FAQ

  • GitHub GitHub Repo stars
  • Discord Discord Server
  • ✨ New! Try the OpenAPI Doctor ✨ The OpenAPI Doctor
    Recommended

    owasp-array-limit


    Formats: Severity:

    Array size should be limited to mitigate resource exhaustion attacks. Ensure that maxItems has been specified.

    Bad example

    openapi: "3.1.0"
    info:
      version: "1.0"
    components:
      schemas:
        Foo:
          type: array
    

    Good Example

    openapi: "3.1.0"
    info:
      version: "1.0"
    components:
      schemas:
        Foo:
          type: array
          maxItems: 99
    

    How do I fix this violation?

    Use maxItems to ensure there is an upper limit on the number of items in the array to be returned.