How to know if external input should be trusted
Question
What does Fortify consider external input into my application and can that data be considered trusted?
Answer
Fortify views all data that comes from outside an application as a potential vector for an attack. When Fortify talks about “user input” it may refer to any source of external input:
- User input - User input must never be considered trusted data. This includes input that is limited to administrative interfaces.
- Databases - Data read from databases is not trusted by default and should always be validated. However if the application must rely on a database to be trusted, the following technical note discusses How to know if a database should be trusted
- Configuration files - Data read from files on the file system, including configuration files, are not trusted by default and should always be validated. However if the application must rely on a file to be trusted, the following technical note discusses How to know if configuration files should be trusted
- Command-line arguments - Command-line arguments must never be considered trusted data. Note that a command-line argument is not trusted even if the expected usage scenario is for the argument to come from a configuration file, script, or other file on the file system and the developer has shown that the file system is trusted.
- Environment variables - Environment variables must never be considered trusted data.
- Protocol data - Any data that comes from another application or process must never be considered trusted data. This includes data that comes from other services within the same application, trusted partners, clients, servers, and remote procedure calls.