Lazarus-org/api-response-shaper

Missing Validation for Excluded Paths List

Closed this issue · 0 comments

MEHRSHAD-MIRSHEKARY commented

The current implementation lacks proper validation for the CUSTOM_RESPONSE_EXCLUDED_PATHS setting, which is expected to be a list of URL paths. This can lead to potential misconfigurations if the setting is not provided as a list or contains invalid path formats.

Problem:

  • The CUSTOM_RESPONSE_EXCLUDED_PATHS is not validated to ensure it is a list of valid URL strings.
  • If a user accidentally provides a string or any other non-list type, the middleware might not function as expected.
  • There is also no check to confirm that the list contains valid and properly formatted URL paths.

Expected Behavior:

  • The CUSTOM_RESPONSE_EXCLUDED_PATHS should be validated to ensure that it is a list.
  • Each item in the list should be validated to confirm that it represents a valid URL path (e.g., starts with a forward slash /).

Suggested Solution:

  • Implement validation to check whether CUSTOM_RESPONSE_EXCLUDED_PATHS is a list.
  • Ensure each path in the list conforms to valid URL formats.

This will prevent potential issues from misconfigured paths, making the application more robust.