Should owasp:api3:2019-define-error-validation trigger on a GET

[philsturgeon]

Should a GET really need a 400 error, especially if its got no parameters?

Context

I'm working on an API with some fairly simple GET endpoints and the ruleset is asking me to define a 400 for this GET, but I'm not sure I should be defining a 400 for a GET? If it's got no parameters, how could a client make a bad request?

paths:
  /stations:
    get:
      summary: Get a list of train stations
      description: Returns a list of all train stations in the system.
      operationId: get-stations
      responses:
        '200':
          description: A list of train stations
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/Station'
              example:
                - id: "efdbb9d1-02c2-4bc3-afb7-6788d8782b1e"
                  name: Berlin Hauptbahnhof
                  address: "Invalidenstraße 10557 Berlin, Germany"
                  country_code: DE
                - id: "b2e783e1-c824-4d63-b37a-d8d698862f1d"
                  name: Paris Gare du Nord
                  address: "18 Rue de Dunkerque 75010 Paris, France"
                  country_code: FR
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '429':
          $ref: '#/components/responses/TooManyRequests'
        '500':
          $ref: '#/components/responses/InternalServerError'

Current Behavior

The above example gives this warning:

  19:17  warning  owasp:api3:2019-define-error-validation  Missing error response of either 400, 422 or 4XX.                                            paths./stations.get.responses

Expected Behavior

I think, but am not entirely certain, that this error should be skipped.

Possible Solution(s)

Check for parameters and if none exist skip this message?