tessl-labs/flask-security-basics
Security essentials for Flask APIs — CORS, Talisman security headers, rate
99
94%
Does it follow best practices?
Impact
100%
1.17xAverage score across 10 eval scenarios
Passed
No known issues
task.mdevals/scenario-1/
Task: Add Input Validation to a Flask POST Endpoint
You are given a Flask route that accepts JSON to create a book record. It currently does no input validation. Your job is to add robust validation.
Starting Point
Create the file bookstore.py with the following content:
from flask import Flask, request, jsonify
app = Flask(__name__)
@app.route('/books', methods=['POST'])
def create_book():
data = request.get_json()
# TODO: add validation
title = data['title']
author = data['author']
year = data['year']
tags = data['tags']
return jsonify({'title': title, 'author': author, 'year': year, 'tags': tags}), 201
if __name__ == '__main__':
app.run()Field Rules
| Field | Type | Constraints |
|---|---|---|
title | string | Required, non-empty after stripping whitespace, max 200 chars |
author | string | Required, non-empty after stripping whitespace, max 100 chars |
year | int | Required, must be an integer between 1000 and 2100 inclusive |
tags | list | Required, must be a list, may be empty, each element must be a non-empty string |
Error Handling
When validation fails, the endpoint must return a JSON response with HTTP status 400. The response body must contain at least a "error" key with a human-readable message describing what went wrong.
When the request body is not valid JSON (or is absent), the endpoint must also return 400 with an appropriate error message.
Deliverables
bookstore.py— updated with full input validation as described above.
Do not add a database, authentication, or any other features. Focus only on the validation logic.
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
skills
flask-security-basics
verifiers