Description
There is no validation on namespace or flag name length in src/main.rs. The put_flag and delete_flag handlers accept path parameters of any length. With the in-memory database (src/db/mem.rs), there are also no limits on the number of namespaces or flags.
An attacker (or anyone, if auth is disabled) can:
- Create flag/namespace names that are megabytes long
- Create millions of namespaces/flags
- Exhaust server memory until OOM
Severity
Medium
Suggested Fix
Add a maximum length constraint (e.g., 256 characters) for namespace and flag names, returning 400 Bad Request if exceeded.
Description
There is no validation on namespace or flag name length in
src/main.rs. Theput_flaganddelete_flaghandlers accept path parameters of any length. With the in-memory database (src/db/mem.rs), there are also no limits on the number of namespaces or flags.An attacker (or anyone, if auth is disabled) can:
Severity
Medium
Suggested Fix
Add a maximum length constraint (e.g., 256 characters) for namespace and flag names, returning
400 Bad Requestif exceeded.