Project

General

Profile

Actions
Copy link

Bug #81

closed

Bug #80: Insufficient Input Validation in /api/schools/add Allows Invalid and Malformed Data Submission (Web-api)

Improper Input Validation in /api/admin/add-role Allows Invalid Role Names (Web-Api)

Added by Vivek Kumar 10 days ago. Updated 8 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
04/11/2026
Due date:
% Done:

100%

Estimated time:
Spent time:
0:27 h

Description

The API does not properly validate input for the role creation endpoint. It accepts malformed, meaningless, and special character-only values for the name field, indicating missing or weak server-side validation.

Steps to Reproduce

  1. Send a POST request to /api/admin/add-role
  2. Provide invalid input in the request body:
{
  "name": "..............."
}
  1. Observe that the API accepts the request and creates the role successfully

Actual Result
The API accepts invalid input for the name field:
name:

  • Accepts special character-only values (e.g., "...............")
  • Does not enforce meaningful or alphabetic input
  • No restriction on format or content

Expected Result
The API must enforce strict validation on the name field:

  • Reject special character-only or meaningless values
  • Enforce proper format (e.g., alphabetic characters with spaces)
  • Return reasonable errors for invalid inputs
Actions
Copy link
 #1

Updated by Vivek Kumar 10 days ago

  • Parent task set to #80
Actions
Copy link
 #2

Updated by Adhi Narayanan 10 days ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Vivek Kumar 8 days ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF