52. Designing for Secure Input and Output

All input should be validated for format and size. CLI arguments must be constrained to expected values.

Original

parser.add_argument("action", help="add or list")

Secure Refactor

parser.add_argument("action", choices=["add", "list", "remove"], help="Choose a valid action.")

Example

def sanitize_task_input(task):
    task = task.strip()
    if len(task) > 100:
        raise ValueError("Task description too long.")
    return task

✅ Lesson: Validation and sanitization prevent unexpected data from propagating.