Positive integer validation
Description
refers to a security or software feature where inputs are checked to ensure they are positive integers. This type of validation is crucial in many applications, such as financial software, data processing, or user input forms, to prevent errors or security vulnerabilities like SQL injection or buffer overflows. By validating inputs as positive integers, the system ensures it receives data in the expected format and range, safeguarding against malicious inputs or unintended operations.
Remediation
To ensure positive integer validation, implement the following remediation steps:
- Check if the input is an integer using a type-checking function or method specific to your programming language (e.g.,
isinstance(input, int)
in Python). - Verify that the integer is greater than zero by comparing it with zero (e.g.,
input > 0
). - If the input fails either check, reject it and prompt the user for a valid positive integer.
- Use built-in functions or regular expressions to prevent non-numeric data entry if the input is received as a string.
- Consider using exception handling to catch any errors that occur during the input validation process.
- If the input is part of a web form, use client-side validation with JavaScript to provide immediate feedback, but always validate on the server-side as well to ensure security.
- Sanitize the input to prevent SQL injection or other forms of attacks if the data will interact with a database or other critical components.
- Provide clear error messages to guide the user towards entering a valid positive integer.
- Log validation failures when appropriate to monitor for unusual activity or repeated invalid inputs.
- Regularly review and update the validation logic to handle edge cases and new threat vectors.
GraphQL Specific
Apollo
Yoga
Awsappsync
Graphqlgo
Graphqlruby
Hasura
REST Specific
Asp_net
Ruby_on_rails
Next_js
Laravel
Express_js
Django
Symfony
Spring_boot
Flask
Nuxt
Fastapi
Configuration
Identifier:
schema/positive_integer_validation
Examples
Ignore this check
checks:
schema/positive_integer_validation:
skip: true
Score
- Escape Severity: INFO
Compliance
OWASP: API8:2023
pci: 6.5.1
gdpr: Article-32
soc2: CC1
psd2: Article-95
iso27001: A.14.2
nist: SP800-53
fedramp: AC-6
Classification
- CWE: 20
Score
- CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- CVSS_SCORE: 0.1