Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⛏️ Write a test to check whether we can create/update an object with invalid Integer causing buffer overflows #654

Open
5 tasks
arjun-akto opened this issue Oct 13, 2023 · 10 comments
Assignees
Labels
hacktoberfest yaml requires yaml knowledge

Comments

@arjun-akto
Copy link
Contributor

💭 Introduction:

We want a test to check whether an attacker can create/update entity with an invalid Integer value, possibly causing buffer overflows.

🎯 Requirements:

  1. Filters - API with Integer as an input in GET query parameter or JSON body parameter

  2. Execute - It should replace the value with

  • special characters
  • A very long string (> 255 characters)
  • Use whitespaces
  • A negative integer
  • A very long integer causing integer overflow
  • Zero
  • NULL
  • NULL character
  1. Validation - If the application responds with a exception trace, it is a vulnerability.

📚 Reading

You can find a detailed documentation of test editor rules [here]

Find 100+ examples of YAML tests [here]

✅ Task summary:

  • Ask to be assigned to the issue.
  • Wait to be assigned. We will try to assign in less than 2 hours.
  • Signup for [Akto](https://app.akto.io/)
  • Fork the [tests-library] repository, create a new branch and commit the yaml file which will be called in your test.
  • Submit both the PR here.

✌🏻 Hints:

You can build the yaml template by referring this [link]

🙋🏼‍♂️ Questions:

If you have questions, need any help, or just want to hang out, make sure to join us on our [Discord server].

@arjun-akto arjun-akto added yaml requires yaml knowledge hacktoberfest labels Oct 13, 2023
@coder-oj
Copy link

Hi, can you please assign this issue to me?
@arjun-akto

@arjun-akto
Copy link
Contributor Author

Hi @coder-oj . I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts.

@harshalkh
Copy link

@arjun-akto could you please assign this to me? I have some analysis on this one.

@arjun-akto
Copy link
Contributor Author

Hi @harshalkh . I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts.

@harshalkh
Copy link

@arjun-akto I have raised PR, can you please review...

@avneesh-akto
Copy link
Contributor

Added comments to the PR

@harshalkh
Copy link

Added comments to the PR

Let me check

@ankush-jain-akto
Copy link
Contributor

This looks like a close-to-good test. I think it still needs some very small edits, but I will merge it for now

ayushaga14 pushed a commit that referenced this issue Jan 3, 2024
@RaagaAkto
Copy link

Hi @harshalkh, please fill out this form here so we can send you Akto swags. Will let you know ETA of swags soon, thanks for your contribution! 🚀

@RaagaAkto
Copy link

Hi @harshalkh, we've received your details, swags should reach you in a month!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
hacktoberfest yaml requires yaml knowledge
Projects
None yet
Development

No branches or pull requests

6 participants