Skip to content

Positive integer validation

Description

refers to a security or software feature where inputs are checked to ensure they are positive integers. This type of validation is crucial in many applications, such as financial software, data processing, or user input forms, to prevent errors or security vulnerabilities like SQL injection or buffer overflows. By validating inputs as positive integers, the system ensures it receives data in the expected format and range, safeguarding against malicious inputs or unintended operations.

Remediation

To ensure positive integer validation, implement the following remediation steps:

  1. Check if the input is an integer using a type-checking function or method specific to your programming language (e.g., isinstance(input, int) in Python).
  2. Verify that the integer is greater than zero by comparing it with zero (e.g., input > 0).
  3. If the input fails either check, reject it and prompt the user for a valid positive integer.
  4. Use built-in functions or regular expressions to prevent non-numeric data entry if the input is received as a string.
  5. Consider using exception handling to catch any errors that occur during the input validation process.
  6. If the input is part of a web form, use client-side validation with JavaScript to provide immediate feedback, but always validate on the server-side as well to ensure security.
  7. Sanitize the input to prevent SQL injection or other forms of attacks if the data will interact with a database or other critical components.
  8. Provide clear error messages to guide the user towards entering a valid positive integer.
  9. Log validation failures when appropriate to monitor for unusual activity or repeated invalid inputs.
  10. Regularly review and update the validation logic to handle edge cases and new threat vectors.

