Overview
- Bug Type:
- Invalid input not validated
- Category:
- Error Handling & Input Validation
Definition
Inputs bypass type/range/format checks and reach core logic.
How to fix Invalid input not validated?
Validate at boundaries with strict schemas; reject unexpected fields; sanitize before sinks; add fuzz and negative tests
Symptoms
Observable signs that may indicate Invalid input not validated:
- Downstream functions receive unexpected types/shapes.
- Security scanners flag injection risks on unvalidated inputs.
- Frequent 400/422 validation failures in logs.
Example Errors:
- ValidationError: 'field' is required
- BadRequest: invalid format
- Schema validation failed