[Snyk] Fix for 1 vulnerabilities

[harunpehlivan]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/react-scripts/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 249 commits.

• 7857d8f chore(release): 4.0.0
• 5604205 feat: support `file:` protocol
• 5303db2 chore(deps): update (Add an explicit root to webpack.resolve so it searchs there first facebook/create-react-app#1131)
• 9aa0549 chore(deps): update
• a54c955 test: imports
• 5b45d87 test: support in `@ import` at-rule
• 83515fa refactor: code
• 1c20b1e fix: parsing
• 7f49a0a feat: `@ value` supports importing `url()` (Add a note about vscode-jest facebook/create-react-app#1126)
• 791fff3 refactor: named export (Enable babel-preset-env for node_modules that target newer Node versions facebook/create-react-app#1125)
• 01e8c76 refactor: change function arguments of the `import` option (issues while creating custom react-scripts facebook/create-react-app#1124)
• c153fe6 refactor: improve schema options (Added webpack dashboard facebook/create-react-app#1123)
• 58b4b98 test: unresolved (add support for installing react-scripts using npm link facebook/create-react-app#1122)
• d2f6bd2 refactor: getLocalIdent function (Add documentation for customizing Bootstrap theme facebook/create-react-app#1121)
• 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (Add testURL to jest config facebook/create-react-app#1120)
• fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option ([Question] Why a CLI over a Yeoman generator? facebook/create-react-app#1119)
• 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (yarn global add create-react-app doesn’t work with nvm facebook/create-react-app#1118)
• 0080f88 refactor: default values `modules` and `module.auto` are true (gzip build confusion facebook/create-react-app#1117)
• e1c55e4 refactor: rename the `onlyLocals` option (Can't proxy from localhost:3000 to localhost:7000 without internet connection facebook/create-react-app#1116)
• ac5f413 refactor: code
• a5c1b5f test: code coverange (Uncaught TypeError: Cannot read property 'apply' of undefined in Google Chrome facebook/create-react-app#1114)
• 908ecee refactor: `esModule` option is `true` by default (Allow user to override webpack.config facebook/create-react-app#1111)
• 7cca035 test: coverange (Suggestion — responsive error reporting facebook/create-react-app#1112)
• bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: eslint-loader

The new version differs by 73 commits.

• c086892 chore(release): 4.0.0
• 1a12052 chore: v4.0.0 (Fix port detection lag on OS X with Firewall enabled facebook/create-react-app#319)
• 6c6a87a chore(release): 3.0.4
• 953d140 test: jest setTimeout
• acecce6 chore: update deps
• d7be477 chore: update deps
• 796e3d1 fix: Support React Native Web facebook/create-react-app#316 updating loader-fs-cache min version (Supporting a babel preset stage-x facebook/create-react-app#317)
• e04f743 chore: update lock files
• 929800d chore: add contributor
• 3f422bf docs: formatting
• 23695fc chore(release): 3.0.3
• ee68817 chore: update lock files
• c0a9d0c fix: support webpack 5 (refactor(e2e): turn repeated test (build and start) into function facebook/create-react-app#312)
• 6bb1fa6 fix: check result object (Unexpected character '@' when importing fonts facebook/create-react-app#311)
• 7793ccf chore(package): update description
• f06c9e8 docs: update
• dab6d65 docs: clarify default cache location
• 356c8e2 chore: update deps
• 2346ff8 docs: formatting
• 2dd8b43 docs: formatting
• fce6f88 chore(release): 3.0.2
• 7d1d1fe fix: check if contain results (Add dev-toolkit Alternative facebook/create-react-app#300)
• 16e9ccf fix: ensure output file path (Lint against imported lowercase components  facebook/create-react-app#299)
• f9b4628 chore(release): 3.0.1

See the full diff

Package name: file-loader

The new version differs by 64 commits.

