A schema defines the structure of a JSON value. Defining your JSON schemas and keeping them as specific and locked down as possible serves as the foundation of data sanitization, both for the inputs and outputs.
The global schema defines the accepted JSON values. They can be primitive types (
array) or JSON objects (
The expected fields of JSON objects are defined in the
properties field of each object. JSON objects have nested schemas that define the
type of values the fields can contain. Again, the values can be either primitive type or JSON objects, and again the JSON objects have their nested schemas. So depending on your API, you may end up with very deep layers of schemas nested inside one another.
Browse through this section to see the details of each schema-related API security risk.
- Array schema has no maximum number of items definedArray schema has no type of items definedFormat of a numeric schema is unknownFormat of a string schema is unknownNo schema defined in the media type objectNumeric schema has no format definedNumeric schema has no maximum definedNumeric schema has no minimum definedPattern for string schema is too looseSchema allows additional propertiesSchema defines combining operations when 'additionalProperties' is set to 'false'Schema does not define the type of JSON valuesSchema is emptySchema of a JSON object has no properties definedString schema has no maximum length definedString schema has no pattern defined
Copyright 42Crunch 2021