Fixes #137 SCP [14, 21] Cornucopia - Validate Input (#138)

sydseter · web-flow · commit 783ba344ede6 · 2025-07-04T10:08:37.000+02:00
* Fixes #137 SCP [14] Cornucopia - Validate Input * Fixes #137 SCP [14] Cornucopia - Validate Input * Fixes #137 SCP [14] Cornucopia - Validate Input
diff --git a/.wordlist-en.txt b/.wordlist-en.txt
@@ -535,3 +535,4 @@ BOPLA
 BOLA
 WebDAV
 tunable
+allowlist
diff --git a/docs/en/04-design/02-web-app-checklist/04-encode-escape-data.md b/docs/en/04-design/02-web-app-checklist/04-encode-escape-data.md
@@ -18,6 +18,7 @@ and use the list below as suggestions for a checklist that has been tailored for
 5. Apply canonicalization to convert unicode data into a standard form
 6. Ensure the output encoding is safe for all target systems
 7. In particular sanitize all output used for operating system commands
+8. Sanitize potentially dangerous characters before using the data to call another service
 
 #### 2. Contextual output encoding
 
diff --git a/docs/en/04-design/02-web-app-checklist/05-validate-inputs.md b/docs/en/04-design/02-web-app-checklist/05-validate-inputs.md
@@ -20,6 +20,7 @@ and use the list below as suggestions for a checklist that has been tailored for
 8. Validate data range and also data length
 9. Utilize canonicalization to address obfuscation attacks
 10. All validation failures should result in input rejection
+11. Validate all input against an allowlist of characters, whenever possible
 
 #### 2. Libraries and frameworks
 

-Original file line number
+Diff line change
 BOLA
 WebDAV
 tunable
 +allowlist