GraphQL Specific

Apollo Ensure that all user inputs are validated to accept only positive integers. Implement server-side checks to prevent invalid or malicious data from being processed. Use built-in functions or custom logic to verify that the input matches the expected format and range before using it within the Apollo framework engine.
Yoga To ensure positive integer validation in the Yoga framework engine, implement input validation checks that verify the provided value is an integer and greater than zero. Use built-in validation functions or custom logic to enforce this rule before processing the input.
Awsappsync Ensure that AWS AppSync resolvers validate input arguments to confirm they are positive integers where required. Implement custom validation logic within resolver mapping templates or leverage AWS AppSync pipeline resolvers to modularize validation as a distinct function before processing the business logic.
Graphqlgo Ensure that the GraphQL Go framework engine validates that all inputs expected to be positive integers are indeed positive integers before processing. Implement checks either through custom scalar types that enforce the positive integer constraint or by adding validation logic in the resolver functions. This will help prevent invalid data from being processed and mitigate potential vulnerabilities such as integer overflow or unexpected behavior due to negative numbers or non-integer values.
Graphqlruby In the GraphQL Ruby framework, ensure that any fields accepting positive integers are strictly validated. Use custom scalar types to define what constitutes a valid positive integer and reject any input that does not meet these criteria. Additionally, consider implementing range checks to prevent integer overflows and ensure that the values fall within the acceptable limits for your application's context.
Hasura To ensure positive integer validation in Hasura, define a check constraint on the integer column within your Postgres database that enforces the value to be greater than zero. This can be done directly in the table's definition using SQL or through the Hasura console by adding a check constraint in the 'Modify' tab of the table. Additionally, use Hasura's permission system to validate the input on insert and update operations by setting up custom check expressions that allow only positive integers.
Agoo Implement input validation middleware to ensure all user inputs are positive integers, preventing potential security vulnerabilities and ensuring data integrity in the Agoo framework engine.
Ariadne Implement input validation middleware to ensure all user inputs are positive integers in the Ariadne framework engine.
Caliban Implement input validation to ensure all user inputs are sanitized and conform to expected data types and formats, such as positive integers, to prevent security vulnerabilities and ensure data integrity in the Caliban framework engine.
Dgraph Implement input validation to ensure all user inputs are positive integers, preventing potential security vulnerabilities and ensuring data integrity within the Dgraph framework.
Dianajl Implement input validation to ensure all user inputs are positive integers in the dianajl framework engine to prevent security vulnerabilities and ensure data integrity.
Directus Implement input validation middleware to ensure all numeric inputs are positive integers in the Directus framework.
Flutter Implement input validation to ensure all user inputs are positive integers, using Flutter's built-in validation methods to prevent invalid data entry and enhance application security.
Graphene Implement input validation middleware to ensure all numeric inputs are positive integers in the Graphene framework.
Graphqlapiforwp Implement input validation middleware to ensure all GraphQL queries and mutations in the graphqlapiforwp framework are sanitized and validated, specifically checking for positive integer inputs where applicable, to prevent injection attacks and ensure data integrity.
Graphqlgophergo Implement input validation middleware in the GraphQLGopherGo framework to ensure all inputs are sanitized and conform to expected data types, such as positive integers, to prevent injection attacks and maintain data integrity.
Graphqljava Implement input validation in GraphQL resolvers to ensure all numeric inputs are positive integers, preventing potential security vulnerabilities and ensuring data integrity.
Graphqlphp Implement input validation middleware to ensure all numeric inputs in GraphQL queries are positive integers, preventing potential security vulnerabilities and ensuring data integrity.
Graphqlyoga Implement input validation middleware in GraphQL Yoga to ensure all numeric inputs are positive integers, preventing potential security vulnerabilities and ensuring data integrity.
Hypergraphql Implement input validation to ensure all user inputs are sanitized and conform to expected data types and formats, such as positive integers, to prevent injection attacks and ensure data integrity in the HyperGraphQL framework.
Jaal Implement input validation to ensure all user inputs are positive integers, preventing potential security vulnerabilities and ensuring data integrity within the Jaal framework engine.
Juniper Implement input validation to ensure all user inputs are positive integers, enhancing security and preventing potential vulnerabilities in the Juniper framework engine.
Lacinia Implement input validation to ensure all user inputs are positive integers in the Lacinia framework, preventing potential security vulnerabilities and ensuring data integrity.
Lighthouse Implement input validation to ensure all user inputs are positive integers, preventing potential security vulnerabilities and ensuring data integrity.
Mercurius Implement input validation middleware to ensure all incoming data are positive integers in Mercurius framework.
Morpheusgraphql Implement input validation middleware to ensure all numeric inputs are positive integers in the MorpheusGraphQL engine.
Qglgen Implement input validation in qglgen to ensure all user inputs are sanitized and conform to expected data types, such as positive integers, to prevent SQL injection and other security vulnerabilities.
Sangria Implement input validation middleware to ensure all user inputs are sanitized and conform to expected data types and formats, such as positive integers, to prevent security vulnerabilities and ensure data integrity in the Sangria framework.
Shopify Implement input validation to ensure all user inputs are sanitized and conform to expected data types, such as positive integers, to prevent security vulnerabilities and ensure data integrity in the Shopify framework.
Stepzen Implement input validation in StepZen by using GraphQL schema constraints to ensure fields accept only positive integers, thereby preventing invalid or malicious data inputs.
Strawberry Implement input validation to ensure all user inputs are sanitized and conform to expected data types and formats, such as positive integers, to prevent security vulnerabilities in the Strawberry Framework engine.
Tartiflette Implement input validation to ensure all user inputs are sanitized and conform to expected data types and formats, such as positive integers, to prevent security vulnerabilities and ensure reliable operation within the Tartiflette framework engine.
Wpgraphql Implement input validation to ensure all numeric fields in WPGraphQL are positive integers, preventing potential security vulnerabilities and ensuring data integrity.

