Input validation in Go

/ / input validation in go

Updated: 2017-04-28

The purpose of input validation is to ensure that the user is entering expected data, so input that fails the validation should be rejected - both for the sake of security but also for data consistency and integrity.

Not all security risks are related to bad agents that seek to compromise the application, but also from regular users inserting erroneous input. Go’s native libraries can help prevent such errors. Some of these packages include:

  • strconv package can handle string conversion to other datatypes, such as bool, float, and int.
  • strings package can be used to manipulate strings, such as return copy of string in all upper or lower case, trim the string, etc.
  • regexp package can perform match checks.
  • utf8 package can be used to perform UTF-8 encoding/decoding and report if string/runes are valid.

Other techniques to ensure input validation includes:

  • whitelisting
  • input length checking
  • checks for null bytes, new line characters and forpath alteration

There are also some great third-party packages that handle security, such as Gorilla’s securecookie, websocket and csrf.