🚀Launch Week 04, May 13th - 17th, 2024!🚀
Steampipe Hub 
Hub
Plugins
turbot/openapi
Overview
11Tables
Versions
GitHub
steampipe plugin install openapi

Table: openapi_component_security_scheme - Query OpenAPI Component Security Schemes using SQL

OpenAPI Component Security Schemes are part of the OpenAPI Specification (OAS), which is a standard, language-agnostic interface to RESTful APIs. These security schemes define the security requirements for different API operations, such as authentication and authorization methods. They are essential for ensuring the secure and controlled access to API resources.

Table Usage Guide

The openapi_component_security_scheme table provides insights into the security requirements of RESTful APIs defined by the OpenAPI Specification. As an API developer or security analyst, explore this table to understand the security schemes applied to different API operations, including the types of schemes (e.g., HTTP, OAuth2, OpenID Connect) and their specific details. Utilize it to review and validate the security configurations of your APIs, and to identify potential security risks or misconfigurations.

Examples

Basic info

Explore the configuration details of security schemes in your OpenAPI components to understand their location, type, and purpose. This can help assess the elements within your API security design and ensure they are properly implemented.

select
  name,
  type,
  location,
  description,
  scheme,
  path
from
  openapi_component_security_scheme;
select
  name,
  type,
  location,
  description,
  scheme,
  path
from
  openapi_component_security_scheme;

List OpenAPI specs with no security scheme defined

Discover the segments of your OpenAPI specifications that lack defined security schemes. This is useful for identifying potential vulnerabilities and ensuring all parts of your API are secure.

select
  i.title,
  i.version,
  i.description,
  i.path
from
  openapi_info as i
  left join openapi_component_security_scheme as s on i.path = s.path
where
  s.path is null;
select
  i.title,
  i.version,
  i.description,
  i.path
from
  openapi_info as i
  left join openapi_component_security_scheme as s on i.path = s.path
where
  s.path is null;

List OAuth 1.0 security schemes

Explore the security schemes that utilize OAuth 1.0 for HTTP protocols. This can be useful in understanding the security mechanisms in place and identifying any potential areas for improvement.

select
  name,
  type,
  location,
  description,
  scheme,
  path
from
  openapi_security_scheme
where
  type = 'http'
  and scheme = 'oauth';
select
  name,
  type,
  location,
  description,
  scheme,
  path
from
  openapi_security_scheme
where
  type = 'http'
  and scheme = 'oauth';

List security schemes using basic HTTP authentication

Explore which security schemes utilize basic HTTP authentication to gain insights into potential vulnerabilities or areas requiring additional security measures. This is useful in identifying weak spots in your system's security and implementing necessary improvements.

select
  name,
  type,
  location,
  description,
  scheme,
  path
from
  openapi_security_scheme
where
  type = 'http'
  and scheme = 'basic';
select
  name,
  type,
  location,
  description,
  scheme,
  path
from
  openapi_security_scheme
where
  type = 'http'
  and scheme = 'basic';

Schema for openapi_component_security_scheme

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
bearer_formattextA hint to the client to identify how the bearer token is formatted.
descriptiontextA description for security scheme.
flowsjsonbAn object containing configuration information for the flow types supported.
keytextThe key used to refer or search the security scheme.
locationtextThe location of the API key. Possible values are query, header or cookie.
nametextThe name of the header, query or cookie parameter to be used.
open_id_connect_urltextOpenId Connect URL to discover OAuth2 configuration values.
pathtext=Path to the file.
schemetextThe name of the HTTP Authorization scheme to be used in the Authorization header as defined in [RFC7235]. The values used SHOULD be registered in the IANA Authentication Scheme registry.
typetextThe type of the security scheme. Valid values are apiKey, http, mutualTLS, oauth2, openIdConnect.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- openapi

You can pass the configuration to the command with the --config argument:

steampipe_export_openapi --config '<your_config>' openapi_component_security_scheme