Bug ID 1190365: OpenAPI parameters with type:object/explode:true/style:form serialized incorrectly

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 17.0.0, 17.0.0.1, 17.0.0.2, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3

Fixed In:
17.1.1, 16.1.4, 15.1.10

Opened: Nov 17, 2022

Severity: 3-Major

Symptoms

The method used by ASM enforcer to serialize an OpenAPI object configured with "style:form", "explode:true", and "type:object" is not functioning as expected.

Impact

The violation "JSON data does not comply with JSON schema" is raised due to the repeated parameters from the query string with "array" configuration.

Conditions

Repeated occurrences of parameter names in the query string with "type:object/explode:true/style:form" configured OpenAPI file.

Workaround

None

Fix Information

The enforcer serializes the OpenAPI object correctly, no violation reported. Note: In case of single occurrence of a parameter name in query string, it will be handled as a primitive (non-array) type.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips