Validation
User input data validation is one of the most important things while developing a project. It not only keeps the data clean but also helps with somewhat malicious data being sent with requests using intercept tools like burp suite.
One of python package which helps in validating Api request is Schema
from schema import Schema, And, Use, Optional
schema = Schema([{'name': And(str, len),
'age': And(Use(int), lambda n: 18 <= n <= 99),
Optional('gender'): And(str, Use(str.lower),
lambda s: s in ('Male', 'Female'))}])
data = [{'name': 'Pritesh', 'age': '29', 'gender': 'Male'},
{'name': 'Alisha', 'age': '26', 'gender': 'Female'},
{'name': 'Atul', 'age': '28'}]
validated = schema.validate(data)
If validation fails It raises SchemaError
else it would return filtered payload based on schema validation.
There are many features of Schema
we can use, few of them are -
- Optional keys can also carry a default, to be used when no key in the data matches: eg:
Schema({Optional('best_songs', default='blues'): str, 'best_movie': str}).validate({'best_movie': 'shawshank redemption'})
- In a dictionary, you can combine two keys in a “one or the other” manner. To do so, use the Or class as a key
Schema({ Or("key1", "key2", only_one=True): str })
- The Schema(...) parameter ignore_extra_keys causes validation to ignore extra keys in a dictionary, and also to not return them after validating.
Schema({'movie': str}, ignore_extra_keys=True)
print(schema.validate({'movie': 'tenet', 'review': '4'}))
{'movie': 'tenet'}
- You can pass a keyword argument error to any of validatable classes (such as Schema, And, Or, Regex, Use) to report the error instead of a built-in one.
Schema(Use(int, error='Invalid year')).validate('2020')
Sanitization
Once user inputs are validated, data needs to be sanitized with an HTML sanitizing library that escapes or strips markup and attributes. Bleach
Adding sanitization helps in eliminating XSS attacks on application.
import bleach
bleach.clean('an <script>evil()</script> example')
u'an <script>evil()</script> example'
Top comments (2)
Very nice article, thank you 👍
Concise and informative Article. Thanks a lot!