Uploaded image for project: 'COmanage Framework Migration'
  1. COmanage Framework Migration
  2. CFM-95 Security
  3. CFM-152

Review validateInput

    XMLWordPrintable

Details

    • Sub-task
    • Resolution: Unresolved
    • Major
    • COmanage Registry 5.1.0 SCU
    • None
    • None

    Description

      Review the use of validateInput. Considerations:

      • For some fields (eg: SshKey::description), validateInput might reject characters that are otherwise valid.
      • In general, fields should be filtered on output.
        • Output includes HTML rendering, REST API, and provisioning.
      • In general, SQL injection protection should be handled by Cake.
      • Field validation should be aligned with the field content.
        • eg: Email Addresses should be constrained to characters valid for email addresses.
      • Proactive input validation might be more important for self service enabled fields than for fields that are only editable by an administrator, especially platform and CO administrators.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. CO-2364 Input model validation should not be triggered on all API calls

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            People

              benn.oshrin@at.internet2.edu Benn Oshrin (internet2.edu)
              benn.oshrin@at.internet2.edu Benn Oshrin (internet2.edu)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: