Code Smell 189 - Not Sanitized Input

Photo by Jess Zoerb on Unsplash

Code Smell 189 - Not Sanitized Input

Bad actors are there. We need to be very careful with their input

Play this article

TL;DR: Sanitize everything that comes from outside your control.


  • Security


  1. Use sanitization and input filtering techniques.


Whenever you get input from an external resource, a security principle requests you to validate and check for potentially harmful inputs.

SQL Injection is a notable example of a threat.

We can also add assertions and invariants to our inputs.

Even better, we can work with Domain Restricted Objects.

Sample Code


user_input = "abc123!@#"
# This content might not be very safe if we expect just alphanumeric characters


import re

def sanitize(string):
  # Remove any characters that are not letters or numbers
  sanitized_string = re.sub(r'[^a-zA-Z0-9]', '', string)

  return sanitized_string

user_input = "abc123!@#"
print(sanitize(user_input))  # Output: "abc123"


[X] Semi-Automatic

We can statically check all the inputs and also we can also use penetration testing tools.


  • Security


We need to be very cautious with the inputs beyond our control.


More Info


Code Smells are just my opinion.


Photo by Jess Zoerb on Unsplash

Companies should make their own enterprise systems as often as network security companies should manufacture their own aspirin.

Phil Simon

This article is part of the CodeSmell Series.