# Business Logic Input Validation

- ID: javascript-business-logic-input-validation
- Severity: MEDIUM
- CWE: Improper Input Validation (CWE-20)
- Languages: JavaScript, TypeScript
- Frameworks: express, fastify, nextjs, koa

## Description

Detects business-critical values (discount, refund, quantity) used without validation.

## Detection Message

Business-critical value from {source} flows to {sink} without proper validation.
This could allow users to specify invalid values (negative numbers, out-of-range
percentages, amounts exceeding limits).

## Remediation

Validate business-critical inputs before use.

```javascript
function validateDiscount(discount) {
  const value = parseFloat(discount);
  if (isNaN(value) || value < 0 || value > 100) {
    throw new Error('Discount must be 0-100');
  }
  return value;
}

const validated = validateDiscount(req.body.discount);
applyDiscount(validated);
```

Learn more: https://shoulder.dev/learn/javascript/cwe-20/business-logic-input-validation

## Documentation

[object Object]

## Related Rules

- **FastAPI Missing Request Validation** [MEDIUM]: 
- **Business Logic Input Validation** [MEDIUM]: 
- **Echo Missing Input Validation** [MEDIUM]: 
- **Fiber Missing Input Validation** [MEDIUM]: 
- **Gin Missing Input Validation** [MEDIUM]: