GuardAPI Logo
GuardAPI
Automated Security Protocol

How to fix Mass Assignment
in Salvo

Executive Summary

Mass Assignment in Salvo occurs when the framework's `Extractible` trait or `serde` deserialization maps untrusted request payloads directly onto internal data models. This allows attackers to overwrite sensitive fields like `is_admin`, `balance`, or `role` simply by including them in the JSON body. In Rust, while type safety is high, logical safety is compromised if your DTOs mirror your DB entities.

The Vulnerable Pattern

VULNERABLE CODE
#[derive(Serialize, Deserialize, Extractible, Debug)]
struct User {
    pub id: i64,
    pub username: String,
    pub is_admin: bool, // Vulnerable field
}

#[handler]
async fn update_user(req: &mut Request) {
// Attacker sends {“username”: “hacker”, “is_admin”: true}
// Salvo extracts it directly into the User struct
let updated_user: User = req.parse_body().await.unwrap();
db::save(updated_user).await;
}

The Secure Implementation

The fix involves decoupling your API surface from your persistence layer. By using a dedicated 'Input Struct' or 'DTO' that lacks sensitive fields, you create a compile-time whitelist. Even if an attacker sends extra JSON keys, the `serde` deserializer (invoked by Salvo's `parse_body`) will ignore them because they aren't defined in the `UserUpdateDto`. Always treat `Extractible` structs as untrusted buffers that must be manually mapped to your internal models.

SECURE CODE
#[derive(Deserialize, Extractible, Debug)]
#[salvo(extract(default_source = "body"))]
struct UserUpdateDto {
    pub username: Option,
    pub bio: Option,
    // is_admin is omitted, making it impossible to inject via this struct
}

#[handler]
async fn update_user(req: &mut Request) {
let input: UserUpdateDto = req.parse_body().await.unwrap();
let mut user = db::get_current_user().await;


if let Some(name) = input.username {
    user.username = name;
}
// Explicitly map only allowed fields
db::save(user).await;


}

System Alert • ID: 1891
Target: Salvo API
Potential Vulnerability

Your Salvo API might be exposed to Mass Assignment

74% of Salvo apps fail this check. Hackers use automated scanners to find this specific flaw. Check your codebase before they do.

RUN FREE SECURITY DIAGNOSTIC
GuardLabs Engine: ONLINE

Free Tier • No Credit Card • Instant Report

Verified by Ghost Labs Security Team

This content is continuously validated by our automated security engine and reviewed by our research team. Ghost Labs analyzes over 500+ vulnerability patterns across 40+ frameworks to provide up-to-date remediation strategies.

About GuardLabs → Follow us on X