Heuristic estimate (AI scoring not configured). SecureBananaLabs/bug-bounty: Search endpoint has no input validation or length limit on query shows 0 engagement on ghbounties. Buildability is inferred from the description; add an AI gateway key for a tailored read.
A starter prompt for Claude Code, what you'll need, and how to reach them.
Build a minimal version of "SecureBananaLabs/bug-bounty: Search endpoint has no input validation or length limit on query". Read the original at https://github.com/SecureBananaLabs/bug-bounty/issues/2833 for the exact requirements, then scaffold a Next.js + Tailwind app, implement the smallest valuable slice first, and ship it. (Enable AI scoring for a tailored, detailed prompt.)
Part of the operator's house stack.
Depends on the find — enable AI scoring for specifics.
Learn it: Search getting-started ↗
Bounty (amount on the issue). ## Bug: Missing Input Validation on Search Query Description: The `GET /api/search` endpoint passes `req.query.q` directly to the search service without validation or length limits. An attacker can send extremely long query strings or repeated query parameters to consume resources or trigger unexpected search-service inputs. File: `apps/api/src/controllers/searchController.js` Expected behavior: The search query should be validated, trimmed, length-limited to 200 characters, and sanitized before it reaches the search service. Non-string query input such as repeated `q` parameters should be rejected. Impact: Low-Medium - potential DoS via overly long query strings and unsafe handling of unexpected query shapes. This issue is limited only to the creator of this issue. This means that only the issue author can attempt to solve this issue. If you would like to work on it, please create another issue with the same contents and refer to issue #743 for more information.
Comment /attempt on the GitHub issue, then open a PR to claim the bounty.
“Enable AI scoring for a tailored outreach angle.”
Open the original ↗