Input Validation!

The first step to robust, quality code.

What?
Why?
How?

Data inserted into a system for processing and / or storage.

What are some sources of input?

User input is a form of data

Data that flows through the app needs to be handled in ways the program is expecting.

Ensures that it is possible for the program to do something with the data, and that it makes sense to accept this data from an input source.

What does validation not ensure?

(Correctness in business logic)

Reliability - So programs don't stop running when input is unexpected, and users are not given confusing errors
Accuracy - Define the conditions that user input is accepted by the program (required and optional fields)
Make sure user input can actually be used in functions
Prevent security breaches & loss of data through saving or using malformed data (combined with sanitisation - later)

xkcd - "Exploits of a Mom" https://xkcd.com/327/

Web applications are highly vulnerable to input validation errors.
- “!@#$%^&*()” on a vulnerable e-commerce site may cause performance issues, or “denial of service”, on a vulnerable system,
- Invalid passwords such as “pwd’” or “1=1— ” may result in unauthorised access.
A Norwegian woman mistyped her account number on an internet banking system. Instead of typing her 11-digit account number, she accidentally typed an extra digit, for a total of 12 numbers. The system discarded the extra digit, and transferred $100,000 to the (incorrect) account. A simple instruction informing her that she had typed too many digits would have helped avoid this expensive error.
- Olsen, Kai. “The $100,000 Keying error” IEEE Computer, August 2008
More: http://cis1.towson.edu/~cssecinj/modules/cs0/cs0-input-validation-python/

We'll start with this Python example