OWASP Security Sanitization & Input Validation Enhancement

[harrisonde]

🔒 feat: OWASP Security Sanitization & Input Validation Enhancement

📋 Summary

This PR introduces comprehensive OWASP-compliant security sanitization, input validation improvements, and framework bootstrapping optimizations for the Adele framework.

✨ What's New

🛡️ Security Sanitization Module

• Complete OWASP Protection: New helpers/sanitization.go with full attack vector coverage
  • XSS Prevention (script tags, event handlers, javascript: protocols)
  • Code Injection Protection (control chars, null bytes)
  • LDAP/NoSQL Injection Defense
  • Path Traversal Security
• Flexible API: Individual sanitization functions + comprehensive Sanitize() method
• Performance Optimized: Regex patterns compiled once, efficient string processing

✅ Enhanced Input Validation

• New Validators: StringLength(), Password() strength validation
• Improved Error Messages: Better field name formatting with :attribute placeholders
• Security-First: All validators now work seamlessly with sanitization

⚡ Framework Improvements

• Bootstrap Optimization: Moved mux initialization after session setup for better order
• Cleaner Code: Improved spacing and organization in core framework files

🧪 Comprehensive Test Coverage

• 384 lines of tests: Full test suite for all sanitization functions
• Benchmark Tests: Performance testing for production readiness
• Real-world Attack Vectors: Tests against actual XSS, injection, and traversal attempts

🎯 Usage Examples

Quick Sanitization

// Sanitize all user input with one call
cleanInput := h.Sanitize(userInput)

// Or use specific protection
cleanXSS := h.CleanXSS(htmlInput)
cleanPath := h.CleanPathTraversal(filename)

Enhanced Validation

validator.StringLength("username", username, 3, 50)
validator.Password("password", password, 12) // Strong passwords

🚀 Security Benefits

• OWASP Top 10 Protection: Guards against injection attacks, XSS, and more
• Zero-Config Security: Works out of the box with sensible defaults
• Developer Friendly: Clear documentation with real-world examples
• Production Ready: Thoroughly tested with benchmarks

📝 Migration Notes

• All existing code continues to work unchanged
• New sanitization functions available immediately
• Recommended to add h.Sanitize() calls on user inputs
• No breaking changes to existing validation API

---

Security is not optional 🔐 This enhancement makes Adele applications secure by default while maintaining the developer-friendly experience you expect.