Ensure security object for operations is not empty object or has any empty object definition
Risk Level: high
Platform: OpenAPI
Spectral Rule ID: OPENAPI018
REMEDIATION
Remove any empty objects or empty object definitions from the security object for operations. Add at least one security requirement object in the security object for operations, and make sure that each security requirement object has a valid key-value pair that references a defined security scheme. For example:
# This is a sample OpenAPI document with an invalid security object for operations
openapi: 3.0.0
info:
title: Sample API
version: 1.0.0
servers:
- url: https://api.example.com/v1
# Remove any empty objects or empty object definitions from the security object for operations
paths:
/pets:
get:
summary: List all pets
- security: {} # This is an empty object definition
# OR
security:
- - {} # This is an empty object
- app_id: [] # This is a valid security requirement object
.
.
.
responses:
'200':
description: A list of pets
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Pet'
components:
schemas:
Pet:
type: object
required:
- id
- name
properties:
id:
type: integer
format: int64
name:
type: string
tag:
type: stringRead more:
Updated 7 months ago