GatewayBalances account/ident parameters not type-checked before asString()

[mvadari]

GatewayBalances account/ident parameters not type-checked before asString()

Severity: LOW
The gateway_balances handler accesses params[jss::account].asString() or params[jss::ident].asString() without first verifying the parameter is a string type. If a non-string value (integer, object, array) is passed, JsonCpp's asString() will throw a Json::LogicError. The RPC framework's exception handler (RPCHandler.cpp:177) catches this and returns rpcINTERNAL, but this is a defense-in-depth gap

[luisfernandomendozav]

I've opened #7655 to address this. It adds an isString() type check on the account/ident parameters before asString(), returning a clean rpcINVALID_PARAMS for non-string input (matching the existing hotwallet handling), plus a unit test covering both fields across all API versions. It's a draft while CI runs — I'll mark it ready for review once the checks are green. Happy to adjust based on any feedback.