Injection: Improper Input Validation Injection¶

Identifier: improper_input

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Improper input validation injection happens when an application blindly accepts and processes user-supplied data without adequately checking it first. This oversight allows an attacker to insert harmful codelike malicious scriptsinto the application, potentially tricking it into running that code. The risk here is that if such vulnerabilities are exploited, sensitive data could be stolen, sessions hijacked, or the apps behavior manipulated. Developers often fall into pitfalls by not sanitizing inputs, assuming users wont provide harmful data, or misusing trusted functions, leaving the door open for attackers to misuse.

References:

https://portswigger.net/web-security/cross-site-scripting

Configuration¶

Example¶

Example configuration:

---
security_tests:
  improper_input:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.