Actions
Bug #65
closedImproper Input Length Validation in /api/serviceLines/add (Web- API)
Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
04/01/2026
Due date:
% Done:
100%
Estimated time:
Description
The API does not enforce input length validation on key fields such as:
name
type
description
Even when excessively long values are provided (far beyond expected limits like 100/20/500 characters), the API accepts and stores them successfully.
This indicates missing server-side validation.
Steps to Reproduce
Send a POST request to: /api/serviceLines/add
Use excessively long values:
- name > 100 characters
- type > 20 characters
- description > 500 characters
Actual Result
API accepts and stores the oversized input without any validation:
{
"success": true,
"message": "Service line created successfully"
}
Expected Result
System should validate inputs before processing:
- Reject name values exceeding allowed length (e.g., 100 characters)
- Reject type values exceeding allowed length (e.g., 20 characters)
- Reject description values exceeding allowed length (e.g., 500 characters)
API should return appropriate validation error messages like:
{
"success": false,
"message": "Validation error",
"errors": {
"name": "Maximum length exceeded",
"type": "Maximum length exceeded",
"description": "Maximum length exceeded"
}
}
Updated by Adhi Narayanan 19 days ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Actions