): operationScheme tags shown as missing required fields #7019

Open
UncleGoogle opened this issue Apr 22, 2024 · 0 comments
Open

bug(openapi): operationScheme tags shown as missing required fields #7019

UncleGoogle opened this issue Apr 22, 2024 · 0 comments
Labels
bug Something isn't working community Community contribution openapi OpenAPI query terraform Terraform query

Comments

@UncleGoogle
Copy link

UncleGoogle commented Apr 22, 2024
edited

Found a bug? You're welcome to GitHub Discussions

Using gitlab integrartion, false positive is raised that tags are missing required fields for this kind of the openapi schema

swagger: '2.0'
paths:
  /v1/getX:
    get:
      tags:
      - data_sources
      - v1

From docs operationSchema tags are list of strings. Note that this is a different object than root level tags. https://swagger.io/specification/v2/

Expected Behavior

no error

Actual Behavior

(from gitlab sast report artifact)

        {
            "id": "91e8e47733a87adce77d6ff58f67a8755e9471fc8ea7ac008f24bd82e0a2b7f4",
            "category": "sast",
            "name": "OpenAPI Object should contain all of its required fields",
            "description": "tags is missing required fields",
            "cve": "kics_id:5e5ecb9d-04b5-4e4f-b5a5-6ee04279b275:1086:0",
            "severity": "Info",
            "scanner": {
                "id": "kics",
                "name": "kics"
            },
            "location": {
                "file": "terraform/environments/xes/openapi_config.yaml",
                "start_line": 1086
            },
            "identifiers": [
                {
                    "type": "kics_id",
                    "name": "Object Without Required Property (v2)",
                    "value": "5e5ecb9d-04b5-4e4f-b5a5-6ee04279b275",
                    "url": "https://swagger.io/specification/v2/"
                }
            ]
        },

Specifications

  • Version: GitLab kics analyzer v4.1.13
@UncleGoogle UncleGoogle added bug Something isn't working community Community contribution labels Apr 22, 2024
@github-actions github-actions bot added terraform Terraform query openapi OpenAPI query labels Apr 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working community Community contribution openapi OpenAPI query terraform Terraform query
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@UncleGoogle