Integer Overflow in Feathersjs with Cockroachdb
Integer Overflow in Feathersjs with Cockroachdb — how this specific combination creates or exposes the vulnerability
An integer overflow in a Feathersjs service using Cockroachdb can occur when user-supplied numeric values are used in arithmetic or to allocate resources without proper range checks. Cockroachdb, like most SQL databases, stores integers in fixed-width types (e.g., INT, BIGINT). If a Feathersjs hook or service computes a value that exceeds the type’s maximum (for example, 2^63 - 1 for INT8), the database may wrap or reject the operation unpredictably, leading to corrupted state or unsafe behavior. This risk is heightened when the API accepts parameters such as quantity, price, or iteration counts that feed into SQL expressions or ORM operations without validation.
Feathersjs services often expose create or update endpoints that directly pass numeric payloads to the database. Without explicit validation, an attacker can submit values designed to overflow intermediate calculations in Node.js (which uses 64-bit floating point numbers for all numbers) before they reach Cockroachdb. While JavaScript does not overflow in the same way fixed-width integers do, intermediate results can produce incorrect values that are then stored, triggering data integrity issues once Cockroachdb enforces constraints. Additionally, large integers can cause performance anomalies or unexpected type conversions when interacting with Cockroachdb’s strongly typed schema, especially if the ORM or query builder does not enforce strict types.
Consider an endpoint that calculates a total price as quantity * unit_price. If quantity is large enough to cause the product to exceed Number.MAX_SAFE_INTEGER (9,007,199,254,740,991), the resulting value may lose precision. When this value is passed to a Cockroachdb INSERT or UPDATE, the stored value may be incorrect, potentially bypassing business rules like inventory limits or enabling negative balances. This maps to common OWASP API Top 10 risks such as excessive data exposure and integrity violations, and may be observed in unauthenticated attack surfaces scanned by tools like middleBrick, which checks Input Validation and Property Authorization across 12 parallel security checks.
Real-world patterns include unbounded loops or aggregations computed in JavaScript before being sent to Cockroachdb, where an attacker-controlled count leads to overflowed loop variables or aggregated sums. Because Cockroachdb returns errors or unexpected rows when constraints are violated, the service may leak stack traces or behave inconsistently, aiding further exploitation. In LLM security contexts, such logic flaws could be probed via active prompt injection tests if the API is exposed to AI-driven clients, highlighting the need for strict input validation and type safety across the stack.
Cockroachdb-Specific Remediation in Feathersjs — concrete code fixes
Remediation centers on validating and sanitizing all numeric inputs before they reach Cockroachdb, using server-side checks and database constraints. In Feathersjs, add validation hooks that enforce integer ranges and reject values that could overflow supported SQL types. Prefer 64-bit safe integers and use BigInt in Node.js when handling values that may exceed Number.MAX_SAFE_INTEGER, but ensure Cockroachdb column types (e.g., INT8) match the expected range.
Below are concrete code examples for a Feathersjs service that manages inventory, using a before hook to validate quantity and price, and a database schema aligned with Cockroachdb types.
Feathersjs service with validation hook
// src/services/inventory/inventory.hooks.js
const { createValidator } = require('feathers-hooks-common');
const validateInventory = createValidator({
schema: {
type: 'object',
required: ['quantity', 'unit_price'],
properties: {
quantity: {
type: 'integer',
minimum: 0,
maximum: 999999, // safe business limit to avoid overflow in downstream calculations
},
unit_price: {
type: 'number',
minimum: 0,
maximum: 1e12,
},
},
},
coerceTypes: true,
stripAdditional: true,
});
module.exports = {
before: {
create: [validateInventory],
update: [validateInventory],
},
};
Cockroachdb schema and service usage
-- sql migration for Cockroachdb
CREATE TABLE inventory (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
quantity INT8 NOT NULL CHECK (quantity >= 0 AND quantity <= 999999),
unit_price DECIMAL(12,2) NOT NULL CHECK (unit_price >= 0 AND unit_price <= 1000000000000.00),
total_price DECIMAL(18,2) GENERATED ALWAYS AS (quantity * unit_price) STORED,
CONSTRAINT total_price_overflow_check CHECK (total_price <= 99999999999999.99)
);
In your Feathersjs service file, ensure the model uses the correct type mapping and that arithmetic is either pushed to the database or guarded in Node.js using BigInt for large sums. For example, when computing totals server-side:
// src/services/inventory/inventory.service.js
const { Service } = require('feathersjs');
class InventoryService extends Service {
async create(data, params) {
const { quantity, unit_price } = data;
// Use BigInt for intermediate sums if aggregating many rows
const total = BigInt(quantity) * BigInt(Math.round(unit_price * 100));
if (total > BigInt(9999999999999999)) {
throw new Error('Total price overflow');
}
// Pass safe numeric values to the parent implementation
return super.create({ ...data, total_price: Number(total) / 100 }, params);
}
}
module.exports = function () {
const app = this;
app.use('/inventory', new InventoryService({
Model: app.get('knex'),
paginate: { default: 10, max: 100 },
}));
};
These steps align with OWASP API Top 10 input validation requirements and help prevent integer-related issues across Feathersjs and Cockroachdb. Use middleBrick’s parallel security checks, including Input Validation and Property Authorization, to continuously monitor such risks in your API surface.