Never trust user input
Never trust user input (or “Never trust your users”) is a well-known statement in software engineering. It’s about making sure that whatever information gets into your application/service/library/system will not cause you any issues (data validation).
Nobody can guarantee you what you will be sent. Data can be intentionally or unintentionally broken, leading to inconvenient situations or absolute madness with services being down for a long time (e.g.: the 2024 CrowdStrike incident; see technical root cause analysis here).
But who is the user?
Often, the user is considered to be someone outside your project. Someone who is using your project. The client who:
-
- makes an HTTP request to your web server
- or passes a file path as an argument to your CLI application
- or makes a call to one of your APIs’ functions.
Imagine the following situation:
-
- Your application/service/library/system has multiple components that communicate with each other.
- Not all of them are facing the end user.
- Given
- Two components A (user-facing/public) and B (internal/private).
- When
- A uses B
- and B gets input from A.
- Then
- A is the user of B, not your end user who uses the application
- and B does not know where the input is coming from.
You, as the engineer who wrote these components, know how they are used. But you are a human and mistakes are just around the corner. Most of the time, B must validate the input as if it were a public component because you must… Continue reading Never trust user input. But who is the user?