Tag: jsonpath

Add OpenAI flags to OpenAPI descriptions

With OpenAI’s new Actions feature allowing you to get a GPT that uses your own API, many new doors are open. However giving an AI an access token the keys to your API and telling it to have fun may lead you to realise that one of the doors available…

Continue Reading Add OpenAI flags to OpenAPI descriptions

Meet Redocly CLI: The Modern OpenAPI Sidekick

Redocly CLI is a brilliant new tool from the folks who made ReDoc, the first beautiful API reference documentation tool powered by OpenAPI. This CLI tool goes a lot further than documentation, and helps with “linting” (automated API Style Guides), and solves the biggest problem that I had previously been…

Continue Reading Meet Redocly CLI: The Modern OpenAPI Sidekick

vacuum OpenAPI Linter: owasp-define-error-responses-429

OWASP API Security recommends defining schemas for all responses. This includes the 429 response error code. JSONPath used $.paths..responses Bad example openapi: “3.1.0” info: version: “1.0” paths: /: get: responses: 200: description: ok content: “application/problem+json”: Good Example openapi: “3.1.0” info: version: “1.0” paths: /: get: responses: 429: description: ok content:…

Continue Reading vacuum OpenAPI Linter: owasp-define-error-responses-429

vacuum OpenAPI Linter: owasp-no-additionalProperties

By default, JSON Schema allows additional properties, which can potentially lead to mass assignment issues with OpenAPI. Avoid using additionalProperties in schemas, or explicitly set to false. JSONPath used $..[?(@.type==”object” && @.additionalProperties) Bad example openapi: “3.0.0” info: version: “1.0” components: schemas: Foo: type: object additionalProperties: type: object properties: code: type:…

Continue Reading vacuum OpenAPI Linter: owasp-no-additionalProperties

vacuum OpenAPI Linter: owasp-no-api-keys-in-url

Keep API Keys out of paths and query parameters! API Keys are (usually opaque) strings that are passed in headers, cookies or query parameters to access APIs. Those keys can be eavesdropped, especially when they are stored in cookies or passed as URL parameters. JSONPath used $..securitySchemes[*][?(@.type==”apiKey”)].in Bad example openapi:…

Continue Reading vacuum OpenAPI Linter: owasp-no-api-keys-in-url

kubernetes – how to run the external-IP in a K8s namespace (installing JupyterHub)

I am following the instructions here: z2jh.jupyter.org/en/stable/jupyterhub/installation.html to install locally with kubernetes and minikube a jupyter hub. Its almost done as can be seen in the pic the namespace is called k8s-namespace-jose I had to run the command: kubectl –namespace get service proxy-public –output jsonpath=”{.status.loadBalancer.ingress[].ip}” In order to get the…

Continue Reading kubernetes – how to run the external-IP in a K8s namespace (installing JupyterHub)