You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

inputrules

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

inputrules

A robust Python library for validating and sanitizing input data with predefined rules and filters

0.0.5
pipPyPI
Maintainers
1

InputRules - Input Rules Library

Version 0.0.5 - Enhanced security and stability improvements

Is an Alpha version, develop in progress, do not use it in production

Installation

pip install inputrules
TotalLast MonthLast Week
DownloadsDownloadsDownloads

A robust Python library for validating and sanitizing input data from Forms, JSON, and HTTP Requests with predefined rules and filters.

Example

from inputrules import InputRules

#JSON Example
data = {
        "id":100,
        "data": {
            "name":"  Alvaro ",
            "lastname":" De Leon  ",
            "age":35,
            "email": "asdasd",
            "opt":"30",
            "parms":[
                10,20,30,40,50,60,70,80,90,100
            ],
            "phones": {
                "name":"Zaraza",
                "home":"123456",
                "cell":"123456"
            }
        }
    }
#Example of list of options
options = ['10','20','30','40','50']

o = InputRules(data)

o.rules("id","required,integer")
o.rules("data.name","required,string","trim,upper")
o.rules("data.lastname","required,string","trim,lower")
o.rules("data.age","required,integer")
o.rules("data.phone","string")
o.rules("data.email","string","b64encode")
o.rules("data.opt","options",options=options)
o.rules("data.phones.name","required,string")

if o.verify():
    print("Data is valid")
    data = o.data()
    print(data)

Data Validation with InputRules

InputRules provides a powerful data validation system through the InputRules class. This class allows you to validate input data in a structured way and apply filters automatically.

Importing

from inputrules import InputRules, check

Basic Usage

# Example data
data = {
    "id": 100,
    "name": "  John  ",
    "email": "john@example.com",
    "age": 25,
    "status": "active"
}

# Create InputRules instance
validator = InputRules(data)

# Define validation rules
validator.rules("id", "required,integer")
validator.rules("name", "required,string", "trim,upper")
validator.rules("email", "required,mail")
validator.rules("age", "required,integer")
validator.rules("status", "required,options", options=["active", "inactive"])

# Validate data
if validator.verify():
    print("Data is valid")
    validated_data = validator.data()
    print(validated_data)
else:
    print("Errors found:")
    for error in validator.errors():
        print(f"- {error}")

Available Validation Rules

Basic Rules

  • required: Field is required
  • string: Must be a string
  • integer: Must be an integer
  • float: Must be a decimal number
  • numeric: Must be a number (integer or decimal)
  • empty: Must be empty
  • !empty: Must not be empty
  • none: Must be None
  • !none: Must not be None

Format Rules

  • mail: Must be a valid email address
  • domain: Must be a valid domain
  • ip: Must be a valid IP address
  • uuid: Must be a valid UUID
  • options: Must be in a list of valid options

Available Filters

Filters are automatically applied to data after validation:

Text Filters

  • trim or strip: Removes whitespace from beginning and end
  • lower: Converts to lowercase
  • upper: Converts to uppercase
  • ucfirst: First letter uppercase
  • ucwords: First letter of each word uppercase

Conversion Filters

  • int or integer: Converts to integer
  • float: Converts to decimal
  • str or string: Converts to string

Encoding Filters

  • base64 or b64encode: Encodes in base64
  • b64decode: Decodes from base64
  • md5: Generates MD5 hash
  • urlencode: Encodes for URL
  • urldecode: Decodes from URL

Security Filters

  • xss or escape: Escapes HTML characters
  • sql: Sanitizes SQL input (removes dangerous SQL injection patterns)
  • htmlentities: Converts characters to HTML entities
  • htmlspecialchars: Converts special characters to HTML entities
  • striptags: Removes HTML tags
  • addslashes: Escapes quotes and backslashes
  • stripslashes: Removes backslashes

Format Filters

  • nl2br: Converts line breaks to <br>
  • br2nl: Converts <br> to line breaks
  • json: Converts to JSON

Note: The serialize and unserialize filters have been removed for security reasons.

