Hello,
Recently, we performed a penetration testing for our Vault cluster. We are using official Helm chart to deploy it in an OpenShift cluster, and are currently at v1.18.3.
One of the findings is as following:
"
Insufficient input filtering can result in unexpected or undesirable behavior, such as injecting meta-characters into a web application. This can lead to security vulnerabilities like SQL injection or cross-site scripting (XSS). Additionally, even if it does not directly cause a security issue, allowing unexpected characters can lead to processing errors in subsequent steps of the application, potentially impacting its functionality and reliability.
"
Their recommendation is: “to validate and sanitize all incoming data to ensure it adheres to expected formats and does not contain malicious or unexpected characters.”
I am not quite sure about this, but how can we achieve this? Is there any feature in Vault that validates input in order to prevent such scenarios?
Thanks!