Prompt
Always validate security-critical inputs to prevent DoS attacks and injection vulnerabilities. Implement size limits, scheme restrictions, and format validation for user-controlled data that affects security mechanisms.
Key practices:
- Set reasonable size limits (e.g., 4KB for cookie values) to prevent DoS through oversized inputs
- Validate URL schemes for security-sensitive operations (only allow http/https for proxies)
- Follow standard library patterns for input sanitization and validation
- Avoid logging sensitive input values that could be exploited
Example implementation:
// Validate proxy URL scheme
pURL, err := urlPkg.Parse(proxyURL)
if err != nil {
return err
}
if pURL.Scheme != "http" && pURL.Scheme != "https" {
return errors.New("unsupported proxy scheme")
}
// Limit cookie value size to prevent DoS
func (c *DefaultCtx) sanitizeCookieValue(v string) string {
const maxCookieSize = 4096 // 4KB limit
if len(v) > maxCookieSize {
// Log generic message without exposing value
log.Warn("cookie value exceeds size limit, truncating")
v = v[:maxCookieSize]
}
// Continue with sanitization...
}
This prevents common attack vectors while maintaining functionality and following security best practices established in standard libraries.