REST Specific

Asp_net In ASP.NET, ensure that all user-provided inputs are validated using built-in functions like `int.TryParse()` for converting strings to integers and checking for positive values. Implement custom validation logic where necessary and use parameterized queries or ORM frameworks to interact with databases securely.
Ruby_on_rails In Ruby on Rails, ensure positive integer validation by using Active Record validations such as `validates_numericality_of` with options `only_integer: true` and `greater_than: 0`. Additionally, use strong parameters to permit only the necessary inputs and employ parameterized queries to protect against SQL injection.
Next_js In Next.js, ensure all user-provided inputs that are expected to be positive integers are strictly validated using built-in JavaScript functions like parseInt() combined with additional checks for NaN, non-integer values, and negative numbers. Implement middleware or custom hooks that sanitize and validate all incoming data before processing. For server-side APIs, use a library like express-validator to define validation schemas that enforce positive integer constraints.
Laravel In Laravel, use the 'integer' and 'min:1' validation rules within your validation logic to ensure that inputs are positive integers. Apply these rules in form requests or controller methods using the Validator facade or the 'validate' method provided by the framework.
Express_js In Express.js, ensure positive integer validation by using middleware that checks request parameters, query strings, or body data. Utilize libraries like express-validator to define custom validation chains for route parameters, applying checks such as .isInt({ gt: 0 }) to guarantee that the values are positive integers before they reach your route handlers.
Django In Django, ensure positive integer validation by using forms with 'IntegerField' and setting 'min_value=1' to enforce the input as a positive integer. Additionally, use Django's built-in ORM methods and avoid raw SQL to protect against injection attacks.
Symfony In Symfony, use the 'Assert' library for input validation. Apply the 'Positive' constraint to ensure the value is a positive integer, and use 'Type' constraint with 'integer' as the type option. Combine this with proper form validation to prevent invalid or malicious data from being processed.
Spring_boot In Spring Boot, ensure positive integer validation by using the @Min(1) annotation on your controller method parameters or DTO fields to enforce that the value is a positive integer. Additionally, use @Valid or @Validated to trigger the validation process. For enhanced security, combine this with strong type checking and handle any MethodArgumentNotValidException exceptions to return appropriate error responses.
Flask In Flask, use the 'request' object to access form data and employ the 'wtforms' library with 'IntegerField' and custom validation to ensure inputs are positive integers. Additionally, apply 'Flask-WTF' CSRF protection for secure form handling.
Nuxt In Nuxt.js, ensure all user-provided inputs that are expected to be positive integers are validated using built-in validation rules or custom middleware. Utilize libraries like `express-validator` for server-side validation and `vee-validate` for client-side validation to check the input before processing. Always sanitize and cast inputs to integers using `parseInt` with a radix of 10 to prevent type coercion vulnerabilities.
Fastapi In FastAPI, use Pydantic models to define expected data structures with fields typed as 'PositiveInt' for automatic validation of positive integer inputs. Combine this with dependency injection to further secure endpoints against invalid data.
Frappe Implement input validation to ensure all user inputs are positive integers in the Frappe framework, preventing potential security vulnerabilities and ensuring data integrity.
Genzio Implement input validation to ensure all numeric inputs are positive integers in the Genzio framework engine to prevent security vulnerabilities and ensure data integrity.
Gin Implement input validation middleware in the Gin framework to ensure all user inputs are positive integers, preventing potential security vulnerabilities and ensuring data integrity.
Gorilla Implement input validation to ensure all numeric inputs are positive integers in the Gorilla framework engine to prevent security vulnerabilities and ensure data integrity.
Hapi Implement Joi validation to ensure inputs are positive integers in Hapi routes.
Hono Implement input validation middleware to ensure all numeric inputs are positive integers in the Hono framework engine.
Jersey Implement input validation filters in Jersey to ensure all incoming data is sanitized and conforms to expected formats, such as positive integers, to prevent security vulnerabilities and ensure data integrity.
Koa Implement input validation middleware in Koa to ensure all user inputs are sanitized and validated as positive integers where applicable, preventing potential security vulnerabilities and ensuring data integrity.
Ktor Implement input validation middleware to ensure all incoming data is sanitized and conforms to expected formats, such as positive integers, to prevent security vulnerabilities in Ktor applications.
Leptos Implement input validation to ensure all user inputs are sanitized and conform to expected data types and ranges, such as positive integers, to prevent security vulnerabilities in the Leptos framework engine.
Macaron Implement input validation middleware to ensure all user inputs are sanitized and conform to expected data types, such as positive integers, to prevent security vulnerabilities in the Macaron framework.
Phoenix Implement input validation in Phoenix Framework by using changesets to ensure that all user inputs are positive integers, thereby preventing invalid data and enhancing security.
Redwoodjs Implement input validation middleware to ensure all numeric inputs are positive integers in RedwoodJS applications.
Rocket Implement input validation middleware to ensure all user inputs are sanitized and conform to expected data types, such as positive integers, to prevent security vulnerabilities and maintain data integrity in the Rocket framework.
Sveltekit Implement input validation in SvelteKit by using form actions to ensure that user inputs are positive integers, thereby preventing potential security vulnerabilities and ensuring data integrity.

Configuration

Identifier: schema/positive_integer_validation

Examples

Ignore this check

checks:
  schema/positive_integer_validation:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API8:2023
  • OWASP LLM: LLM02:2023
  • pci: 6.5.1
  • gdpr: Article-32
  • soc2: CC1
  • psd2: Article-95
  • iso27001: A.14.2
  • nist: SP800-53
  • fedramp: AC-6

Classification

  • CWE: 20

Score

  • CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
  • CVSS_SCORE: 0.1