Improper Input Validation in Toolset Creation #1192
Description
Name and Version
dev-dial-chat.staging.deltixhub.io
What steps will reproduce the bug?
Details:
The application does not properly validate or sanitize the name field when creating a new toolset. This allows payloads containing special characters to be submitted, which causes a 500 Internal Server Error. As a result, the application fails to return the full list of toolsets.
Additionally, it is possible to publish applications with such a toolset name. If an application with a malformed toolset name is published, it will have a global impact on all toolsets, including those belonging to other users, preventing them from accessing or utilizing toolsets properly.
Steps to reproduce:
- Go to the "Toolset" creation page
- Fill in the "Name" field with the following payload and create a toolset:
eval%28compile%28%27for%20x%20in%20range%281%29%3A%5Cn%20import%20time%5Cn%20time.sleep%2820%29%27%2C%27a%27%2C%27single%27%29%29
Save the created toolset and observe that toolsets previously created have disappeared, and the toolset listing responds with a 500 status code:
Remediation:
Implement proper input validation and sanitization.
What is the expected behavior?
No response
What do you see instead?
.
Additional information
No response