• e44eb73 chore(release): 6.0.0
• ad39022 chore(deps): update (Update README.md facebook/create-react-app#369)
• e1fe27c docs: update README.md (Creating a new app in the current directory facebook/create-react-app#368)
• c2aded7 chore(release): 5.1.0
• cd8698b feat: support the `query` template for the `name` option (Use fast-async for async/await support facebook/create-react-app#366)
• 5703c58 chore(deps): update (Add Travis for created apps facebook/create-react-app#365)
• 521bff2 chore: remove duplicate prettier config file (Add resolve to src folder facebook/create-react-app#357)
• 5ffac2e refactor: added description on esModule (Added phoenix task facebook/create-react-app#358)
• 190829e docs: fix the description of the `esModule` option (Added a note with instructions on eslint plugin configuration facebook/create-react-app#348)
• f1b071c chore(release): 5.0.2
• 6431101 chore: add the `funding` field in `package.json` (Suggesting to install babel syntax highlighting for Sublime facebook/create-react-app#347)
• 90302cd chore(release): 5.0.1
• 31d6589 fix: name of `esModule` option in source code (Watchman crawl failed. facebook/create-react-app#346)
• 2a18cba chore(release): 5.0.0
• 98a6c1d refactor: next (Added a reasonable config for autoprefixer (resolves #73) facebook/create-react-app#345)
• 0df6c8d chore(release): 4.3.0
• a2f5faf refactor: code (How to create more than one pages? facebook/create-react-app#344)
• 9b9cd8d feat: new options flag to output ES2015 modules (Display Build Size Difference facebook/create-react-app#340)
• ba0fd4c chore(release): 4.2.0
• 642ee74 docs: improve readme (Adding neo to list of alternatives facebook/create-react-app#341)
• c136f44 feat: `postTransformPublicPath` option (Creating a new app in the current directory facebook/create-react-app#334)
• d441daa chore(release): 4.1.0
• 705eed4 feat: improved validation error messages (Combine efforts with mozilla/neo? facebook/create-react-app#339)
• d016daa chore(release): 4.0.0

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 74fae99 chore(release): 5.0.0
• 94a20df chore: update to webpack 5.20.0
• c5c8212 feat: add meta attribute for html tags
• d0ab774 feat: provide public path to the alterAssetTagGroups hook
• 5200ae6 feat: provide public path to the alterAssetTags hook
• ccbe93a chore: update examples to latest webpack version
• 33cbd59 fix: generate html files even if no webpack entry exists
• 826739f feat: allow to use the latest loader-utils and tapable version
• 81d7b2c feat: add typings for options and version
• 8d34b81 fix: use correct casing for webpack type import
• 36f9aca chore: upgrade dev dependencies
• 1755962 chore: fix css-loader for unit testing
• a79ab17 chore: drop support for appcache-webpack-plugin as it is not compatible to webpack 5
• 7c3146d feat: allow to set publicPath to empty string ’’
• b109213 docs: update installation instructions for webpack 4
• 833b46b fix: inject javascripts in the <head> tag for inject:true and scriptLoading:'defer'
• 13af0fb feat: add full support for public paths inside templates
• fd5fe58 refactor: move the publicPath generation into a seperate function
• 60a6ef8 test: add test for experiments: { outputModule: true }
• a43ab72 feat: overrule module output
• 10a0c5e fix: adjust tests as webpack 5 will no longer emit files for builds with errors
• 2975a6a feat: process html during the processAssets stage PROCESS_ASSETS_STAGE_OPTIMIZE_INLINE
• 0f9c239 fix: add support for publicPath: 'auto' in combination with type: 'asset/resource'
• ab8b195 fix: support loaders like raw-loader

See the full diff

Package name: postcss-loader

The new version differs by 87 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config (Deactivate the new-cap rule in ESLint facebook/create-react-app#470)
• 77449e1 test: union (Chrome applescript execution error facebook/create-react-app#469)
• 9b75888 feat: reuse AST from other loaders (CSSNext facebook/create-react-app#468)
• 5e4a77b fix: resolve `from` and `to` from config and options (Chrome and localhost:3000 on Mac facebook/create-react-app#467)
• 225b2e5 refactor: do not validate `postcss` options (ESLint rule new-cap facebook/create-react-app#466)
• 3d32c35 fix: `default` export for plugins ([Discussion] Deactivating new-cap rule (Immutable.js user) facebook/create-react-app#465)
• 38ebe08 refactor: `execute` option (Fix typo in README. facebook/create-react-app#464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps (Make the project modular/plugable facebook/create-react-app#460)
• 475278c chore: move `postcss` to `peerDependencies` (Loader issue: Error in *.styl facebook/create-react-app#459)
• 98441ff fix: respect the `map` option and source maps (Webp images facebook/create-react-app#458)
• ba88040 refactor: do not pass meta from other loaders (Show object-diffs for failed tests facebook/create-react-app#457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option (Added getExistingProcesses() facebook/create-react-app#454)
• d8d84f7 refactor: code (Install flow type definitions from Jest by default or suggest it facebook/create-react-app#453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code (Consider including a code formatter? facebook/create-react-app#451)
• 60e4f12 docs: addDependency (Adopt StandardJS facebook/create-react-app#448)

See the full diff

Package name: style-loader

The new version differs by 109 commits.

