From 8d45149c2da4b4a8c2d2e2fc6dea784a866679a1 Mon Sep 17 00:00:00 2001 From: Castanheta Date: Fri, 26 Jun 2026 16:43:06 +0100 Subject: [PATCH 1/2] Update error response details in test plans --- doc/testing/testplan/api_discover_service/README.md | 4 ++-- doc/testing/testplan/api_events_service/README.md | 8 ++++---- .../testplan/api_invoker_management/README.md | 4 ++-- .../testplan/api_provider_management/README.md | 12 ++++++------ doc/testing/testplan/api_publish_service/README.md | 4 ++-- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/doc/testing/testplan/api_discover_service/README.md b/doc/testing/testplan/api_discover_service/README.md index 98375698..caa6c742 100644 --- a/doc/testing/testplan/api_discover_service/README.md +++ b/doc/testing/testplan/api_discover_service/README.md @@ -157,8 +157,8 @@ At this documentation you will have all information and related files and exampl 2. Error Response Body must accomplish with **ProblemDetails** data structure with: * status 404 * title with message "Not Found" - * detail with message "API Invoker does not exist". - * cause with message "API Invoker id not found". + * detail with message "Please provide an existing Network App ID". + * cause with message "Certificate not found for invoker". ## Test Case 4: Discover Published service APIs by registered API Invoker with 1 result filtered diff --git a/doc/testing/testplan/api_events_service/README.md b/doc/testing/testplan/api_events_service/README.md index 7db084aa..a918a25d 100644 --- a/doc/testing/testplan/api_events_service/README.md +++ b/doc/testing/testplan/api_events_service/README.md @@ -86,8 +86,8 @@ At this documentation you will have all information and related files and exampl 2. Error Response Body must accomplish with **ProblemDetails** data structure with: * status 404 * title with message "Not Found" - * detail with message "Invoker or APF or AEF or AMF Not found". - * cause with message "Subscriber Not Found". + * detail with message "Please provide an existing Subscriber ID". + * cause with message "Certificate not found for Invoker or APF or AEF or AMF". 3. Event Subscriptions are not stored in CAPIF Database @@ -197,8 +197,8 @@ At this documentation you will have all information and related files and exampl * status 404 * title with message "Not Found" - * detail with message "Invoker or APF or AEF or AMF Not found". - * cause with message "Subscriber Not Found". + * detail with message "Please provide an existing Subscriber ID". + * cause with message "Certificate not found for Invoker or APF or AEF or AMF". --- ## Test Case 5: Deletes an individual CAPIF Event Subscription with invalid SubscriptionId diff --git a/doc/testing/testplan/api_invoker_management/README.md b/doc/testing/testplan/api_invoker_management/README.md index d659a8a1..3889a42e 100644 --- a/doc/testing/testplan/api_invoker_management/README.md +++ b/doc/testing/testplan/api_invoker_management/README.md @@ -173,7 +173,7 @@ At this documentation you will have all information and related files and exampl * status 404 * title with message "Not Found" * detail with message "Please provide an existing Network App ID". - * cause with message "Not exist Network App ID". + * cause with message "Network App ID does not exist". ## Test Case 5: Offboard Network App @@ -243,7 +243,7 @@ At this documentation you will have all information and related files and exampl * status 404 * title with message "Not Found" * detail with message "Please provide an existing Network App ID". - * cause with message "Not exist Network App ID". + * cause with message "Network App ID does not exist". ## Test Case 7: Update Onboarded Network App Certificate diff --git a/doc/testing/testplan/api_provider_management/README.md b/doc/testing/testplan/api_provider_management/README.md index 2ec507f8..2a29aba4 100644 --- a/doc/testing/testplan/api_provider_management/README.md +++ b/doc/testing/testplan/api_provider_management/README.md @@ -198,8 +198,8 @@ At this documentation you will have all information and related files and exampl 2. body returned must accomplish **ProblemDetails** data structure, with: * status 404 * title with message "Not Found" - * detail with message "Not Exist Provider Enrolment Details". - * cause with message "Not found registrations to Send **THIS** api provider details". + * detail with message "Please provide an existing API Provider ID". + * cause with message "API Provider ID does not exist". ## Test Case 5: Partially Update Registered Api Provider @@ -300,8 +300,8 @@ At this documentation you will have all information and related files and exampl * status 404 * title with message "Not Found" - * detail with message "Not Exist Provider Enrolment Details". - * cause with message "Not found registrations to Send **THIS** api provider details". + * detail with message "Please provide an existing API Provider ID". + * cause with message "API Provider ID does not exist". ## Test Case 7: Delete Registered Api Provider @@ -396,8 +396,8 @@ At this documentation you will have all information and related files and exampl 2. body returned must accomplish **ProblemDetails** data structure, with: * status 404 * title with message "Not Found" - * detail with message "Not Exist Provider Enrolment Details". - * cause with message "Not found registrations to Send **THIS** api provider details". + * detail with message "Please provide an existing API Provider ID". + * cause with message "API Provider ID does not exist". ## Test Case 9: Onboard provider without supported_features diff --git a/doc/testing/testplan/api_publish_service/README.md b/doc/testing/testplan/api_publish_service/README.md index 61beb175..0eb17eb5 100644 --- a/doc/testing/testplan/api_publish_service/README.md +++ b/doc/testing/testplan/api_publish_service/README.md @@ -77,8 +77,8 @@ At this documentation you will have all information and related files and exampl 2. Error Response Body must accomplish with **ProblemDetails** data structure with: * status **401** * title with message "Unauthorized" - * detail with message "Publisher not existing". - * cause with message "Publisher id not found". + * detail with message "Please provide an existing APF ID". + * cause with message "Certificate not found for APF". 2. Service API is NOT stored in CAPIF Database -- GitLab From 20921512884be6c0de8e9d9db5c0c0ca05b9848f Mon Sep 17 00:00:00 2001 From: Castanheta Date: Fri, 26 Jun 2026 22:33:32 +0100 Subject: [PATCH 2/2] Update release notes to include new security tests and critical vulnerabilities fix --- doc/releasenotes.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/releasenotes.md b/doc/releasenotes.md index c270fac1..0bbf09ef 100644 --- a/doc/releasenotes.md +++ b/doc/releasenotes.md @@ -46,10 +46,14 @@ Additionally, this change includes minor improvements such as correctly setting - 2 New tests related with use of same apiName across different AEFs. - Duplicate test name capif_api_provider_management-10 changed. +#### **Security Issues** +- **Critical Authorization Bypass** vulnerability solved. + ### **Documentation** - 2 New tests added to [OCF Publish API test plan documentation], related with apiName. - Changed name of capif_api_provider_management-10 to Update Registered Api Provider Without SuppFeat field +- Updated expected **ProblemDetails** `detail` and `cause` error messages in test plan documentation for Discover, Events, Invoker Management, Provider Management, and Publish services to align responses with current certificate and ID validation behavior. ## **Release 4.0.0** -- GitLab