String array item has no maximum length defined

Average severity: Medium

Description

One or more arrays containing string items do not have the maximum length for the strings specified.

Example

The following is an example of how this type of risk could look in your API definition. The array accepts items of the type string of unlimited length:

{
  "parameters": [
  {
    "name": "ids",
    "in": "query",
    "description": "IDs to filter by",
    "required": true,
    "type": "array",
    "items": {
       "type": "string"
     }
  }
}

Possible exploit scenario

If you do not limit the length of string parameters, attackers can send longer strings to your API than what your backend server can handle. This could overload your backend server and make it crash. In some cases, this could cause a buffer overflow and allow for executing arbitrary code. Long strings are also more prone to injection attacks.

Remediation

Set the maxLength parameter to ensure that only strings of the expected size get passed to your API:

{
  "parameters": [
  {
    "name": "ids",
    "in": "query",
    "description": "IDs to filter by",
    "required": true,
    "type": "array",
    "items": {
       "type": "string",
       "maxLength": "8"
     }
  }
}

Get API Security news directly in your Inbox.

By clicking Subscribe you agree to our Data Policy