Goal
Audit every untrusted input boundary and ensure restricted values are validated with explicit allowlists, types, formats, and size limits. This supports the OpenSSF Silver input_validation criterion tracked in #199.
Scope
Review inputs entering through:
- API JSON bodies, path values, and query parameters
- Scan, finding, subscription, resource, and framework identifiers
- AI questions and provider settings
- Playbook and file-path selection
- Sentinel ingestion data
- Website editor fields and external URLs
Requirements
- Centralize reusable validation where practical.
- Validate allowed values, syntax, type, and length before database, file, Azure, subprocess, or external-service use.
- Reject invalid input with consistent
400 responses without exposing internal details.
- Do not rely only on denylists of known malicious strings.
- Preserve legitimate API behavior and document intentional unrestricted fields.
- Add tests for valid, invalid, missing, oversized, malformed, and injection-style inputs.
Completion
Implementation should begin only after the boundary inventory confirms the exact scope.
Goal
Audit every untrusted input boundary and ensure restricted values are validated with explicit allowlists, types, formats, and size limits. This supports the OpenSSF Silver
input_validationcriterion tracked in #199.Scope
Review inputs entering through:
Requirements
400responses without exposing internal details.Completion
Implementation should begin only after the boundary inventory confirms the exact scope.