A schema defines the structure of a JSON value. Defining your JSON schemas and keeping them as specific and locked down as possible serves as the foundation of data sanitization, both for the inputs and outputs.
The global schema defines the accepted JSON values. They can be primitive types (
array) or JSON objects (
The expected fields of JSON objects are defined in the
properties field of each object. JSON objects have nested schemas that define the
type of values the fields can contain. Again, the values can be either primitive type or JSON objects, and again the JSON objects have their nested schemas. So depending on your API, you may end up with very deep layers of schemas nested inside one another.
Browse through this section to see the details of each schema-related API security risk.
- Array schema has no maximum number of items definedArray schema has no type of items definedArray schema with numeric items has no format definedArray schema with numeric items has no maximum definedArray schema with numeric items has no minimum definedArray schema with string items has no maximum length definedArray schema with string items has no pattern definedFormat of a numeric schema is unknownFormat of a string schema is unknownNumeric schema has no format definedNumeric schema has no maximum definedNumeric schema has no minimum definedPattern for string items in an array schema is too loosePattern for string schema is too looseSchema allows additional propertiesSchema defines combining operationsSchema does not define the type of JSON valuesSchema is emptySchema of a JSON object has no properties definedString schema has no maximum length definedString schema has no pattern defined
Copyright 42Crunch 2020