[Bug][Fuzz]: RPS accepts injected query string on GET profile by profileName

### Describe the bug

GET profile endpoint returns 200 OK when injected query string is appended.

### Steps to reproduce

1. Setup
    - Request:
        ```
        POST /api/v1/admin/ciraconfigs HTTP/1.1\r\nAccept: application/json\r\nHost: device-management-toolkit-rps-1:8081\r\nContent-Type: application/json\r\n\r\n{\n "configName":"cira7a0154da7e",\n "mpsServerAddress":"192.168.1.1",\n "mpsPort":4433,\n "username":"mpsuser",\n "password":"P@ssw0rd123",\n "commonName":"192.168.1.1",\n "serverAddressFormat":3,\n "authMethod":2,\n "mpsRootCertificate":"U3dhZ2dlciByb2Nrcw==",\n "proxyDetails":""}\r\n
        ```
    - Response:
        ```
        HTTP/1.1 201 Created\r\nX-Powered-By: Express\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 261\r\nETag: W/"105-9M/B+Jeseq6fhYY9YzjwOg5XfNw"\r\nDate: Mon, 16 Mar 2026 02:51:19 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n{"configName":"cira7a0154da7e","mpsServerAddress":"192.168.1.1","mpsPort":4433,"username":"mpsuser","commonName":"192.168.1.1","serverAddressFormat":3,"authMethod":2,"mpsRootCertificate":"U3dhZ2dlciByb2Nrcw==","proxyDetails":"","tenantId":"","version":"385269"}
        ```
    - Request:
        ```
        POST /api/v1/admin/profiles HTTP/1.1\r\nAccept: application/json\r\nHost: device-management-toolkit-rps-1:8081\r\nContent-Type: application/json\r\n\r\n{\n "profileName":"profile5bcd45df95",\n "amtPassword":"G@ppm0ym",\n "generateRandomPassword":false,\n "activation":"acmactivate",\n "ciraConfigName":"cira7a0154da7e",\n "mebxPassword":"G@ppm0ym",\n "generateRandomMEBxPassword":false,\n "tags":["tag1", "tag2"],\n "dhcpEnabled":true,\n "wifiConfigs":[],\n "tlsMode":null,\n "userConsent":"None",\n "iderEnabled":true,\n "kvmEnabled":true,\n "solEnabled":true,\n "tlsSigningAuthority":"MicrosoftCA",\n "ieee8021xProfile":"wired8021xProfile",\n "ipSyncEnabled":true,\n "localWifiSyncEnabled":true,\n "uefiWifiSyncEnabled":true,\n "proxyConfigs":[]}\r\n
        ```
    - Response:
        ```
        HTTP/1.1 201 Created\r\nX-Powered-By: Express\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 494\r\nETag: W/"1ee-4n27Lz21WWjOeXv6UIyE/74MYFE"\r\nDate: Mon, 16 Mar 2026 02:51:19 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n{"profileName":"profile5bcd45df95","activation":"acmactivate","ciraConfigName":"cira7a0154da7e","generateRandomPassword":false,"generateRandomMEBxPassword":false,"tags":["tag1","tag2"],"dhcpEnabled":true,"tlsMode":null,"userConsent":"None","iderEnabled":true,"kvmEnabled":true,"solEnabled":true,"tenantId":"","tlsSigningAuthority":null,"version":"385270","ieee8021xProfileName":null,"wifiConfigs":[],"ipSyncEnabled":true,"localWifiSyncEnabled":true,"uefiWifiSyncEnabled":true,"proxyConfigs":[]}
        ```
2. Test
    - Request:
        ```
        GET /api/v1/admin/profiles/profile5bcd45df95?injected_query_string=123 HTTP/1.1\r\nAccept: application/json\r\nHost: device-management-toolkit-rps-1:8081\r\n\r\n
        ```
    - Response:
        ```
        HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 494\r\nETag: W/"1ee-4n27Lz21WWjOeXv6UIyE/74MYFE"\r\nDate: Mon, 16 Mar 2026 02:51:19 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n{"profileName":"profile5bcd45df95","activation":"acmactivate","ciraConfigName":"cira7a0154da7e","generateRandomPassword":false,"generateRandomMEBxPassword":false,"tags":["tag1","tag2"],"dhcpEnabled":true,"tlsMode":null,"userConsent":"None","iderEnabled":true,"kvmEnabled":true,"solEnabled":true,"tenantId":"","tlsSigningAuthority":null,"version":"385270","ieee8021xProfileName":null,"wifiConfigs":[],"ipSyncEnabled":true,"localWifiSyncEnabled":true,"uefiWifiSyncEnabled":true,"proxyConfigs":[]}
        ```

### Expected behavior

API should reject injected query input and return a validation error (4xx), not 200 with normal object response.

### Screenshots

_No response_

### AMT Version

N/A

### Configuration Mode

CCM

### Operating System

Linux Ubuntu

### AMT Device Information

_No response_

### Service Deployment Information

_No response_

### Additional context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug][Fuzz]: RPS accepts injected query string on GET profile by profileName #2603

Describe the bug

Steps to reproduce

Expected behavior

Screenshots

AMT Version

Configuration Mode

Operating System

AMT Device Information

Service Deployment Information

Additional context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Bug][Fuzz]: RPS accepts injected query string on GET profile by profileName #2603

Description

Describe the bug

Steps to reproduce

Expected behavior

Screenshots

AMT Version

Configuration Mode

Operating System

AMT Device Information

Service Deployment Information

Additional context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions