Sanitize user input
lukpueh opened this issue · comments
We persist most of the user posted information as is. While there shouldn't be any SQL (mongodb with very simple queries) injection problems (please prove me wrong!) some data just doesn't make sense in the scope of in-toto.
Therefor we should sanitize/validate user inputs, and give feedback, so that the user can correct the posted data, some examples.:
- step and inspection names need to be unique in the supply chain
- several suggested cli snippets are generated based on user input, these should actually work, e.g.
in-toto-run
commands or inspection commands, ... - replace asserts
We should take a look at Flask-WTF for this task