Severity: Low
Category: Input Validation
Description
In api/src/routes/product.ts, the POST / handler does not check whether a product with the same productId already exists. A client can POST a product with an existing productId, creating duplicates. The GET /:id route would then only return the first match.
Suggested Fix
Check for existing productId before inserting:
router.post('/', (req, res) => {
const newProduct: Product = req.body;
if (products.some(p => p.productId === newProduct.productId)) {
return res.status(409).json({ error: 'Product with this ID already exists' });
}
products.push(newProduct);
res.status(201).json(newProduct);
});Affected File
api/src/routes/product.ts (POST handler)
Severity: Low
Category: Input Validation
Description
In
api/src/routes/product.ts, thePOST /handler does not check whether a product with the sameproductIdalready exists. A client can POST a product with an existingproductId, creating duplicates. TheGET /:idroute would then only return the first match.Suggested Fix
Check for existing
productIdbefore inserting:Affected File
api/src/routes/product.ts(POST handler)