Description
- Unicode normalization, length limits, reject control characters.
Requirements and context
- Must be secure, tested, and documented for production operation.
- Should be efficient, observable, and easy to review in PRs.
- Scope is Predictify backend / off-chain services only (no Soroban contract changes, no frontend UI in this issue).
Suggested execution
- Fork the repository and create a branch:
git checkout -b feature/input-sanitize
- Implement changes:
- Service / module: implement in
src/validation/sanitize.rs and related packages as needed.
- Tests: add or extend
fuzz or property tests for strings (unit + integration where applicable).
- Documentation: update or add
docs/backend/SECURITY.md (architecture notes, OpenAPI, or runbooks).
- Comments & types: document public APIs, config knobs, and failure modes clearly.
Primary touchpoints: src/validation/sanitize.rs
Test and commit
- Run the project test command (e.g.
pytest, cargo test, or npm test — follow repo conventions).
- Cover edge cases listed in the description; add regression tests for any bug found.
- In the PR, include summarized test output and security / ops notes (authn/z, data handling, rate limits).
Example commit message
feat(api): input sanitization layer
Guidelines
- Target ≥ 95% coverage on new or materially changed modules (per language/tooling configured in CI).
- Documentation must allow a new engineer to operate and verify the feature locally.
- Timeframe: 96 hours from assignment.
Description
Requirements and context
Suggested execution
git checkout -b feature/input-sanitizesrc/validation/sanitize.rsand related packages as needed.fuzz or property tests for strings(unit + integration where applicable).docs/backend/SECURITY.md(architecture notes, OpenAPI, or runbooks).Primary touchpoints:
src/validation/sanitize.rsTest and commit
pytest,cargo test, ornpm test— follow repo conventions).Example commit message
Guidelines