Problem description
The new CAMARA Validation Framework run on PR #131 raised 14 owasp:api8:2023-define-error-validation warnings (rule S-318) against code/API_definitions/network-access-management.yaml. Despite the rule's message ("Missing error response of either 400, 422 or 4XX"), it specifically requires a 400 or 422 input-validation error response — the existing 401/403/404 don't satisfy it because they're auth/resource errors, not input validation.
All affected operations are GETs and DELETEs that accept path or query parameters (UUID-typed {trustDomainId}, {deviceId}, {rebootRequestId}, etc.) which can fail format validation before auth/resource checks run.
Affected operations:
| Path |
Method |
Line |
/services |
GET |
215 |
/services/{serviceId} |
GET |
260 |
/trust-domains/capabilities |
GET |
300 |
/trust-domains |
GET |
387 |
/trust-domains/{trustDomainId} |
GET |
425 |
/trust-domains/{trustDomainId} |
DELETE |
496 |
/trust-domains/{trustDomainId}/devices |
GET |
575 |
/trust-domains/{trustDomainId}/devices/{deviceId} |
GET |
611 |
/trust-domains/{trustDomainId}/devices/{deviceId} |
DELETE |
680 |
/network-access-devices |
GET |
705 |
/network-access-devices/{networkAccessDeviceId} |
GET |
736 |
/reboot-requests |
GET |
842 |
/reboot-requests/{rebootRequestId} |
GET |
874 |
/reboot-requests/{rebootRequestId} |
DELETE |
942 |
Expected action
For each operation, add a '400' response entry referencing the shared Generic400:
'400':
$ref: '../common/CAMARA_common.yaml#/components/responses/Generic400'
Mechanical fix; single file (code/API_definitions/network-access-management.yaml); ~14 small additions. Can land as one PR.
Additional context
Problem description
The new CAMARA Validation Framework run on PR #131 raised 14
owasp:api8:2023-define-error-validationwarnings (ruleS-318) againstcode/API_definitions/network-access-management.yaml. Despite the rule's message ("Missing error response of either 400, 422 or 4XX"), it specifically requires a 400 or 422 input-validation error response — the existing 401/403/404 don't satisfy it because they're auth/resource errors, not input validation.All affected operations are GETs and DELETEs that accept path or query parameters (UUID-typed
{trustDomainId},{deviceId},{rebootRequestId}, etc.) which can fail format validation before auth/resource checks run.Affected operations:
/services/services/{serviceId}/trust-domains/capabilities/trust-domains/trust-domains/{trustDomainId}/trust-domains/{trustDomainId}/trust-domains/{trustDomainId}/devices/trust-domains/{trustDomainId}/devices/{deviceId}/trust-domains/{trustDomainId}/devices/{deviceId}/network-access-devices/network-access-devices/{networkAccessDeviceId}/reboot-requests/reboot-requests/{rebootRequestId}/reboot-requests/{rebootRequestId}Expected action
For each operation, add a
'400'response entry referencing the shared Generic400:Mechanical fix; single file (
code/API_definitions/network-access-management.yaml); ~14 small additions. Can land as one PR.Additional context