forked from italia/api-oas-checker
-
Notifications
You must be signed in to change notification settings - Fork 1
/
array.yml
36 lines (31 loc) · 897 Bytes
/
array.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
rules:
sec-array-boundaries:
description: |-
Array size should be limited to mitigate resource exhaustion attacks.
This can be done using `maxItems` and `minItems`, like in the example
below.
```
Limited:
type: array
maxItems: 10
items:
type: string
format: date
```
You should ensure that the schema referenced in `items` is constrained too.
If you delegate input validation to a library or framework,
be sure to test it thoroughly and ensure that it verifies `maxItems`.
message: >-
Schema of type array must specify maxItems and minItems. {{path}} {{error}}
formats:
- oas3
severity: warn
recommended: true
given:
- >-
$.[?(@.type=="array")]
then:
- field: maxItems
function: defined
- field: minItems
function: defined