You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My team is using Sieve to allow complex querying and filtering/sorting capabilities on our API endpoints. We are generating a swagger doc and are using the SwaggerUI successfully, however when being assessed on the "correctness" of the OpenAPI swagger document being generated we get a number of issues reported, such as:
endpoint /my-endpoint have parameter 'Filters' (String) without the 'maxLength' property declared
endpoint /my-endpoint have parameter 'Filters' (String) without the 'format' property declared
endpoint /my-endpoint have parameter 'Sorts' (String) without the 'maxLength' property declared
endpoint /my-endpoint have parameter 'Filters' (String) without the 'maxLength' property declared
and so on.
I assume input validation is used on the parameters being submitted to the endpoint and was wondering what type of validation from this OWASP Cheat Sheet I vould/would indicate for Sieve as mitigating factor for this assessment.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
My team is using Sieve to allow complex querying and filtering/sorting capabilities on our API endpoints. We are generating a swagger doc and are using the SwaggerUI successfully, however when being assessed on the "correctness" of the OpenAPI swagger document being generated we get a number of issues reported, such as:
and so on.
I assume input validation is used on the parameters being submitted to the endpoint and was wondering what type of validation from this OWASP Cheat Sheet I vould/would indicate for Sieve as mitigating factor for this assessment.
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions