Missing Input Validation and Sanitization #324
Description
VULNERABLE PATTERNS:
struct CreateUserRequest {
name: String, // No length limit or character validation
description: Option<String>, // No sanitization
email: String, // No format validation
}ATTACK VECTOR:
- Submit extremely long strings (memory exhaustion)
- Inject SQL metacharacters if raw queries used
- LDAP injection via special characters (* & | !)
- Command injection if input used in system calls
- Log injection via newlines and control characters
- Unicode normalization attacks
IMPACT:
- Database injection leading to data breach
- Log tampering and audit trail corruption
- Resource exhaustion from oversized inputs
- Cross-site scripting if reflected in web UI
- Command execution in misconfigured systems
REMEDIATION:
use validator::{Validate, ValidationError};
#[derive(Deserialize, Validate)]
struct CreateUserRequest {
#[validate(length(min = 1, max = 255))]
#[validate(regex(path = "USERNAME_REGEX"))]
name: String,
#[validate(length(max = 1000))]
description: Option<String>,
#[validate(email)]
#[validate(length(max = 255))]
email: String,
}
lazy_static! {
static ref USERNAME_REGEX: Regex =
Regex::new(r"^[a-zA-Z0-9_.-]+$").unwrap();
}
async fn create_user(req: CreateUserRequest) -> Result<User> {
// Validate before processing
req.validate()
.map_err(|e| ErrorBadRequest(format!("Validation failed: {}", e)))?;
// Additional business logic validation
if reserved_usernames().contains(&req.name.to_lowercase()) {
return Err(ErrorBadRequest("Username is reserved"));
}
// Proceed with validated input
Ok(User::create(req).await?)
}