Response violates schema

firetail:json-schema

Type:

Observation

Rule Severity:

High

The response body does not conform to the specified schema.

Proper schema validation is crucial to ensuring that data exchanged between systems remains consistent and secure.

Remediation

Use tooling to ensure that response payloads are validated and sanitized against the API specification.‍

Example Attack Scenario

Injection Attacks: If an API or application fails to validate incoming data against the expected schema, attackers could potentially inject malicious content that the system may improperly process or execute. This can lead to various security vulnerabilities such as SQL injection, XML injection, or NoSQL injection.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Missing content-type header
Missing additional properties
Average response payload size reduced
Plaintext alternative authentication
Unexpected GraphQL response
Missing global security