Skip to content

security: complete allowlist-based input validation audit #201

Description

@TFT444

Goal

Audit every untrusted input boundary and ensure restricted values are validated with explicit allowlists, types, formats, and size limits. This supports the OpenSSF Silver input_validation criterion tracked in #199.

Scope

Review inputs entering through:

  • API JSON bodies, path values, and query parameters
  • Scan, finding, subscription, resource, and framework identifiers
  • AI questions and provider settings
  • Playbook and file-path selection
  • Sentinel ingestion data
  • Website editor fields and external URLs

Requirements

  • Centralize reusable validation where practical.
  • Validate allowed values, syntax, type, and length before database, file, Azure, subprocess, or external-service use.
  • Reject invalid input with consistent 400 responses without exposing internal details.
  • Do not rely only on denylists of known malicious strings.
  • Preserve legitimate API behavior and document intentional unrestricted fields.
  • Add tests for valid, invalid, missing, oversized, malformed, and injection-style inputs.

Completion

  • Every input boundary is recorded and reviewed
  • Identified validation gaps are fixed
  • Security regression tests cover all changed boundaries
  • API documentation describes relevant limits
  • Ruff, frontend checks, full tests, CodeQL, Bandit, and Semgrep pass
  • The Silver evidence register links to the completed audit

Implementation should begin only after the boundary inventory confirms the exact scope.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
📋 Backlog

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions