Project

General

Profile

Actions
Copy link

Bug #66

closed

Improper Input Length Validation in /api/diseases/add (API-Web)

Added by Vivek Kumar 20 days ago. Updated 18 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
04/01/2026
Due date:
% Done:

100%

Estimated time:
Spent time:
1:00 h

Description

The API does not enforce input length restrictions on the following fields:

name
description
message
Even when values exceed reasonable or expected limits (e.g., 150+ for name, 500+ for description, 200+ for message), the API successfully processes and stores the data.
This indicates missing server-side validation.

Steps to Reproduce

  1. Send a POST request to: /api/diseases/add
  2. Provide excessively long inputs:
  • name > 150 characters
  • description > 500 characters
  • message > 200 characters

Actual Result
API accepts and stores the oversized input without validation:


{
  "success": true,
  "message": "Disease added successfully"
}

**```
Expected Result**

System should validate inputs before processing:

* Reject name values exceeding allowed length (e.g., 150 characters)
* Reject description values exceeding allowed length (e.g., 500 characters)
* Reject message values exceeding allowed length (e.g., 200 characters)

API should return proper validation errors:

{
"success": false,
"message": "Validation error",
"errors": {
"name": "Maximum length exceeded",
"description": "Maximum length exceeded",
"message": "Maximum length exceeded"
}
}
Actions
Copy link

Also available in: Atom PDF