From cb71650adf086455f7e766dbda1819270dc1923a Mon Sep 17 00:00:00 2001
From: "DESKTOP-T0O5CDB\\DESK-555BD" <ivancheahkf@gmail.com>
Date: Tue, 8 Apr 2025 08:15:12 -0600
Subject: [PATCH] API hardening, allow nulls for list types in API payload,
 will auto convert to empty list.

---
 Controllers/APIController.cs | 113 +++++++++++++++++++++++++++++++++++
 1 file changed, 113 insertions(+)

diff --git a/Controllers/APIController.cs b/Controllers/APIController.cs
index a5fd82d..1b9d773 100644
--- a/Controllers/APIController.cs
+++ b/Controllers/APIController.cs
@@ -256,6 +256,15 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Progress cannot be set to Done."));
             }
+            //hardening - turns null values for List types into empty lists.
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 var planRecord = new PlanRecord()
@@ -346,6 +355,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Progress cannot be set to Done."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 //retrieve existing record
@@ -429,6 +446,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Date, Description, Odometer, and Cost cannot be empty."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 var serviceRecord = new ServiceRecord()
@@ -509,6 +534,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Id, Date, Description, Odometer, and Cost cannot be empty."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 //retrieve existing record
@@ -591,6 +624,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Date, Description, Odometer, and Cost cannot be empty."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 var repairRecord = new CollisionRecord()
@@ -672,6 +713,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Id, Date, Description, Odometer, and Cost cannot be empty."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 //retrieve existing record
@@ -755,6 +804,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Date, Description, Odometer, and Cost cannot be empty."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 var upgradeRecord = new UpgradeRecord()
@@ -835,6 +892,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Id, Date, Description, Odometer, and Cost cannot be empty."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 //retrieve existing record
@@ -951,6 +1016,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Date, Description, and Cost cannot be empty."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 var taxRecord = new TaxRecord()
@@ -1014,6 +1087,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Id, Date, Description, and Cost cannot be empty."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 //retrieve existing record
@@ -1113,6 +1194,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Date, and Odometer cannot be empty."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 var odometerRecord = new OdometerRecord()
@@ -1174,6 +1263,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Id, Date, Initial Odometer, and Odometer cannot be empty."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 //retrieve existing record
@@ -1273,6 +1370,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Date, Odometer, FuelConsumed, IsFillToFull, MissedFuelUp, and Cost cannot be empty."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 var gasRecord = new GasRecord()
@@ -1352,6 +1457,14 @@ namespace CarCareTracker.Controllers
                 Response.StatusCode = 400;
                 return Json(OperationResponse.Failed("Input object invalid, Id, Date, Odometer, FuelConsumed, IsFillToFull, MissedFuelUp, and Cost cannot be empty."));
             }
+            if (input.Files == null)
+            {
+                input.Files = new List<UploadedFiles>();
+            }
+            if (input.ExtraFields == null)
+            {
+                input.ExtraFields = new List<ExtraField>();
+            }
             try
             {
                 //retrieve existing record