Description
In src/Servy.Core/Mappers/ServiceMapper.cs, multiple lines cast database integers directly to enums without validation:
- Line 101:
StartupType = ... (ServiceStartType)dto.StartupType
- Line 102:
Priority = ... (ProcessPriority)dto.Priority
- Line 108:
DateRotationType = (DateRotationType)(dto.DateRotationType ?? 0)
- Line 114:
RecoveryAction = (RecoveryAction)(dto.RecoveryAction ?? 0)
If the database contains a value that doesn't correspond to a defined enum member (e.g., 999 from a manual DB edit, a migration from a future version, or data corruption), the cast (ServiceStartType)999 succeeds in C# but produces an unnamed enum value. This value then flows to:
- Win32 API calls (e.g.,
ChangeServiceConfig receives an invalid start type)
- Switch statements without
default cases that silently skip unknown values
Severity
Warning — invalid enum values flow silently to Win32 APIs and unhandled code paths.
Suggested fix
Validate that the integer falls within the defined enum range before casting, or use Enum.IsDefined() with a fallback to a safe default.
Description
In
src/Servy.Core/Mappers/ServiceMapper.cs, multiple lines cast database integers directly to enums without validation:StartupType = ... (ServiceStartType)dto.StartupTypePriority = ... (ProcessPriority)dto.PriorityDateRotationType = (DateRotationType)(dto.DateRotationType ?? 0)RecoveryAction = (RecoveryAction)(dto.RecoveryAction ?? 0)If the database contains a value that doesn't correspond to a defined enum member (e.g.,
999from a manual DB edit, a migration from a future version, or data corruption), the cast(ServiceStartType)999succeeds in C# but produces an unnamed enum value. This value then flows to:ChangeServiceConfigreceives an invalid start type)defaultcases that silently skip unknown valuesSeverity
Warning — invalid enum values flow silently to Win32 APIs and unhandled code paths.
Suggested fix
Validate that the integer falls within the defined enum range before casting, or use
Enum.IsDefined()with a fallback to a safe default.