Circular references

circular-references

Type:

Finding

Rule Severity:

Info

Circular references occur when two or more schema definitions reference each other in a way that creates a loop.

This rule applies at the API Specification level (OAS/Swagger).

Remediation

Find and remove the circular reference in the schema. Design schemas to avoid circular references from the start.
This error can also be caused by missing or unresolvable references.

Example Attack Scenario

How to Identify with Example Scenario

In the example below:

  • Person has a property address that references the Address schema.
  • Address has a property resident that references the Person schema.
securitySchemes:    
components:
  schemas:
    Person:
      type: object
      properties:
        name:
          type: string
        address:
          $ref: '#/components/schemas/Address'
    Address:
      type: object
      properties:
        street:
          type: string
        resident:
          $ref: '#/components/schemas/Person'

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Average response header size reduced
API key in URL
Missing rate limit headers
Facebook secrets found in logs
Non-standard JSON Web Token
Google secrets found in logs