Nested Structure Validation

InputRules supports validation of nested data structures using dot notation:

data = {
    "user": {
        "profile": {
            "name": "  Maria  ",
            "email": "maria@example.com",
            "age": 30
        },
        "settings": {
            "theme": "dark",
            "notifications": True
        }
    }
}

validator = InputRules(data)

# Validate nested fields
validator.rules("user.profile.name", "required,string", "trim,ucfirst")
validator.rules("user.profile.email", "required,mail")
validator.rules("user.profile.age", "required,integer")
validator.rules("user.settings.theme", "required,options", options=["light", "dark"])
validator.rules("user.settings.notifications", "required")

if validator.verify():
    validated_data = validator.data()
    print(validated_data)

Complete Example with Options

from inputrules import InputRules

# Form data
form_data = {
    "username": "  admin  ",
    "password": "123456",
    "email": "admin@example.com",
    "role": "admin",
    "profile": {
        "first_name": "  john  ",
        "last_name": "  doe  ",
        "age": 35,
        "country": "US"
    }
}

# Valid options
role_options = ["admin", "user", "moderator"]
country_options = ["US", "CA", "UK", "DE", "FR"]

# Create validator
validator = InputRules(form_data)

# Define rules
validator.rules("username", "required,string", "trim,lower")
validator.rules("password", "required,string", "md5")
validator.rules("email", "required,mail")
validator.rules("role", "required,options", options=role_options)
validator.rules("profile.first_name", "required,string", "trim,ucfirst")
validator.rules("profile.last_name", "required,string", "trim,ucfirst")
validator.rules("profile.age", "required,integer")
validator.rules("profile.country", "required,options", options=country_options)

# Validate
if validator.verify():
    print("✓ Valid data")
    clean_data = validator.data()
    print("Processed data:", clean_data)
else:
    print("✗ Validation errors:")
    for error in validator.errors():
        print(f"  - {error}")

check Class - Individual Validations

The check class provides static methods for validating individual values. It's useful for specific validations without needing to create a complete schema.

Importing

from inputrules import check

Validation Methods

Type Validation

# Validate if it's a string
check.string("text")        # True
check.string(123)           # False

# Validate if it's an integer
check.integer(42)           # True
check.integer(3.14)         # False

# Validate if it's a decimal
check.float(3.14)           # True
check.float(42)             # False

# Validate if it's numeric (integer or decimal)
check.numeric(42)           # True
check.numeric(3.14)         # True
check.numeric("text")       # False

State Validation

# Validate if it's empty
check.empty("")             # True
check.empty(None)           # True
check.empty(0)              # True
check.empty("text")         # False

# Validate if it's None
check.none(None)            # True
check.none("")              # False

# Validate if it's NOT None
check.notnone("text")       # True
check.notnone(None)         # False

Format Validation

# Validate email
check.mail("user@example.com")      # True
check.mail("invalid-email")         # False

# Validate domain
check.domain("example.com")         # True
check.domain("invalid..domain")     # False

# Validate IP
check.ip("192.168.1.1")            # True
check.ip("999.999.999.999")        # False

# Validate UUID
check.uuid("123e4567-e89b-12d3-a456-426614174000")  # True
check.uuid("invalid-uuid")                          # False

Options Validation

# Validate if it's in a list of options
options = ["red", "green", "blue"]
check.options("red", options)       # True
check.options("yellow", options)    # False

Validation with Multiple Rules

# Use multiple rules separated by commas
check.rules("john@example.com", "required,mail")    # True
check.rules("", "required,string")                  # False
check.rules(25, "required,integer")                 # True
check.rules("test", "required,string,!empty")       # True

Data Sanitization

# Sanitize SQL input
user_input = "'; DROP TABLE users; --"
safe_input = check.sanitize_sql(user_input)
print(safe_input)  # " DROP TABLE users "

Practical Examples

Registration Form Validation

from inputrules import check

def validate_registration(form_data):
    errors = []
    
    # Validate username
    if not check.rules(form_data.get('username'), 'required,string,!empty'):
        errors.append("Username is required and must be valid")
    
    # Validate email
    if not check.rules(form_data.get('email'), 'required,mail'):
        errors.append("Email must be a valid address")
    
