Skip to content

Commit

Permalink
Merge pull request Checkmarx#6717 from Checkmarx/kics-937
Browse files Browse the repository at this point in the history 
fix(query): openapi Maximum Length Undefined
  • Loading branch information
@ArturRibeiro-CX
ArturRibeiro-CX authored Feb 23, 2024
2 parents cded4e5 + c0ec807 commit ca21626
Show file tree
Hide file tree
Showing 7 changed files with 283 additions and 0 deletions.
11 changes: 11 additions & 0 deletions assets/queries/openAPI/general/maximum_length_undefined/query.rego
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package Cx

import data.generic.openapi as openapi_lib
import data.generic.common as common_lib

CxPolicy[result] {
doc := input.document[i]
Expand All @@ -11,6 +12,7 @@ CxPolicy[result] {
info := openapi_lib.is_operation(path)
openapi_lib.content_allowed(info.operation, info.code)
openapi_lib.undefined_field_in_string_type(value, "maxLength")
not limited_regex(value)

result := {
"documentId": doc.id,
Expand All @@ -19,6 +21,7 @@ CxPolicy[result] {
"keyExpectedValue": "'maxLength' should be defined",
"keyActualValue": "'maxLength' is undefined",
"overrideKey": version,
"searchLine": common_lib.build_search_line(path,["type"]),
}
}

Expand All @@ -30,6 +33,7 @@ CxPolicy[result] {
[path, value] := walk(doc)
openapi_lib.is_operation(path) == {}
openapi_lib.undefined_field_in_string_type(value, "maxLength")
not limited_regex(value)

result := {
"documentId": doc.id,
Expand All @@ -38,5 +42,12 @@ CxPolicy[result] {
"keyExpectedValue": "'maxLength' should be defined",
"keyActualValue": "'maxLength' is undefined",
"overrideKey": version,
"searchLine": common_lib.build_search_line(path,["type"]),
}
}

limited_regex(value){
not contains(value.pattern, "+")
not contains(value.pattern, "*")
not regex.match("[^\\\\]{\\d+,}", value.pattern)
}
42 changes: 42 additions & 0 deletions assets/queries/openAPI/general/maximum_length_undefined/test/negative7.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "[email protected]"
}
},
"paths": {
"/": {
"get": {
"responses": {
"200": {
"description": "200 response",
"schema": {
"discriminator": "petType",
"additionalProperties": false,
"properties": {
"code": {
"type": "string",
"format": "int32",
"pattern": "[a-z0-9-]"
},
"message": {
"type": "string",
"pattern": "[a-z]{3}"
}
},
"required": [
"petType"
],
"type": "object"
}
}
}
}
}
}
}
42 changes: 42 additions & 0 deletions assets/queries/openAPI/general/maximum_length_undefined/test/negative8.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "[email protected]"
}
},
"paths": {
"/": {
"get": {
"responses": {
"200": {
"description": "200 response",
"schema": {
"discriminator": "petType",
"additionalProperties": false,
"properties": {
"code": {
"type": "string",
"format": "int32",
"pattern": "[a-z0-9-]?"
},
"message": {
"type": "string",
"pattern": "[a-z]\\{2,\\}"
}
},
"required": [
"petType"
],
"type": "object"
}
}
}
}
}
}
}
42 changes: 42 additions & 0 deletions assets/queries/openAPI/general/maximum_length_undefined/test/positive7.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "[email protected]"
}
},
"paths": {
"/": {
"get": {
"responses": {
"200": {
"description": "200 response",
"schema": {
"discriminator": "petType",
"additionalProperties": false,
"properties": {
"code": {
"type": "string",
"format": "int32",
"pattern": "[a-z0-9-]*"
},
"message": {
"type": "string",
"pattern": "[a-z]{3,}"
}
},
"required": [
"petType"
],
"type": "object"
}
}
}
}
}
}
}
42 changes: 42 additions & 0 deletions assets/queries/openAPI/general/maximum_length_undefined/test/positive8.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"swagger": "2.0",
"info": {
"title": "Simple API Overview",
"version": "1.0.0",
"contact": {
"name": "contact",
"url": "https://www.google.com/",
"email": "[email protected]"
}
},
"paths": {
"/": {
"get": {
"responses": {
"200": {
"description": "200 response",
"schema": {
"discriminator": "petType",
"additionalProperties": false,
"properties": {
"code": {
"type": "string",
"format": "int32",
"pattern": "[a-z0-9-]{2,3}"
},
"message": {
"type": "string",
"pattern": "[a-z]+"
}
},
"required": [
"petType"
],
"type": "object"
}
}
}
}
}
}
}
74 changes: 74 additions & 0 deletions assets/queries/openAPI/general/maximum_length_undefined/test/positive9.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
{
"components": {
"securitySchemes": {
"Basic1": {
"scheme": "basic",
"type": "http"
},
"JWT1": {
"scheme": "basic",
"type": "http"
},
"JWT1-1": {
"bearerFormat": "JWT",
"scheme": "bearer",
"type": "http"
}
}
},
"info": {
"description": "Swagger auto-generated from learnt schema for ves-io-demo-app-waap-sentence-api",
"title": "ves-io-demo-app-waap-sentence-api",
"version": "2023-06-21 13:26:46"
},
"openapi": "3.0.3",
"paths": {
"/api/adjectives": {
"get": {
"description": "Swagger auto-generated from learnt schema",
"parameters": [
{
"description": "IPv4 Address",
"in": "header",
"name": "xff",
"schema": {
"pattern": "(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)",
"type": "string",
"x-pii": {}
}
},
{
"description": "Word",
"in": "header",
"name": "x-f5-request-id",
"schema": {
"pattern": "[a-z0-9-]+",
"type": "string"
}
},
{
"description": "Word",
"in": "cookie",
"name": "_imp_apg_r_",
"schema": {
"pattern": "[a-z0-9-]+",
"type": "string"
}
}
],
"responses": {
"default": {
"description": ""
}
},
"security": [
{
"JWT1": []
}
]
}
}
},
"servers": [
]
}
30 changes: 30 additions & 0 deletions assets/queries/openAPI/general/maximum_length_undefined/test/positive_expected_result.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,5 +94,35 @@
"severity": "MEDIUM",
"line": 22,
"filename": "positive6.yaml"
},
{
"queryName": "Maximum Length Undefined (v2)",
"severity": "MEDIUM",
"line": 23,
"filename": "positive7.json"
},
{
"queryName": "Maximum Length Undefined (v2)",
"severity": "MEDIUM",
"line": 28,
"filename": "positive7.json"
},
{
"queryName": "Maximum Length Undefined (v2)",
"severity": "MEDIUM",
"line": 28,
"filename": "positive8.json"
},
{
"queryName": "Maximum Length Undefined (v3)",
"severity": "MEDIUM",
"line": 46,
"filename": "positive9.json"
},
{
"queryName": "Maximum Length Undefined (v3)",
"severity": "MEDIUM",
"line": 55,
"filename": "positive9.json"
}
]

0 comments on commit ca21626

Please sign in to comment.