Owasp Api3 2023 No Additional Properties Warn

OWASP API3 2023 No Additional Properties (Edit)

By default JSON Schema allows additional properties, which can potentially lead to mass assignment issues, where unspecified fields are passed to the API without validation. Disable them with additionalProperties set to false or add maxProperties.

OWASPSecuritySchemaOpenAPI

Rule Definition

{"owasp-api3-2023-no-additional-properties-warn":{"description":"By default JSON Schema allows additional properties, which can potentially lead to mass assignment issues, where unspecified fields are passed to the API without validation. Disable them with additionalProperties set to false or add maxProperties.","message":"If the additionalProperties keyword is used it must be set to false.","given":"$..[?(@.type==\"object\" && @.additionalProperties)]","severity":"warn","then":{"field":"additionalProperties","function":"falsy"}}}

Back to All of the Rules

OWASP API3 2023 No Additional Properties (Edit)

This Page

Open & Ask

Rule Definition