fix/issue#18891

Author: piyusshkumar

src/api/app/controllers/build_controller.rb

@@ -143,7 +143,17 @@ def logfile
 
   def result
     # this route is mainly for checking submissions to a target project
-    return result_lastsuccess if params.key?(:lastsuccess)
+    # allowed value are set to true/false or 1/0
+     if params.key?(:lastsuccess)
+       allowed_values = ["1", "0", "true", "false", 1, 0 , true, false]
+
+       unless allowed_values.include(params[:lastsuccess])
+         return render_error status:400,
+                             errorcode: "invalid_lastsuccess_value",
+                             message: "Parameter 'lastsuccess' must be true/false or 1/0"
+       end
+    return result_lastsuccess
+      end
 
     # for permission check
     Project.get_by_name(params[:project])