Array does not have a maximum number of items
Description
This policy checks whether arrays in OpenAPI definitions have a specified maximum amount of items. This is important for security and performance reasons. If there's no set limit, it might lead to problems like buffer overflow, which can allow unauthorized access or remote code execution. Additionally, huge arrays can cause the system to slow down or even crash due to running out of memory. Therefore, a certain limit should be defined for the number of items in an array to prevent these potential threats.
Code Example
yaml
openapi: "3.0.0"
info:
version: "1.0.0"
title: "An API for temperature measurements"
paths:
/temperatures:
get:
responses:
"200":
content:
application/json:
schema:
type: "array"
maxItems: 10
items:
$ref: "#/components/schemas/Temperature"
components:
schemas:
Temperature:
type: "object"
properties:
id:
type: "string"
value:
type: "number"Remediation
OpenAPI
To fix this issue, you will have to specify a maximum number of items for each array in your API's schema definition.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1277 |
| Severity | MEDIUM |
| IaC Type | OpenAPI |
| Frameworks | OpenAPI |
| Checkov ID | CKV_OPENAPI_21 |