Path Validation

8 tests demonstrate how Signando REST validates URL paths against the OpenAPI specification and blocks path traversal attacks.

PATH-001PASS

GET /users - Valid static path

curl -X GET -H "X-API-Key: valid-key-123" http://localhost:8080/users

The path /users is defined in the OpenAPI specification. Signando REST validates that the path matches a defined endpoint.

PATH-003BLOCKED

GET /admin - Path not in allowlist

curl -X GET -H "X-API-Key: valid-key-123" http://localhost:8080/admin

Signando REST works on the allowlist principle: Only paths explicitly defined in the OpenAPI specification are allowed.

PATH-004BLOCKED

GET /../etc/passwd - Path traversal attack

curl -X GET -H "X-API-Key: valid-key-123" http://localhost:8080/../etc/passwd

Path traversal attempts using ../ sequences are detected and blocked before reaching the backend.