missing-input-validation-anti-pattern
Installation
SKILL.md
Missing Input Validation Anti-Pattern
Severity: High
Summary
Missing input validation occurs when applications fail to validate data from users or external sources before processing it. This enables SQL Injection, Cross-Site Scripting (XSS), Command Injection, and Path Traversal attacks. Treat all incoming data as untrusted. Validate against strict rules for type, length, format, and range.
The Anti-Pattern
Trusting external input without server-side validation. Client-side validation provides no security—attackers bypass it trivially.
BAD Code Example
# VULNERABLE: Trusts user input completely, enabling SQL Injection
from flask import request
import sqlite3