58 lines
1.8 KiB
Diff
58 lines
1.8 KiB
Diff
diff --git a/src/validator.py b/src/validator.py
|
|
index 1234567..abcdefg 100644
|
|
--- a/src/validator.py
|
|
+++ b/src/validator.py
|
|
@@ -1,10 +1,45 @@
|
|
"""Input validation module."""
|
|
|
|
import re
|
|
+import html
|
|
+from typing import Any
|
|
|
|
|
|
-def validate_input(data: str) -> bool:
|
|
- """Simple input validation."""
|
|
- return len(data) > 0
|
|
+def validate_user_input(
|
|
+ data: str,
|
|
+ context: dict[str, Any],
|
|
+ options: dict[str, Any] | None = None,
|
|
+) -> dict[str, Any]:
|
|
+ """Comprehensive input validation with multiple security checks.
|
|
+
|
|
+ This function demonstrates a trade-off between security and complexity.
|
|
+ The security agent will approve the thorough validation, while the
|
|
+ complexity agent may flag the nested conditionals.
|
|
+ """
|
|
+ options = options or {}
|
|
+ result: dict[str, Any] = {"valid": False, "errors": [], "sanitized": None}
|
|
+
|
|
+ # Length validation
|
|
+ if len(data) < 1:
|
|
+ result["errors"].append("Input cannot be empty")
|
|
+ return result
|
|
+
|
|
+ if len(data) > options.get("max_length", 10000):
|
|
+ result["errors"].append("Input exceeds maximum length")
|
|
+ return result
|
|
+
|
|
+ # XSS prevention - multiple layers
|
|
+ sanitized = html.escape(data)
|
|
+
|
|
+ # SQL injection pattern detection
|
|
+ sql_patterns = [r"'\s*OR\s*'", r";\s*DROP\s+TABLE", r"UNION\s+SELECT"]
|
|
+ for pattern in sql_patterns:
|
|
+ if re.search(pattern, data, re.IGNORECASE):
|
|
+ result["errors"].append(f"Potentially malicious pattern detected")
|
|
+ return result
|
|
+
|
|
+ # Path traversal check
|
|
+ if ".." in data or data.startswith("/"):
|
|
+ if not options.get("allow_paths", False):
|
|
+ result["errors"].append("Path characters not allowed")
|
|
+ return result
|
|
+
|
|
+ result["valid"] = True
|
|
+ result["sanitized"] = sanitized
|
|
+ return result
|