Setting limits helps in protecting a system against potential abuses or unforeseen edge cases, such as large numbers causing resource consumption issues or leading to overflows. Defining a clear range for integer values improves the predictability of the system, reducing the likelihood of unexpected errors or behaviors when out-of-range values are provided. Additionally, when the allowed range of values is clearly specified, it aids in clearer documentation, ensuring that anyone consuming the API has a better understanding of the expected inputs. Constraining the range of allowable values can improve the system's overall data integrity and consistency by preventing the storage of irrelevant or erroneous data.
This rule applies at the API Specification level (OAS/Swagger).
Denial of Service (DoS): Attackers can create requests that exploit the integer limit to consume excessive resources or trigger errors, leading to a denial of service condition. For example, sending a request with a large number that exceeds the integer limit might cause the system to crash or become unresponsive.
