Key used in the encoding map of the schema is not defined in the properties of the schema

Description

The encoding map of a schema you have defined for a media type object contains a key that is not defined in the properties of the schema.

The encoding property of a media type object maps the schema's property name to a specific encoding. All keys in the encoding map must be defined as properties in the schema.

For more details, see the OpenAPI Specification.

Example

The following is an example of how this type of risk could look in your API definition The key historyMetadata in the encoding map has not been defined in the schema of the media type object:

1requestBody:
2  content:
3    multipart/mixed:
4      schema:
5        type: object
6        additionalProperties: false
7        properties:
8          id:
9            type: string
10            format: uuid
11          address:
12            type: object
13            properties: {}
14          type: object
15          properties: {}
16        profileImage:
17          type: string
18          format: binary
19    encoding:
20      historyMetadata:
21        contentType: application/xml; charset=utf-8
22

Remediation

Make sure that all keys in the encoding map are defined in the schema of the media type object.

1requestBody:
2  content:
3    multipart/mixed:
4      schema:
5        type: object
6        additionalProperties: false
7        properties:
8          id:
9            type: string
10            format: uuid
11          address:
12            type: object
13            properties: {}
14          historyMetadata:
15            description: metadata in XML format
16            type: object
17            properties: {}
18          profileImage:
19            type: string
20            format: binary
21      encoding:
22        historyMetadata:
23          contentType: application/xml; charset=utf-8
24

Copyright 42Crunch 2021