Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server crash on handling API requests with large integer values #202

Closed
OhmSpectator opened this issue Jan 12, 2024 · 0 comments · Fixed by #204
Closed

Server crash on handling API requests with large integer values #202

OhmSpectator opened this issue Jan 12, 2024 · 0 comments · Fixed by #204
Assignees
@OhmSpectator
Labels
back Issues related to the backend bug Something isn't working

Comments

@OhmSpectator
Copy link
Member

Description

A bug has been identified where the server crashes with a SequelizeDatabaseError when processing API requests with excessively large integer values. This issue leads to an 'out of range for type integer' error and was originally found by the Mayhem fuzzer.

Steps to Reproduce

  1. Send an API request to any of the following endpoints with extremely large integer values:
    • /api/regions/-999999999999999999/siblings
    • /api/regions/-999999999999999999/geometry
    • /api/regions/999999999999999999/siblings
    • /api/regions/-786773861553238898/geometry

Expected Behavior

The API should handle large integer inputs correctly, either by processing them or by returning a proper error message, without causing a server crash.

Actual Behavior

The server crashes, throwing a SequelizeDatabaseError. This error states that the value "-999999999999999999" is out of range for the type integer.

Commit Version

This bug first found here: 527ad8e

Additional Context

This issue appears to arise from Sequelize's handling of large integer values in database queries. A solution might involve better input validation or modifications to query handling in Sequelize.

Possible Solution

  • Implement robust input validation to ensure integer values are within a permissible range before processing the API request.
  • Modify the Sequelize query construction to accommodate or reject large integer values gracefully.
  • Introduce exception handling for SequelizeDatabaseError related to integer size limits to prevent the server from crashing.
@OhmSpectator OhmSpectator added the bug Something isn't working label Jan 12, 2024
@OhmSpectator OhmSpectator moved this from 🆕 New to 📋 Backlog in Track Your Regions Jan 12, 2024
@OhmSpectator OhmSpectator added the back Issues related to the backend label Jan 12, 2024
@OhmSpectator OhmSpectator self-assigned this Jan 13, 2024
@OhmSpectator OhmSpectator moved this from 📋 Backlog to 🏗 In progress in Track Your Regions Jan 13, 2024
OhmSpectator added a commit that referenced this issue Jan 13, 2024
@OhmSpectator
back: Add validation for numerical inputs in API.
39e8890 
This commit includes the addition of a utility function that checks the
range of the data types and validates them. This is particularly useful
for numerical inputs in the API that need to be within a specific range.
The commit also updates the backend routes to use these validations.

Issue: #202

Signed-off-by: Nikolay Martyanov <[email protected]>
@OhmSpectator OhmSpectator mentioned this issue Jan 13, 2024
Merged
4 tasks
@OhmSpectator OhmSpectator linked a pull request Jan 13, 2024 that will close this issue
Add input validation for API numerical inputs #204
Merged
4 tasks
OhmSpectator added a commit that referenced this issue Jan 13, 2024
@OhmSpectator
back: Add validation for numerical inputs in API.
9f334bf 
This commit includes the addition of a utility function that checks the
range of the data types and validates them. This is particularly useful
for numerical inputs in the API that need to be within a specific range.
The commit also updates the backend routes to use these validations.

Issue: #202

Signed-off-by: Nikolay Martyanov <[email protected]>
@github-project-automation github-project-automation bot moved this from 🏗 In progress to ✅ Done in Track Your Regions Jan 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@OhmSpectator OhmSpectator

Labels
back Issues related to the backend bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add input validation for API numerical inputs uncovering-world/track-your-regions
1 participant
@OhmSpectator