Parameters using $ref are not validated
See original GitHub issueGiven a path such as:
/pets/{id}:
get:
description: Returns a user based on a single ID, if the user does not have access to the pet
operationId: find pet by id
parameters:
- $ref: '#/components/parameters/id'
responses:
'200':
description: pet response
content:
application/json:
schema:
$ref: '#/components/schemas/Pet'
default:
description: unexpected error
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
And a component:
components:
parameters:
id:
name: id
in: path
description: ID of pet to fetch
required: true
schema:
type: integer
format: int64
The parameter isn’t validated.
I’m not sure if that is a design decision or something that will be supported in future? Thanks
Issue Analytics
- State:
- Created 4 years ago
- Reactions:2
- Comments:5 (4 by maintainers)
Top Results From Across the Web
Required response parameters not validated if they ... - GitHub
I just made extra tests. The problem occurs when I add a reference inside another reference. If SomeDefinition has no other reference, the ......
Read more >Resolve the "Parameter validation failed" error in AWS ...
How do I resolve the "Parameter validation failed: parameter value 'abc' for parameter name 'ABC' does not exist" error in CloudFormation?
Read more >When to use ref and when it is not necessary in C# - Stack ...
Long answer: when a reference type parameter is passed by value, only the reference is passed, not a copy of the object. This...
Read more >Params::Validate - Validate method/function parameters
); The callback should return a true value if the value is valid. If not, it can return false or die ...
Read more >CWE-20: Improper Input Validation (4.9) - MITRE
The product receives input or data, but it does not validate or ... Caution must be used when referencing this CWE entry or...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@nkemp and I are seeing the same (or similar) issue with
requestBody
and using$ref
also.note, kogosoftwarellc/open-api#483 is not resolved, however, v1.1.0 now has a workaround in place