Unhandled NUL Bytes in API Requests

[ori-n]

The API returns an HTTP 500 error when NUL (%00) bytes are included in query parameters or path segments. This occurs because the PostgreSQL driver fails to decode the invalid UTF-8 sequence, disclosing internal SQL errors.

Affected Endpoints:

• GET /v0.1/servers?cursor=%00
• GET /v0.1/servers/%00/versions

Actual Results:

• Status: 500 Internal Server Error
• Error: invalid byte sequence for encoding "UTF8": 0x00 (SQLSTATE 22021)

Expected Results:
The API should validate input and return a 400 Bad Request for invalid characters.

Suggested Fix:
Sanitize inputs or implement a validation layer to reject NUL bytes before they reach the database driver.

[Avish34]

Looks like a valid issue to me. Shall I take this up @tadasant / @domdomegg / @rdimitrov ?

[rdimitrov]

Looks like a valid issue to me. Shall I take this up @tadasant / @domdomegg / @rdimitrov ?

That would be awesome, of course! 🚀

@ori-n - hey, thank you for filing an issue! 🙏