Ensure Numeric Schema Maximum Defined

Ensure that the maximum value of a numeric schema (type set to 'integer' or 'number') is defined in OpenAPI using the maximum keyword. This is useful to specify the range of possible values and to validate the input data. For example, a number that is too large may cause overflow or performance issues.

Suggest Edits

Risk Level: medium
Platform: OpenAPI
Spectral Rule ID: OPENAPI010

REMEDIATION

Define the maximum field for the numeric schema and set it to a reasonable value. You can also use the exclusiveMaximum field to exclude the boundary value from the range. For example:

  type: number
  minimum: 0
  exclusiveMinimum: true
  maximum: 50

The above schema defines a number that must be greater than 0 and less than or equal to 50. The value of maximum must be a number, not a string.

swagger: '2.0'
# OR
openapi: '3.0.0'
info:
  version: 1.0.0
  title: Sample API
paths:
  /products/{id}:
    get:
      parameters:
        - name: id
          in: path
          required: true
          type: integer
+         maximum: 100 # added maximum field
      responses:
        '200':
          description: A product object.
          content:
            application/json:
              schema:
                type: object
                properties:
                  name:
                    type: string
                  price:
                    type: number
                    format: float
+                     maximum: 999.99 # added maximum field
                  quantity:
                    type: integer
+                     maximum: 10 # added maximum field
                additionalProperties: false

Updated over 1 year ago

REMEDIATION

Read more: