Ensure Maximum String Length Defined
Ensure that the maximum length of a string is defined in OpenAPI using the maxLength
keyword. This is useful to prevent abuse or errors when validating the input data. For example, a string that is too long may cause buffer overflow or performance issues.
Risk Level: medium
Platform: OpenAPI
Spectral Rule ID: OPENAPI008
REMEDIATION
Define the maxLength
field for the string schema and set it to a reasonable value. For example:
type: string
maxLength: 20
The above schema defines a string that cannot be longer than 20 characters. The length of a string is defined as the number of its characters as defined by RFC 8259.
swagger: '2.0'
# OR
openapi: '3.0.0'
info:
version: 1.0.0
title: Sample API
paths:
/users/{id}:
get:
parameters:
- name: id
in: path
required: true
type: string
+ maxLength: 10 # added maxLength field
responses:
'200':
description: A user object.
content:
application/json:
schema:
type: object
properties:
name:
type: string
+ maxLength: 20 # added maxLength field
age:
type: integer
email:
type: string
format: email
+ maxLength: 50 # added maxLength field
additionalProperties: false
Read more:
Updated over 1 year ago