owasp-array-limit
Array size should be limited to mitigate resource exhaustion attacks. Ensure that maxItems
has been specified.
Bad example
openapi: "3.1.0"
info:
version: "1.0"
components:
schemas:
Foo:
type: array
Good Example
openapi: "3.1.0"
info:
version: "1.0"
components:
schemas:
Foo:
type: array
maxItems: 99
How do I fix this violation?
Use maxItems
to ensure there is an upper limit on the number of items in the array to be returned.