Description
The GET /api/repos endpoint accepts HTTP DELETE requests. The server does not validate the HTTP method, allowing unintended operations via GET endpoint. This creates unexpected behavior and potential security issues.
Steps to Reproduce
- Send DELETE /api/repos/123 request
- Server processes request without method validation
- Expected: 405 Method Not Allowed
- Actual: Request is processed as if it were GET
Environment Information
- Endpoint: GET /api/repos
- Framework: Express.js
- HTTP Method: DELETE (unintended)
- Application version: Current main branch
Expected Behavior
Endpoint explicitly defines allowed HTTP method (GET). Any other method returns 405 Method Not Allowed response.
Actual Behavior
File: backend/routes/repos.js
Line: 12-24
Router.get() handler is reached by DELETE requests. No method restriction.
Code Reference
File: backend/routes/repos.js
Lines: 12-24
Missing: app.delete() throws 405 error or proper route configuration
Additional Context
Express respects HTTP methods when routes are properly configured. Ensure DELETE, PUT, POST methods have explicit handlers or throw 405. This prevents accidental data modification.
GSSoC Points Estimate: Level 1 (Bug/HTTP Validation)
Suggested Labels
Description
The GET /api/repos endpoint accepts HTTP DELETE requests. The server does not validate the HTTP method, allowing unintended operations via GET endpoint. This creates unexpected behavior and potential security issues.
Steps to Reproduce
Environment Information
Expected Behavior
Endpoint explicitly defines allowed HTTP method (GET). Any other method returns 405 Method Not Allowed response.
Actual Behavior
File: backend/routes/repos.js
Line: 12-24
Router.get() handler is reached by DELETE requests. No method restriction.
Code Reference
File: backend/routes/repos.js
Lines: 12-24
Missing: app.delete() throws 405 error or proper route configuration
Additional Context
Express respects HTTP methods when routes are properly configured. Ensure DELETE, PUT, POST methods have explicit handlers or throw 405. This prevents accidental data modification.
GSSoC Points Estimate: Level 1 (Bug/HTTP Validation)
Suggested Labels
gssoc:approved
type:bug
severity:low
area:validation
Searched existing issues, not a duplicate
Read CONTRIBUTING.md guidelines
Read README and understand project scope
Provided clear reproduction steps
Provided environment information
Described expected vs. actual clearly