Reject null input for safe apps filters

- Closes #697

src/safe_apps/tests/test_views.py

@@ -267,6 +267,16 @@ def test_apps_returned_on_non_existent_client_url(self) -> None:
         self.assertEqual(response.status_code, 200)
         self.assertCountEqual(response.json(), json_response)
 
+    def test_apps_returned_on_null_client_url(self) -> None:
+        url = reverse("v1:safe-apps:list") + "?clientUrl=\0"
+        response = self.client.get(path=url, data=None, format="json")
+        self.assertEqual(response.status_code, 200)
+
+    def test_apps_returned_on_null_url(self) -> None:
+        url = reverse("v1:safe-apps:list") + "?url=\0"
+        response = self.client.get(path=url, data=None, format="json")
+        self.assertEqual(response.status_code, 200)
+
     def test_apps_returned_on_empty_client_url(self) -> None:
         client_1 = ClientFactory.create(url="safe.com")
         safe_app_1 = SafeAppFactory.create()

src/safe_apps/views.py

@@ -59,13 +59,13 @@ def get_queryset(self) -> QuerySet[SafeApp]:
             queryset = queryset.filter(chain_ids__contains=[chain_id])
 
         client_url = self.request.query_params.get("clientUrl")
-        if client_url:
+        if client_url and "\0" not in client_url:
             queryset = queryset.filter(
                 Q(exclusive_clients__url=client_url) | Q(exclusive_clients__isnull=True)
             )
 
         url = self.request.query_params.get("url")
-        if url:
+        if url and "\0" not in url:
             queryset = queryset.filter(url=url)
 
         return queryset