Project 9: Input Validation Framework

A comprehensive input validation library with validators for integers, strings, paths, emails, and custom patterns—returning safe, validated values or clear error codes.

Quick Reference

Attribute Value
Primary Language C
Alternative Languages Python, Go
Difficulty Level 2: Intermediate
Time Estimate 1-2 weeks
Knowledge Area Secure Coding / Input Handling
Tooling Regular expressions, fuzzing
Prerequisites Project 1 (safe strings), regex basics

What You Will Build

A comprehensive input validation library with validators for integers, strings, paths, emails, and custom patterns—returning safe, validated values or clear error codes.

Why It Matters

This project builds core skills that appear repeatedly in real-world systems and tooling.

Core Challenges

  • Integer range validation → maps to MIN/MAX checks, overflow
  • String sanitization → maps to length limits, character whitelist
  • Path traversal prevention → maps to rejecting ../, symlinks
  • Canonical forms → maps to normalization before validation

Key Concepts

  • Whitelisting vs Blacklisting: OWASP guidelines
  • Canonicalization: CERT C FIO02-C
  • Defense in Depth: Multiple validation layers

Real-World Outcome

$ ./test_input_validator

Testing integer validation...
  ✓ validate_int("123", 0, 1000) = 123
  ✓ validate_int("-5", 0, 1000) = ERROR_RANGE
  ✓ validate_int("99999999999999", ...) = ERROR_OVERFLOW
  ✓ validate_int("12abc", ...) = ERROR_FORMAT

Testing string validation...
  ✓ validate_string("hello", 1, 10, ALPHA) = "hello"
  ✓ validate_string("hello123", ..., ALPHA) = ERROR_INVALID_CHARS
  ✓ validate_string("", 1, 10, ...) = ERROR_TOO_SHORT
  ✓ validate_string(NULL, ...) = ERROR_NULL

Testing path validation...
  ✓ validate_path("/home/user/file.txt") = validated path
  ✓ validate_path("../../../etc/passwd") = ERROR_TRAVERSAL
  ✓ validate_path("/etc/passwd") = ERROR_OUTSIDE_ROOT
  ✓ validate_path("file\x00.txt") = ERROR_NULL_BYTE

Testing email validation...
  ✓ validate_email("user@example.com") = valid
  ✓ validate_email("user@") = ERROR_FORMAT
  ✓ validate_email("user+tag@sub.example.com") = valid

All 24 tests passed!

Implementation Guide

  1. Reproduce the simplest happy-path scenario.
  2. Build the smallest working version of the core feature.
  3. Add input validation and error handling.
  4. Add instrumentation/logging to confirm behavior.
  5. Refactor into clean modules with tests.

Milestones

  • Milestone 1: Minimal working program that runs end-to-end.
  • Milestone 2: Correct outputs for typical inputs.
  • Milestone 3: Robust handling of edge cases.
  • Milestone 4: Clean structure and documented usage.

Validation Checklist

  • Output matches the real-world outcome example
  • Handles invalid inputs safely
  • Provides clear errors and exit codes
  • Repeatable results across runs

References

  • Main guide: LEARN_SECURE_C_AND_EXPLOIT_AWARENESS.md
  • “Effective C, 2nd Edition” by Robert C. Seacord