Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document APIs with OpenAPI / swagger #14725

Open
1 task
cjllanwarne opened this issue Oct 15, 2024 · 0 comments
Open
1 task

Document APIs with OpenAPI / swagger #14725

cjllanwarne opened this issue Oct 15, 2024 · 0 comments
Assignees
@cjllanwarne
Labels
batch chore Roughly: infrastructure or operations. NIST 800-53 python Pull requests that update Python code query security

Comments

@cjllanwarne
Copy link
Collaborator

cjllanwarne commented Oct 15, 2024
edited
Loading

Description

Today our APIs are "documented" only through the list of endpoint handlers in implementation code (example).

We can and should:

  • Create OpenAPI documentation for our APIs (maybe per-service, maybe once in the gateway?)
  • Host swagger page/pages for exploring and testing out APIs

Security Impact

High

Security Impact Description

"None" for the creation of documentation, since we do not believe that documenting our APIs is inherently risky.

"High" for hosting a new functional component on our web endpoints. Mitigating factor: swagger pages are loaded as static html with no need (or ability) to interact with other functional components, except through the same public APIs as are already accessible.

Appsec Signoff

  • Reviewed and approved
@cjllanwarne cjllanwarne added the needs-triage A brand new issue that needs triaging. label Oct 15, 2024
@kasittig kasittig added security chore Roughly: infrastructure or operations. NIST 800-53 query batch python Pull requests that update Python code and removed needs-triage A brand new issue that needs triaging. labels Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cjllanwarne cjllanwarne

Labels
batch chore Roughly: infrastructure or operations. NIST 800-53 python Pull requests that update Python code query security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kasittig @cjllanwarne