A string limit is the maximum allowed length of a string that can be sent as a parameter or received as a response when making API requests. The string limit is set by the API provider to ensure that data exchanged through the API does not exceed a certain size. Very long strings can increase the time it takes to process requests or responses and cause performance issues. Limiting string length can also help prevent certain types of attacks that can occur if an API does not properly handle large input data.
This rule applies at the API Specification level (OAS/Swagger).
Buffer Overflow: If the API does not enforce a limit on the length of strings accepted as input, it may be susceptible to buffer overflow attacks. Attackers can provide excessively long strings, causing the API to write data beyond the bounds of allocated buffers, potentially leading to memory corruption or arbitrary code execution.