Welcome to the Linux Foundation Forum!

Knowledge Check 7.2, q2

I believe question 2 is either incorrect or, at best, confusingly worded.

You realize that the value "../" would be dangerous to allow in one of your untrusted inputs. Which of the following would be the least appropriate way to use this information?

My answer:

Include this input as an automated test case to ensure that it is rejected

Correct answer:

Write your input validation check to specifically check for and reject this value

The course repeats several times that denylist-style safety checks are less secure than allowlist-style ones. Adding an automated test ensures that the dangerous input is rejected, but could be implemented in allowlist-style or denylist-style depending on the other constraints.

Comments

  • fcioanca
    fcioanca Posts: 1,344

    The question asks which of the options presented is the least appropriate way to use the information. Please read carefully the question.

  • everjames
    everjames Posts: 2

    Which of the following would be the least appropriate way to use this information?

    You are absolutely right!

Categories

Upcoming Training