    # Validate age
    if not check.rules(form_data.get('age'), 'required,integer'):
        errors.append("Age must be an integer")
    
    # Validate role
    valid_roles = ['admin', 'user', 'moderator']
    if not check.options(form_data.get('role'), valid_roles):
        errors.append("Role must be admin, user or moderator")
    
    return len(errors) == 0, errors

# Usage
form_data = {
    'username': 'john_doe',
    'email': 'john@example.com',
    'age': 28,
    'role': 'user'
}

is_valid, errors = validate_registration(form_data)
if is_valid:
    print("Valid form")
else:
    print("Errors:", errors)

Configuration Validation

from inputrules import check

def validate_config(config):
    """Validates system configuration"""
    
    # Validate database host
    if not check.rules(config.get('db_host'), 'required,string,!empty'):
        return False, "Database host is required"
    
    # Validate port
    port = config.get('db_port')
    if not check.integer(port) or port <= 0 or port > 65535:
        return False, "Port must be an integer between 1 and 65535"
    
    # Validate admin email
    admin_email = config.get('admin_email')
    if not check.mail(admin_email):
        return False, "Admin email is not valid"
    
    # Validate log level
    log_levels = ['DEBUG', 'INFO', 'WARNING', 'ERROR']
    if not check.options(config.get('log_level'), log_levels):
        return False, "Log level must be DEBUG, INFO, WARNING or ERROR"
    
    return True, "Valid configuration"

# Usage
config = {
    'db_host': 'localhost',
    'db_port': 3306,
    'admin_email': 'admin@company.com',
    'log_level': 'INFO'
}

is_valid, message = validate_config(config)
print(message)

Integration Example

from inputrules import InputRules, check

# User data
user_data = {
    'name': '  John Doe  ',
    'email': 'john@example.com',
    'age': 30,
    'status': 'active'
}

# Validate data
validator = InputRules(user_data)
validator.rules("name", "required,string", "trim,ucfirst")
validator.rules("email", "required,mail")
validator.rules("age", "required,integer")
validator.rules("status", "required,options", options=["active", "inactive"])

if validator.verify():
    # Valid data, process it
    clean_data = validator.data()
    print(f"Validated data: {clean_data}")
else:
    print("Validation errors:")
    for error in validator.errors():
        print(f"- {error}")

Security Improvements

Version 0.0.5 Security Enhancements

  • Removed unsafe serialize/unserialize filters: These filters used Python's pickle module which could execute arbitrary code with untrusted input
  • Enhanced SQL injection protection: The sql filter now removes more dangerous patterns including:
    • DROP TABLE, DELETE FROM, INSERT INTO, UPDATE SET
    • SQL comments (-- and /* */)
    • UNION SELECT attacks
    • OR 1=1 patterns
  • Improved addslashes filter: Now properly escapes single quotes, double quotes, and backslashes
  • Fixed urlencode filter: Removed double encoding issue

Empty Function Improvements

The empty() function now correctly handles all data types:

  • Collections (lists, dicts, tuples, sets): empty if length is 0
  • Booleans: False is considered a valid value, not empty
  • Numbers: 0 and 0.0 are considered empty
  • Strings: empty or whitespace-only strings are considered empty

Bug Fixes in Version 0.0.4

  • Fixed class variable sharing: Each InputRules instance now has independent variables
  • Improved error handling: Better handling of missing keys in nested structures
  • Enhanced getValue() function: Now returns None instead of raising exceptions
  • Fixed validation schema: Better handling of nested structures and missing data

This documentation provides a complete guide for using both InputRules and the check class, allowing you to validate and sanitize data robustly and securely.

Keywords

validation
sanitization
input
forms
json
security

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Open Source Maintainers Feeling the Weight of the EU’s Cyber Resilience Act

Security News

Open Source Maintainers Feeling the Weight of the EU’s Cyber Resilience Act

The EU Cyber Resilience Act is prompting compliance requests that open source maintainers may not be obligated or equipped to handle.

By Sarah Gooding  -  Jul 17, 2025