`correlation.rs` correlation ID is not validated as a UUID

[hman38705]

Labels: backend, reliability
Priority: Low

Description

services/api/src/correlation.rs extracts or generates a correlation ID from the X-Correlation-ID header. If the client sends an arbitrarily long or malformed value, it could pollute logs or cause issues downstream.

Acceptance Criteria

• Incoming X-Correlation-ID validated as a UUID v4
• Invalid values replaced with a server-generated UUID
• Maximum header value length enforced

[42natus]

@42natus has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Can I be assigned this issue, please? Thanks for considering.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @42natus to this issue.

[unrealtim-tech]

@unrealtim-tech has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hi, I would like to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @unrealtim-tech to this issue.

[drips-wave]

Congratulations, @unrealtim-tech! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @unrealtim-tech: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