• 171a747 chore(release): 1.1.4
• af1b4a9 chore(deps): update
• a003f05 docs: add links for the options table (Make the project modular/plugable facebook/create-react-app#460)
• 2756e03 chore(release): 1.1.3
• 236b243 fix: injection algorithm (Consider using webpack-dashboard for easier development process. facebook/create-react-app#456)
• 36bd8f1 docs: fix typos (Install flow type definitions from Jest by default or suggest it facebook/create-react-app#453)
• de38c39 chore(release): 1.1.2
• 91ceaf2 fix: algorithm for importing modules (Added webpack-dashboard facebook/create-react-app#449)
• 1138ed7 fix: checking that the list of modules is an array (Adopt StandardJS facebook/create-react-app#448)
• aa418dd chore(release): 1.1.1
• 7ee8b04 fix: add empty default export for `linkTag` value
• c69ea6c chore(release): 1.1.0
• c7d6e3a fix: order of imported styles (Workaround for custom webpack providers? facebook/create-react-app#443)
• a283b30 test: more manual test (Handle .webp images facebook/create-react-app#442)
• 3415266 feat: `esModule` option (Guess what app is already running in port 3000 facebook/create-react-app#441)
• 907aed8 test: refactor (ESLint warnings and errors ignored in npm run build facebook/create-react-app#440)
• 28e1628 refactor: code (1- facebook/create-react-app#438)
• 5c51b90 refactor: cjs (Pick react-script version to use in CLI facebook/create-react-app#437)
• 609263a test: refactor
• 7768fce chore(release): 1.0.2
• dcbfadb fix: support ES module syntax (Consider leaving out babel-preset-es2015 in development. facebook/create-react-app#435)
• d515edc chore(deps): update (add otf font format to loaders facebook/create-react-app#434)
• 4c1e3f3 docs: fixed typo 'doom' to 'DOM' in README.md (Build production on create-react-app ? facebook/create-react-app#432)
• c6164d5 chore(release): 1.0.1

See the full diff

Package name: thread-loader

The new version differs by 38 commits.

• 470b6e6 chore(release): 3.0.0
• d0a8de4 chore(deps): update defaults ([WIP] Use a different port if 3000 is used facebook/create-react-app#100)
• aecad57 chore(deps-dev): bump lodash from 4.17.15 to 4.17.19 (src paths for files are '/' and for a static site should be './' in build facebook/create-react-app#95)
• 16bbc23 fix: getResolve (Custom additional webpack config? facebook/create-react-app#99)
• 075e79e chore: update deps (Nicer css module generated names facebook/create-react-app#90)
• ea5c9ad fix: `loadModule` and `fs` are now available in a loader context (add node engine to package.json and call checkNodeVersion function in cli facebook/create-react-app#88)
• 488300f chore(NA): update some old dependencies (Center terminal images in main README facebook/create-react-app#76)
• 177fa79 chore(release): 2.1.3
• 79758d0 fix: correct default for workerParallelJobs option (Recursively copy the template folder facebook/create-react-app#74)
• b02d503 fix: do not allow empty or invalid node args when spin up child process (Autoprefixer config facebook/create-react-app#73)
• d529c77 chore(release): 2.1.2
• aec90b0 Fix lifecycle handling for signals ([Snyk] Security upgrade react-dev-utils from 5.0.3 to 12.0.0 #57)
• b5fc4f7 chore(release): 2.1.1
• d3a6664 perf: use `neo-async` instead of `async` ([Snyk] Security upgrade sockjs-client from 1.1.4 to 1.2.0 #54)
• 5dbf449 chore(release): 2.1.0
• 76535bf feat: add poolRespawn flag to speed up incremental builds ([Snyk] Security upgrade react-dev-utils from 5.0.3 to 7.0.2 #52)
• bfb6271 chore(release): 2.0.2
• fa02b60 fix: build hang ([Snyk] Fix for 1 vulnerabilities #53)
• f564c1c chore(release): 2.0.1
• f10fe55 fix: memory leaks, worker and main process lifecycles ([Snyk] Security upgrade @babel/preset-env from 7.0.0-beta.44 to 7.0.0 #51)
• 9208e3b chore(release): 2.0.0
• 0f87683 fix: listen end events ([Snyk] Security upgrade react-dev-utils from 5.0.3 to 12.0.0 #42)
• fcbd813 fix: calculate number of workers correctly ([Snyk] Fix for 1 vulnerabilities #49)
• 1f81d04 chore(deps): bump and audit dependencies with npm audit fix ([Snyk] Fix for 1 vulnerabilities #47)

