issues Search Results · repo:stoplightio/spectral-owasp-ruleset language:TypeScript
Filter by
41 results
(70 ms)41 results
instoplightio/spectral-owasp-ruleset (press backspace or delete to remove)Context
This file openapi_v1.json throws:
Header headers.Access-Control-Allow-Origin should be defined on all responses.
This is because in components.headers i set Access-Control-Allow-Origin-BREAKING ...
erwinkramer
- Opened on Dec 21, 2024
- #71
!-- Provide a general summary of the bug in the title above. --
Context
We exported the OWASP top 10 2023 security rules and replaced the 2019 version. The rule in the title should detect
any 4XX rule ...
enhancement
ydidio
- Opened on Apr 16, 2024
- #65
!-- Provide a general summary of the bug in the title above. --
Context
Migrating from the rule set 1.4.3 to 2.0.0, I have now the following error scope.sandbox.value.match is not a function
while calling ...
released
SebastienAndreo
- 2
- Opened on Mar 10, 2024
- #63
User Story Description
As a API designer, I need to be reminded that a password should never ever ever be returned from an API in any
situation, hashed or otherwise, so I can avoid turning up in one of ...
philsturgeon
- Opened on Mar 1, 2024
- #59
I m following the instructions on https://github.com/stoplightio/spectral-owasp-ruleset, but when running npm install
--save -D @stoplight/spectral-owasp-ruleset@^2.0 , I m getting this error: No matching ...
StefanLecho
- 6
- Opened on Feb 9, 2024
- #57
Should a GET really need a 400 error, especially if its got no parameters?
Context
I m working on an API with some fairly simple GET endpoints and the ruleset is asking me to define a 400 for this GET, ...
- Opened on Feb 1, 2024
- #56
Trying to tackle this bit of API7:
Blindly follows redirections; this can be used to redirect the client to a malicious website.
The problem is how do we know if an API is blindly following a URL.
Say ...
- 2
- Opened on Jan 25, 2024
- #55
In order to support API9:2023 we ll need to make the following rules:
- 🟠 Servers, define which environment is the API running in (e.g. production, staging, test, development)
- 🟠 Require servers ...
released
- 1
- Opened on Jan 21, 2024
- #52
JSON Schema 2020-12 (used in OAS 3.1) defines a new keyword, unevaluatedProperties which is like additionalProperties
but works better when using JSON Schema composition with allOf.
For this feature, ...
DavidBiesack
- 1
- Opened on Aug 17, 2023
- #49
The name of the rule (i.e. owasp:api2:2019-no-api-keys-in-url) is incorrectly written in the API Stylebook. It is
written as api2:2019-no-api-keys-in-url instead of owasp:api2:2019-no-api-keys-in-url
...
Filip1x9
- 2
- Opened on Jul 28, 2023
- #48
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip!
Press the /
key to activate the search input again and adjust your query.Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip!
Press the /
key to activate the search input again and adjust your query.