`METHOD_ADD` and `ADD_METHOD_TO` do not consider unsigned types

drogonframework / drogon

Drogon: A C++14/17/20 based HTTP web application framework running on Linux/macOS/Unix/Windows

MIT License

11.44k stars 1.1k forks source link

`METHOD_ADD` and `ADD_METHOD_TO` do not consider unsigned types #2059

Open Mis1eader-dev opened 3 months ago

Mis1eader-dev commented 3 months ago

Describe the bug Creating an HttpController with methods that take in uint64_t for example, and making a request to -1 will underflow and become UINT64_MAX. Another related bug is if the URL contains characters, it still processes it.

Expected behavior Should give 400 Bad Request upon error.

Desktop (please complete the following information):

OS: Ubuntu

Additional context For the time being the only choice is to take by string and do validation manually.

Mis1eader-dev commented 3 months ago

In case this issue gets tackled, there is std::from_chars for ASCII to primitive number type conversion, which resides in the <charconv> header.

A proper checker would look like this:

string_view param = "123d";
uint64_t num;
if(std::from_chars(param.begin(), param.end(), num).ptr != param.end())
    return error;

// success, do something with [num]