See the full diff

Package name: url-loader

The new version differs by 57 commits.

• 8828d64 chore(release): 4.0.0
• fc8721f chore(deps): migrate on `mime-types` package (Removing propTypes in production build? facebook/create-react-app#209)
• f13757a chore(deps): update (Add react-app to Alternatives section in README.md facebook/create-react-app#208)
• a2f127d fix: description on the `esModule` option (Use react CSS modules facebook/create-react-app#204)
• 4301f87 chore(release): 3.0.0
• 3f0bbc5 refactor: next (Use es2015-loose Babel preset in production build facebook/create-react-app#198)
• 2451157 chore(release): 2.3.0
• 0ee2b99 feat: new `esModules` option to output ES modules
• cbd1950 chore(release): 2.2.0
• 196110e fix: yarn pnp support (Support for environment variables facebook/create-react-app#195)
• 9431124 docs: improve documentation about `fallback` (Can't set bind address facebook/create-react-app#194)
• a251a23 chore(deps): update (Notify about new version facebook/create-react-app#193)
• 2bffcfd fix: limit must allow infinity and max value (AppCache / ServiceWorker support facebook/create-react-app#192)
• 1b9dbd1 chore(release): 2.1.0
• f3d4dd2 feat: improved validation error messages ("transient" -> "transitive" facebook/create-react-app#187)
• 37c6acc chore(release): 2.0.1
• 4842f93 fix: allow using limit as string when you use loader with query string (Adding (seemingly) missing dependencies facebook/create-react-app#185)
• c0341da chore(defaults): update (Missing modules? facebook/create-react-app#184)
• 78833ac chore(release): 2.0.0
• 4386b3e chore(deps): update (Is routing left out? facebook/create-react-app#182)
• 60d2cb3 feat: limit option can be boolean (Enable linting rules for ES6 imports facebook/create-react-app#181)
• d82e453 fix: `limit` should always be a number and 0 value handles as number (Enzyme compatibility in Webpack config facebook/create-react-app#180)
• 3c24545 fix: fallback loader will be used than limit is equal or greater (SyntaxError after following the setup instructions. facebook/create-react-app#179)
• a6705cc test: test svg scenario. Centralize configuration settings facebook/create-react-app#176 (Timeout when running from Code9 IDE facebook/create-react-app#177)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request HMR not reloading index.js facebook/create-react-app#11603 from MayaWolf/master
• 76e8cbd Merge pull request updated deprecated rules facebook/create-react-app#11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request difference in version of webpack-dev-server locally and on github in react-scripts package facebook/create-react-app#11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request Can not create new react-app  facebook/create-react-app#11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request Linking react-scripts with the projects throws an error. facebook/create-react-app#11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request React create-react-app errors, npm audit fix and npm install facebook/create-react-app#11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request Add Node 17 to test matrix facebook/create-react-app#11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request Can't open error frame in VSCodium facebook/create-react-app#11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request need solution  facebook/create-react-app#11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request Critical vulnerability in shell-quote facebook/create-react-app#11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[secureflag-knowledge-base]

Code Injection

Click here to find a Code Injection training lab

Description

Code Injection, also known as Remote Code Execution (RCE), is possible when unsafe user-supplied data is used to run server-side code. This is typically as a result of an application executing code without prior validation, thus allowing an attacker to execute arbitrary code within the context of the vulnerable application.

Not to be confused with OS Command Injection, Code Injection attacks allow the attacker to add their own code to be executed by the application, whereas OS Command Injection extends the preset functionality of the application to execute system commands, usually within the context of a shell.

