-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Offset accepts string as valid input #1997
Comments
Thanks for writing this up @sigalsax ! I would suggest that rather than
an invalid value for either offset or limit should result in
A more generic alternative could be just Conjur should really only return a 500 internal server error if it encounters an error we haven't thought to handle yet (see ref), and not one we ever intentionally return. CC: @liavyona |
Summary
Our REST API for list, accepts a string for
offset
as valid data when it should only accept a numeric value. When we runoffset=somestring
, we get the JSON data from the Conjur server without any constraints applied to it as if we were to runconjur list
For example, the returned data would resemble the following
Steps to Reproduce
Steps to reproduce the behavior:
Expected Results
A non-numeric value for
offset
should return a 500 internal server error likelimit
doesActual Results (including error logs, if applicable)
Reproducible
Version/Tag number
All versions
Environment setup
DAP server in AWS, Conjur CLI on my local machine
Additional Information
NA
The text was updated successfully, but these errors were encountered: