Welcome to the Linux Foundation Forum!

Knowledge Check 7.2, q2

I believe question 2 is either incorrect or, at best, confusingly worded.

You realize that the value "../" would be dangerous to allow in one of your untrusted inputs. Which of the following would be the least appropriate way to use this information?

My answer:

Include this input as an automated test case to ensure that it is rejected

Correct answer:

Write your input validation check to specifically check for and reject this value

The course repeats several times that denylist-style safety checks are less secure than allowlist-style ones. Adding an automated test ensures that the dangerous input is rejected, but could be implemented in allowlist-style or denylist-style depending on the other constraints.

Comments

  • Posts: 2,296

    The question asks which of the options presented is the least appropriate way to use the information. Please read carefully the question.

  • Which of the following would be the least appropriate way to use this information?

    You are absolutely right!

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training