Ensure Maximum String Length Defined

Ensure that the maximum length of a string is defined in OpenAPI using the maxLength keyword. This is useful to prevent abuse or errors when validating the input data. For example, a string that is too long may cause buffer overflow or performance issues.

Suggest Edits

Risk Level: medium
Platform: OpenAPI
Spectral Rule ID: OPENAPI008

REMEDIATION

Define the maxLength field for the string schema and set it to a reasonable value. For example:

  type: string
  maxLength: 20

The above schema defines a string that cannot be longer than 20 characters. The length of a string is defined as the number of its characters as defined by RFC 8259.

swagger: '2.0'
# OR
openapi: '3.0.0'
info:
  version: 1.0.0
  title: Sample API
paths:
  /users/{id}:
    get:
      parameters:
        - name: id
          in: path
          required: true
          type: string
+         maxLength: 10 # added maxLength field
      responses:
        '200':
          description: A user object.
          content:
            application/json:
              schema:
                type: object
                properties:
                  name:
                    type: string
+                     maxLength: 20 # added maxLength field
                  age:
                    type: integer
                  email:
                    type: string
                    format: email
+                     maxLength: 50 # added maxLength field
                additionalProperties: false

https://swagger.io/docs/specification/data-models/data-types/#string

Updated about 1 year ago

REMEDIATION

Read more: