From 3b0345fc422f0ab2c3ee36162cc4043d352a61cb Mon Sep 17 00:00:00 2001 From: Ryan Wakeham <85182216+cx-ryan-wakeham@users.noreply.github.com> Date: Mon, 26 Jan 2026 09:44:44 -0600 Subject: [PATCH 1/2] Delete swagger.yaml --- swagger.yaml | 278 --------------------------------------------------- 1 file changed, 278 deletions(-) delete mode 100644 swagger.yaml diff --git a/swagger.yaml b/swagger.yaml deleted file mode 100644 index 5d6a929..0000000 --- a/swagger.yaml +++ /dev/null @@ -1,278 +0,0 @@ -openapi: 3.0.0 -info: - title: Bank of Checkmarx API - description: | - API for the Bank of Checkmarx demo application - - ## Authentication - This API uses JWT Bearer token authentication. To authenticate: - 1. Use the `/api/v1/login` endpoint with your username and password - 2. Include the returned token in the Authorization header as `Bearer ` - - ## Security Notice - This is a demo application with intentionally vulnerable endpoints for security testing purposes. - version: 1.0.0 - contact: - name: Bank of Checkmarx - email: support@bankofcheckmarx.com - -servers: - - url: http://172.35.1.192:8000 - description: Production server - -paths: - /api/v1/login: - post: - summary: User login - description: Authenticate user and return JWT token - tags: - - Authentication - requestBody: - required: true - content: - application/json: - schema: - type: object - required: - - username - - password - properties: - username: - type: string - description: User's username - example: "john.doe" - password: - type: string - description: User's password - example: "password123" - responses: - '200': - description: Login successful - content: - application/json: - schema: - type: object - properties: - access_token: - type: string - description: JWT access token - example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." - '400': - description: Invalid request data - '401': - description: Invalid credentials - - /api/v1/accounts/{account_id}: - get: - summary: Get account by ID - description: Retrieve account details by account ID - tags: - - Accounts - parameters: - - name: account_id - in: path - required: true - description: Account ID - schema: - type: string - example: "ACC123456" - security: - - bearerAuth: [] - responses: - '200': - description: Account details retrieved successfully - content: - application/json: - schema: - type: object - properties: - account_id: - type: string - example: "ACC123456" - balance: - type: number - format: float - example: 1000.00 - '401': - description: Unauthorized - Invalid or missing token - '404': - description: Account not found - - /api/v1/process-file: - post: - summary: Process file content - description: Read and return the contents of a file from the server - tags: - - File Operations - security: - - bearerAuth: [] - requestBody: - required: true - content: - application/json: - schema: - type: object - required: - - file_path - properties: - file_path: - type: string - description: Path to the file to process - example: "/etc/passwd" - responses: - '200': - description: File content retrieved successfully - content: - application/json: - schema: - type: object - properties: - result: - type: string - description: File content - example: "root:x:0:0:root:/root:/bin/bash..." - '401': - description: Unauthorized - Invalid or missing token - '500': - description: Error processing file - - /api/v1/ping: - post: - summary: Ping network host - description: Execute ping command against a specified host - tags: - - Network Operations - security: - - bearerAuth: [] - requestBody: - required: true - content: - application/json: - schema: - type: object - properties: - host: - type: string - description: Host to ping - default: "localhost" - example: "google.com" - responses: - '200': - description: Ping executed successfully - content: - application/json: - schema: - type: object - properties: - result: - type: string - description: Ping command output - example: "PING google.com (142.250.191.78) 56(84) bytes of data..." - '401': - description: Unauthorized - Invalid or missing token - '500': - description: Error executing ping command - - /api/v1/comment: - post: - summary: Add comment - description: Store and return a user comment - tags: - - User Content - security: - - bearerAuth: [] - requestBody: - required: true - content: - application/json: - schema: - type: object - required: - - comment - properties: - comment: - type: string - description: User comment to store - example: "This is a test comment" - responses: - '200': - description: Comment stored successfully - content: - application/json: - schema: - type: object - properties: - comment: - type: string - description: The stored comment - example: "This is a test comment" - '401': - description: Unauthorized - Invalid or missing token - - /api/v1/upload: - post: - summary: Upload file - description: Handle file upload and return filename - tags: - - File Operations - security: - - bearerAuth: [] - requestBody: - required: true - content: - multipart/form-data: - schema: - type: object - required: - - file - properties: - file: - type: string - format: binary - description: File to upload - responses: - '200': - description: File uploaded successfully - content: - application/json: - schema: - type: object - properties: - filename: - type: string - description: Name of the uploaded file - example: "document.pdf" - '401': - description: Unauthorized - Invalid or missing token - '400': - description: No file provided - -components: - securitySchemes: - bearerAuth: - type: http - scheme: bearer - bearerFormat: JWT - description: | - JWT Bearer token authentication. - Include the token in the Authorization header as: `Bearer ` - - To obtain a token, use the `/api/v1/login` endpoint with your username and password. - - schemas: - Error: - type: object - properties: - error: - type: string - description: Error message - example: "Invalid credentials" - - Success: - type: object - properties: - message: - type: string - description: Success message - example: "Operation completed successfully" - From 6c7cf1af4b158298773d3034e04bc35fd88b4f38 Mon Sep 17 00:00:00 2001 From: Ryan Wakeham <85182216+cx-ryan-wakeham@users.noreply.github.com> Date: Mon, 26 Jan 2026 09:45:07 -0600 Subject: [PATCH 2/2] Rename openapi.yaml to swagger.yaml --- openapi.yaml => swagger.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename openapi.yaml => swagger.yaml (100%) diff --git a/openapi.yaml b/swagger.yaml similarity index 100% rename from openapi.yaml rename to swagger.yaml