Fortinet white logo
Fortinet white logo

Administration Guide

Enhanced OpenAPI Validation Attack Logs with Schema Line Numbers (7.6.4)

Enhanced OpenAPI Validation Attack Logs with Schema Line Numbers (7.6.4)

FortiWeb 7.6.4 enhances OpenAPI Validation by including schema file line numbers in the attack logs for all supported validation failure types. This allows administrators to pinpoint the exact location of a violation within the OpenAPI document, significantly reducing time spent on troubleshooting and schema debugging.

Previously, FortiWeb’s OpenAPI validation attack logs provided only a brief description of the error, without indicating where in the schema the failure occurred. As of this release, log messages now include both the line number and the schema file name, helping users immediately locate the issue in large or complex OpenAPI specifications.

This enhancement applies to all eight OpenAPI validation subtypes:

Subtype ID

Validation Type

Improved Log Example

600

Path parameter check

Path parameter "inside_id" validation fails, please refer to the OpenAPI file at line 80: Failed to validate schema path.yaml
601

Query parameter check

Query parameter "outside_id" validation fails, it's required, please refer to the OpenAPI file at line 353: Failed to validate schema sample.yaml
602

Cookie parameter check

Cookie parameter "i_am_a_cookie" validation fails, please refer to the OpenAPI file at line 129: Failed to validate schema sample.yaml
603

Header parameter check

Header parameter "hf" validation fails, it's required, please refer to the OpenAPI file at line 113: Failed to validate schema header.yaml
604

Request body check

Request body validation failure – validation error({"maximum":{"actual":100,"expected":99,"instanceRef":"#/age","schemaRef":"#/components/schemas/User-Parameter/properties/age","line":330}}): Failed to validate schema sample.yaml
605

Security scheme check

Security scheme validation failure, please refer to the OpenAPI file at line 358: Failed to validate schema sample.yaml
606

Unlisted media type

Unlisted media type, please refer to the OpenAPI file at line 139: Failed to validate schema sample.yaml
607

Non-JSON media type

Non-JSON media type, please refer to the OpenAPI file at line 207: Failed to validate schema sample.yaml

These enhancements improve the efficiency and accuracy of troubleshooting OpenAPI validation issues by:

  • Allowing precise correlation between validation errors and schema definitions

  • Reducing time required to identify and resolve misconfigurations

  • Facilitating clearer schema auditability during API onboarding and maintenance

Line number references are especially helpful when working with large or complex OpenAPI specifications, where locating the source of a violation manually would otherwise be time-consuming and error-prone.

Enhanced OpenAPI Validation Attack Logs with Schema Line Numbers (7.6.4)

Enhanced OpenAPI Validation Attack Logs with Schema Line Numbers (7.6.4)

FortiWeb 7.6.4 enhances OpenAPI Validation by including schema file line numbers in the attack logs for all supported validation failure types. This allows administrators to pinpoint the exact location of a violation within the OpenAPI document, significantly reducing time spent on troubleshooting and schema debugging.

Previously, FortiWeb’s OpenAPI validation attack logs provided only a brief description of the error, without indicating where in the schema the failure occurred. As of this release, log messages now include both the line number and the schema file name, helping users immediately locate the issue in large or complex OpenAPI specifications.

This enhancement applies to all eight OpenAPI validation subtypes:

Subtype ID

Validation Type

Improved Log Example

600

Path parameter check

Path parameter "inside_id" validation fails, please refer to the OpenAPI file at line 80: Failed to validate schema path.yaml
601

Query parameter check

Query parameter "outside_id" validation fails, it's required, please refer to the OpenAPI file at line 353: Failed to validate schema sample.yaml
602

Cookie parameter check

Cookie parameter "i_am_a_cookie" validation fails, please refer to the OpenAPI file at line 129: Failed to validate schema sample.yaml
603

Header parameter check

Header parameter "hf" validation fails, it's required, please refer to the OpenAPI file at line 113: Failed to validate schema header.yaml
604

Request body check

Request body validation failure – validation error({"maximum":{"actual":100,"expected":99,"instanceRef":"#/age","schemaRef":"#/components/schemas/User-Parameter/properties/age","line":330}}): Failed to validate schema sample.yaml
605

Security scheme check

Security scheme validation failure, please refer to the OpenAPI file at line 358: Failed to validate schema sample.yaml
606

Unlisted media type

Unlisted media type, please refer to the OpenAPI file at line 139: Failed to validate schema sample.yaml
607

Non-JSON media type

Non-JSON media type, please refer to the OpenAPI file at line 207: Failed to validate schema sample.yaml

These enhancements improve the efficiency and accuracy of troubleshooting OpenAPI validation issues by:

  • Allowing precise correlation between validation errors and schema definitions

  • Reducing time required to identify and resolve misconfigurations

  • Facilitating clearer schema auditability during API onboarding and maintenance

Line number references are especially helpful when working with large or complex OpenAPI specifications, where locating the source of a violation manually would otherwise be time-consuming and error-prone.