# Business Logic Input Validation

- ID: python-business-logic-input-validation
- Severity: MEDIUM
- CWE: Improper Input Validation (CWE-20)
- Languages: Python
- Frameworks: flask, fastapi, django

## Description

Detects business-critical input values (discount, refund, quantity, price)
that are used in operations without proper validation. Missing validation
can lead to financial fraud, inventory errors, or business logic bypass.

## Detection Message

Business-critical value from {source} flows to {sink} without proper validation.
This could allow users to specify invalid values (negative numbers, out-of-range
percentages, amounts exceeding limits).

## Remediation

Validate business-critical inputs with range constraints using Pydantic.

```python
from pydantic import BaseModel, Field

class DiscountRequest(BaseModel):
    discount: float = Field(..., ge=0, le=100)
    quantity: int = Field(..., gt=0)

@app.post('/apply-discount')
async def apply_discount_route(request: DiscountRequest):
    apply_discount(request.discount)
```

Learn more: https://shoulder.dev/learn/python/cwe-20/input-validation

## Documentation

[object Object]

## Related Rules

- **FastAPI Missing Request Validation** [MEDIUM]: 
- **Business Logic Input Validation** [MEDIUM]: 
- **Echo Missing Input Validation** [MEDIUM]: 
- **Fiber Missing Input Validation** [MEDIUM]: 
- **Gin Missing Input Validation** [MEDIUM]: