Skill Wiki
Input Canonicalised Before Validation
@security/check-input-canonicalised-before-validation
$ prime install @security/check-input-canonicalised-before-validationProjection
Always in _index.xml · the agent never has to ask for this.
InputCanonicalisedBeforeValidation [check] v0.1.0
Loaded when retrieval picks the atom as adjacent / supporting.
InputCanonicalisedBeforeValidation [check] v0.1.0
Label
Inputs are decoded and normalised before any validation runs
Assertion
For every external input, the validator receives the value AFTER URL-decoding, percent-decoding (once), Unicode normalisation (NFC or NFKC), and any application-layer decoding (e.g. base64, JSON-from-query). The same canonical form is used by both validation and downstream sinks.
Evidence
- Trace the request path: locate the decode/normalise step; confirm it runs before the schema validator and before any string equality, regex, or comparison.
- Add fuzz tests with double-encoded payloads (%252e%252e), mixed-case (
SELECT/select), Unicode look-alikes (Cyrillic 'а'), and combining marks (cafévscafé). - Verify the same canonical form is used downstream — file paths, SQL parameters, URLs, log lines.
Failure Mode
Validator passes (input looked benign), sink decodes once more (input is now malicious), exploit lands.
Loaded when retrieval picks the atom as a focal / direct hit.
InputCanonicalisedBeforeValidation [check] v0.1.0
Label
Inputs are decoded and normalised before any validation runs
Assertion
For every external input, the validator receives the value AFTER URL-decoding, percent-decoding (once), Unicode normalisation (NFC or NFKC), and any application-layer decoding (e.g. base64, JSON-from-query). The same canonical form is used by both validation and downstream sinks.
Evidence
- Trace the request path: locate the decode/normalise step; confirm it runs before the schema validator and before any string equality, regex, or comparison.
- Add fuzz tests with double-encoded payloads (%252e%252e), mixed-case (
SELECT/select), Unicode look-alikes (Cyrillic 'а'), and combining marks (cafévscafé). - Verify the same canonical form is used downstream — file paths, SQL parameters, URLs, log lines.
Failure Mode
Validator passes (input looked benign), sink decodes once more (input is now malicious), exploit lands.
Rationale
An attacker can hide a payload behind layered encodings: %2e%2e%2f looks fine to a naive regex but is ../ to the filesystem; full-width Unicode characters bypass ASCII allow-lists; mixed-case path traversal evades equality checks. If validation and the sink disagree on canonical form, the validator is decorative.
Label
Inputs are decoded and normalised before any validation runs
Assertion
For every external input, the validator receives the value AFTER URL-decoding, percent-decoding (once), Unicode normalisation (NFC or NFKC), and any application-layer decoding (e.g. base64, JSON-from-query). The same canonical form is used by both validation and downstream sinks.
Evidence
- Trace the request path: locate the decode/normalise step; confirm it runs before the schema validator and before any string equality, regex, or comparison.
- Add fuzz tests with double-encoded payloads (%252e%252e), mixed-case (
SELECT/select), Unicode look-alikes (Cyrillic 'а'), and combining marks (cafévscafé). - Verify the same canonical form is used downstream — file paths, SQL parameters, URLs, log lines.
Failure Mode
Validator passes (input looked benign), sink decodes once more (input is now malicious), exploit lands.
Source
prime-system/examples/security-appsec/primes/compiled/@security/check-input-canonicalised-before-validation/atom.yaml