Code Injection attacks are only limited by the functionality of the language the attacker has injected i.e. not very limited at all! If PHP code is the language chosen for the injection and is executed successfully, the attacker has every utility available in PHP at her/his disposal.

The Code Injection attack category encompasses multiple types of injection attacks, all of which are very prevalent and capable of extremely high levels of compromise. Indeed, OWASP has listed injection attacks as one of the most dangerous web application security risk since 2013.

Read more

Impact

Malicious attackers can leverage Code Injection vulnerabilities to gain a foothold in the hosting infrastructure, pivot to connected systems throughout the organization, execute unauthorized commands, and fully compromise the confidentiality, integrity, and availability of the application. Depending on the injection, this can usually lead to the complete compromise of the underlying operating system.

The list of devastating Code Injection attacks, both public and behind closed doors, is far too long to list. Hot off the press in 2020, this Code Injection discovery was shown to affect the default Mail application on stock iPhones and iPads, resulting in remote code execution.

In this particular instance, the vulnerability was identified by a security company which notified the vendor, Apple, of the issue. However, it is important as a developer to internalize the glaring reality that poorly written, unsecure code opens the way for attackers to potentially wreak havoc, which is why learning secure codeing skills from the beginning can potentially prevent an employer-destroying headline down the track.

Prevention

Code Injection attacks leveraging any language can be avoided by simply following some basic, yet essential, security practices. Overarching these general practices is the rule that a developer should treat all data as untrusted.

Developers must not dynamically generate code that can be interpreted or executed by the application using user-provided data. Evaluating code that contains user input should only be implemented if there is no other way of achieving the same result without code execution.

Testing

Verify that the application avoids the use of eval() or other dynamic code execution features. Where there is no alternative, any user input being included must be sanitized or sandboxed before being executed.

• OWASP ASVS: 5.2.4
• OWASP Testing Guide: Testing for Code Injection

View this in the SecureFlag Knowledge Base

[secure-code-warrior-for-github]

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

What is this? (2min video)

By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).

Try a challenge in Secure Code Warrior

[secure-code-warrior-for-github]

Micro-Learning Topic: OS command injection (Detected by phrase)

Matched on "OS Command Injection"

What is this? (2min video)

In many situations, applications will rely on OS provided functions, scripts, macros and utilities instead of reimplementing them in code. While functions would typically be accessed through a native interface library, the remaining three OS provided features will normally be invoked via the command line or launched as a process. If unsafe inputs are used to construct commands or arguments, it may allow arbitrary OS operations to be performed that can compromise the server.

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Command Injection - OWASP community page with comprehensive information about command injection, and links to various OWASP resources to help detect or prevent it.
• OWASP testing for Command Injection - This article is focused on providing testing techniques for identifying command injection flaws in your applications

Micro-Learning Topic: Code injection (Detected by phrase)

Matched on "Code Injection"

What is this? (2min video)

Code injection happens when an application insecurely accepts input that is subsequently used in a dynamic code evaluation call. If insufficient validation or sanitisation is performed on the input, specially crafted inputs may be able to alter the syntax of the evaluated code and thus alter execution. In a worst case scenario, an attacker could run arbitrary code in the server context and thus perform almost any action on the application server.

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Command Injection - OWASP community page with comprehensive information about Code Injection, and links to various OWASP resources to help detect or prevent it.
• SEI CERT Oracle Coding Standard for Java - Prevent Code Injection - Carnegie Mellon University Software Engineering Institute guidance on preventing code injection vulnerabilities in Java.

Micro-Learning Topic: Injection attack (Detected by phrase)

Matched on "Injection attack"

Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Top Ten 2021 A03: Injection - OWASP Top Ten articles provide basic techniques to protect against these high risk problem areas, and guidance on where to go next.
• OWASP Injection Prevention Cheat Sheet in Java - This article is focused on providing clear, simple, actionable guidance for preventing injection flaws in your Java applications.
• OWASP Input Validation Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing injection and input validation flaws in your applications.
• OWASP Injection Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing injection flaws in your applications.
• OWASP Top Ten Proactive Controls 2018 C5: Validate All Inputs - Detailed article on input validation as a programming technique for ensuring that only properly formatted data may enter a software system component.