# NestJS DTO Missing Validation Decorators

- ID: nestjs-dto-missing-validation
- Severity: HIGH
- CWE: Improper Input Validation (CWE-20)
- Languages: JavaScript, TypeScript
- Frameworks: nestjs

## Description

DTOs without class-validator decorators allow unvalidated input to flow into
the application, enabling injection and data corruption.

## Detection Message

DTO class '{dto_name}' used in controller but lacks class-validator decorators. Unvalidated input may lead to injection attacks.

## Remediation

Add class-validator decorators to DTO properties.

```typescript
import { IsString, IsEmail, MinLength } from 'class-validator';

class CreateUserDTO {
  @IsString()
  @MinLength(3)
  username: string;

  @IsEmail()
  email: string;
}
```

Learn more: https://shoulder.dev/learn/typescript/cwe-20/dto-missing-validation

## Documentation

[object Object]

## Related Rules

- **FastAPI Missing Request Validation** [MEDIUM]: 
- **Business Logic Input Validation** [MEDIUM]: 
- **Echo Missing Input Validation** [MEDIUM]: 
- **Fiber Missing Input Validation** [MEDIUM]: 
- **Gin Missing Input Validation** [MEDIUM]: