UncategorizedVibe Coding Security329 lines
Input Validation Patterns
Quick Summary16 lines
AI-generated code trusts user input by default. It parses JSON without schema validation, builds queries from URL parameters, accepts file uploads without checking content, and passes user strings to functions that expect structured data. Every input boundary is a potential exploit vector. ## Key Points - **Validation**: Reject input that doesn't match expected format. "Is this a valid email?" If no, reject. - **Sanitization**: Transform input to remove dangerous content. "Strip HTML tags from this string." Accept the cleaned version. 1. **HTTP request body** — Schema validation 2. **URL query parameters** — Type checking and whitelisting 3. **URL path parameters** — Format validation (UUID, slug, numeric ID) 4. **HTTP headers** — Whitelist expected values 5. **File uploads** — Magic bytes, size, dimensions 6. **WebSocket messages** — Schema validation on every message 7. **Database results** — Validate before returning to client (filter sensitive fields) 8. **Third-party API responses** — Don't trust them either
skilldb get vibe-coding-security-skills/input-validation-patternsFull skill: 329 linesInstall this skill directly: skilldb add vibe-coding-security-skills
Related Skills
AI-Specific Vulnerabilities
Vibe Coding Security•378L
Authentication and Authorization Patterns
Vibe Coding Security•369L
Container and Deployment Security
Vibe Coding Security•420L
Credential Management
Vibe Coding Security•391L
Database Security Hardening
Vibe Coding Security•323L
Dependency Supply Chain Security
Vibe Coding Security•362L