OpenAPI If the security scheme is not of type 'oauth2', the array value must be empty

Description

Restrict the security section of OpenAPI documents to only include OAuth 2.0 authorization schemes defined in the security definitions section to prevent unauthorized access to the API. This is achieved by ensuring that only OAuth 2.0 schemes defined in the security section have a value.

Code Example

yaml

securityDefinitions:
some_auth:
type: basic
- security:
-  - some_auth:
-      - write: some
-      - read: some

Remediation

Restrict the security section of OpenAPI documents to only include OAuth 2.0 authorization schemes, add the following code to your Terraform file during buildtime.

OpenAPI

Ensure that your generated OpenAPI document does not include a security section for authentication types that are not OAuth 2.0. Below is an example:

Rule Details

Field	Value
ID	IAC-1258
Severity	HIGH
IaC Type	OpenAPI
Frameworks	OpenAPI
Checkov ID	CKV_OPENAPI_2

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

OpenAPI If the security scheme is not of type 'oauth2', the array value must be empty

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

OpenAPI If the security scheme is not of type 'oauth2', the array value must be empty ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

OpenAPI If the security scheme is not of type 'oauth2', the array value must be empty

Description

Code Example

Remediation

Rule Details

References