Input Validation – “All input is evil”
(strings)
CS1
Background
Summary: Any program input– such as a user typing at a keyboard or a network connection
– can potentially be the source of security vulnerabilities. All input should be treated as
potentially dangerous.
Description: Most software packages rely upon external input. Although information typed at
a computer might be the most familiar, networks and external devices can also send data to a
program. Generally, this data is of a specific type: for example, a user interface that requests
a person’s name might be written to expect a series of alphabetic characters. If the correct
type and form of data is provided, the program might work fine. However, if programs are not
carefully written, attackers can construct inputs that can cause malicious code to be executed.
Risk – How can it happen? Any data that can enter your program from an external source
can be a potential source of problems. If external data is not checked to verify that it has the
right type of information, the right amount of information, and the right structure of information,
it can cause problems. Any program that processes data from external sources without
adequate validation can be susceptible to security vulnerabilities.
Example of Occurrence: The Risks digest (http://catless.ncl.ac.uk/Risks ) - an invaluable
resource on computing systems gone wrong – carried a report of an electronic commerce
web site that failed to verify the quantity of items ordered. After accidentally typing “1.1” for
the desired quantity of an item (instead of one), an amused customer found that the system
would let him order 1.1 cocktail shakers at $9.99 each, for a total of $10.99. A simple check
to verify that the quantity was an integer value would have eliminated the absurd possibility of
ordering one-tenth of a cocktail shaker.
Source: Richard Kaszeta, “Lack of sanity checking in Web shopping cart software “ Risks Digest, 23(51)
http://catless.ncl.ac.uk/Risks/23.51.html#subj11
How can I avoid input validation problems?
Check your input: The basic rule is for input validation is to check that input data matches all
of the constraints that it must meet to be correctly processesed by the existing logic.
Conversely, the logic must adequately handle any possible data input values. In many cases,
this can be difficult: confirming that a set of digits is, in fact, a telephone number may require
consideration of the many differing phone number formats used by countries around the
world. Some of the checks that you might want to use include: data type, range of values,
length of input, and format. If you ask for a date and someone gives you a twelve digit
number, it's probably wrong.
Other places where you might run into input validation problems including accessing items in
an array or getting substrings out of a string: if you access indices in an array or positions in a
string that are outside of the limits of the array (or string), you may run into trouble.
Some programming languages have tools that provide general input validation support or
specific support for handling common input formats. These facilities should be used whenever
possible.
Recover Appropriately: A robust program will respond to invalid input in a manner that is
appropriate, correct, and secure. When your program runs across invalid input, it should
recover as much as possible, and then repeat the request, or otherwise continue on. Arbitrary
decisions such as truncating or otherwise reformatting data to “make it fit” should be avoided.
Laboratory/Homework Assignment: Consider this problem, which asks the
user to type in a word and a position in that string. This program uses the string subst
method to get a substring of the characters in the string, starting with the given index and
including a certain number of characters. Thus, if the user types “University”, the integer 3 (as
the starting point), and 4 (as the length), the program will print “vers” as the substring – the
four characters starting at position 3.
#include <iostream>
using namespace std;
int main(void) {
string s;
unsigned int start;
unsigned int len;
cout << "Please enter a word: ";
cin >> s;
cout << "Please enter a starting position: ";
cin >> start;
cout << "How many characters? ";
cin >> len;
string sub = s.substr(start, len);
cout << "The substring with " << len << " characters starting from " << start << " is " <<
sub <<endl;
return 0;
}
1. Complete the following checklist for this program.
2. List the potential input validation errors.
3. Provide example inputs that might cause validation problems and describe the
problems that they might cause.
4. What happens if you type non-numeric characters for the starting position?
Security Checklist:
Security Checklist
Vulnerability
Improper Input Validation
Task – Check each line of code
Course
CS1
Completed
1. Mark with a V each variable that is input.
For each input variable, which of the following is applicable: Yes N/A
1. Check length
2. Check range (reasonableness?)
3. Check all options
4. Check type
Shaded areas indicate vulnerabilities
Discussion Questions:
1. Filenames are particularly vulnerable to security vulnerabilities. Research to find out
why.