Specifying limits can help prevent potential attacks, such as buffer overflow attacks. An attacker might attempt to input very large or very small values in an effort to crash a server or to exploit vulnerabilities. By defining clear boundaries, developers can safeguard their infrastructure against these kinds of threats. Furthermore, in scenarios where an API’s logic or data storage mechanisms expect values within a particular range, any value outside that range might cause unintended behavior or data corruption. By setting clear and predefined limits, developers ensure that only valid and acceptable values are processed or stored, reducing the chances of unexpected errors. Providing specific integer limits also enhances the clarity and predictability of an API’s behavior. This can reduce potential misunderstandings and streamline integration processes for other developers or systems trying to interact with these endpoints. Having set limits on integer inputs can improve overall system performance. When a system is designed to handle only values within a defined range, optimization strategies can be more effectively applied, ensuring smooth and efficient operation.
This rule applies at the API Specification level (OAS/Swagger).
Data Corruption: If integer values are used to represent data sizes, offsets, or pointers within the API, an undefined limit could potentially lead to data corruption or buffer overflow vulnerabilities. Attackers could provide maliciously crafted integer values to manipulate data structures or overwrite memory regions beyond the intended boundaries.
type: objectproperties: myObj: # arbitrary name for the object type: integer exclusiveMaximum: 99 exclusiveMinimum: 1
