Unhandled NUL Bytes in API Requests

[ori-n]

The API returns an HTTP 500 error when NUL (%00) bytes are included in query parameters or path segments. This occurs because the PostgreSQL driver fails to decode the invalid UTF-8 sequence, disclosing internal SQL errors.

Affected Endpoints:

• GET /v0.1/servers?cursor=%00
• GET /v0.1/servers/%00/versions

Actual Results:

• Status: 500 Internal Server Error
• Error: invalid byte sequence for encoding "UTF8": 0x00 (SQLSTATE 22021)

Expected Results:
The API should validate input and return a 400 Bad Request for invalid characters.

Suggested Fix:
Sanitize inputs or implement a validation layer to reject NUL bytes before they reach the database driver.