Bug #65: Improper Input Length Validation in /api/serviceLines/add (Web- API) - aKinderWellness Testing and Quality analysis - Redmine

Actions

Copy link

Bug #65

closed

Improper Input Length Validation in /api/serviceLines/add (Web- API)

Added by Vivek Kumar 20 days ago. Updated 18 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Start date:

04/01/2026

Due date:

% Done:

100%

Estimated time:

Description

The API does not enforce input length validation on key fields such as:

name
type
description
Even when excessively long values are provided (far beyond expected limits like 100/20/500 characters), the API accepts and stores them successfully.
This indicates missing server-side validation.

Steps to Reproduce
Send a POST request to: /api/serviceLines/add
Use excessively long values:

name > 100 characters
type > 20 characters
description > 500 characters

Actual Result

API accepts and stores the oversized input without any validation:

{
  "success": true,
  "message": "Service line created successfully"
}

Expected Result
System should validate inputs before processing:

Reject name values exceeding allowed length (e.g., 100 characters)
Reject type values exceeding allowed length (e.g., 20 characters)
Reject description values exceeding allowed length (e.g., 500 characters)

API should return appropriate validation error messages like:

{
  "success": false,
  "message": "Validation error",
  "errors": {
    "name": "Maximum length exceeded",
    "type": "Maximum length exceeded",
    "description": "Maximum length exceeded"
  }
}

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

aKinderWellness Testing and Quality analysis

Custom queries

Bug #65

Improper Input Length Validation in /api/serviceLines/add (Web- API)

Updated by Adhi Narayanan 19 days ago

Updated by Vivek Kumar 18 days ago