Skip to content

[SECURITY] Add API Input Validation #164

Closed
Closed
[SECURITY] Add API Input Validation#164
Labels
P1agent:builderAgent 2 - Buildercomponent:backendBackend API (Go)needs:security-reviewRequires security reviewsecuritysize:m4-8 hours
Milestone
v2.1.0
@JoshuaAFerguson

Description

@JoshuaAFerguson
JoshuaAFerguson
opened on Nov 23, 2025

Objective

Implement comprehensive input validation for all API endpoints.

Implementation

import "github.com/go-playground/validator/v10"

type CreateSessionRequest struct {
    TemplateID string `json:"template_id" validate:"required,uuid"`
    Name       string `json:"name" validate:"required,min=3,max=100"`
    Timeout    int    `json:"timeout" validate:"min=60,max=86400"`
}

func ValidateRequest(req interface{}) error {
    validate := validator.New()
    return validate.Struct(req)
}

Validation Rules

  • UUID format for IDs
  • String length limits
  • Numeric ranges
  • Email format
  • URL format
  • Enum values

Acceptance Criteria

  • All request structs have validation tags
  • Validation errors return 400 with details
  • No SQL injection possible
  • No XSS possible
  • Security audit passed

Files

  • All api/internal/handlers/*.go
  • api/internal/validator/validator.go (NEW)

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1agent:builderAgent 2 - Buildercomponent:backendBackend API (Go)needs:security-reviewRequires security reviewsecuritysize:m4-8 hours

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions