Skip to content

Schema: Positive integer validation

Identifier: positive_integer_validation

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

When you fail to confirm that an input is a positive integer, you leave the door open for unexpected or malicious valueslike negative numbers, zero, or even non- numeric stringsthat can disrupt the program's behavior. This can lead to errors, data inconsistencies, or even allow attackers to trigger more serious vulnerabilities like SQL injections or buffer overflows. Developers often trip up when they assume inputs will automatically fall into an expected range instead of explicitly checking for only positive integers, which can lead to risky consequences if not addressed.

Configuration

Example

Example configuration:

---
security_tests:
  positive_integer_validation:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.