andrewmusselman opened a new issue, #778: URL: https://github.com/apache/tooling-trusted-releases/issues/778
**Source:** ASVS 2.1.1 — Finding 1 **CWE:** CWE-20 (Improper Input Validation) #### Description While the codebase implements various validation mechanisms, there is no centralized documentation defining expected formats for common data types. Validation rules are scattered across multiple files, making auditing and consistency verification difficult. Undocumented data formats include: ASF UID, project/committee names, version strings, fingerprints (OpenPGP and SSH), email addresses, URL schemes per context, and SVN revision formats. #### Recommendation Create `docs/input-validation.md` documenting all validation rules with regex patterns, examples, allowed ranges, and rationale. Consider generating documentation automatically from Pydantic models. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
