Articles
Author
vacuum
Installing
Quick Start
About vacuum
Why?
Concepts
💥 Online Demo
FAQ
Ignoring Violations
Changelog
Configuring
VSCode Plugin
GitHub Action
CLI Commands
Lint
vacuum Report
Dashboard
HTML Report
Spectral Report
References
Version
Bundle Spec
Generate RuleSet
Language Server
Developer API
API Quick Start
Spec Index
RuleResultSet
Loading RuleSet
Custom Go Functions
Custom JS Functions
Non-OpenAPI Files
Functions
Core Functions
OpenAPI Functions
OWASP Functions
Rules
Examples
OWASP
Operations/Paths
Schemas
Spec Information
Validation
Descriptions
Tags
Security
RuleSets
What are they?
Sharing RuleSets
No Rules/Off
Recommended Rules
Custom RuleSets
OWASP Rules
  • GitHub GitHub Repo stars
  • Discord Discord Server
    • ✨ New! Try the OpenAPI Doctor ✨ The OpenAPI Doctor
    Recommended

    owasp-define-error-validation

    Formats: Severity:

    Check that an error response of either 400, 422 or 4XX has been defined.

    Carefully define schemas for all the API responses, including either 400, 422 or 4XX responses which describe errors caused by invalid request

    Bad example

    openapi: 3.1.0
info:
  version: 1.0
paths:
  /no-error-response:
    get:
      responses:
        200:
          description: OK
          content:
            "application/problem+json": {}

    Good Example

    openapi: 3.1.0
info:
  version: 1.0
paths:
  /no-error-response:
    get:
      responses:
        200:
          description: OK
          content:
            "application/problem+json": {}
        422:
          description: Unprocessable Entity
          content:
            "application/problem+json": {}

    How do I fix this violation?

    Extend the responses of all endpoints to support either 400, 422, or 4XX error codes.

    Don’t let the consumer guess what errors might be and how gamble with how to deal with those errors.