Separate potentially dangerous strings to a separate file

minimaxir / big-list-of-naughty-strings

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

MIT License

46.15k stars 2.13k forks source link

Separate potentially dangerous strings to a separate file #97

Open NedkoHristov opened 8 years ago

NedkoHristov commented 8 years ago

Reading the discussion about removing "DROP" statement from BLNS, I thought that is my be a good idea to separate potentially dangerous strings (as DROP statement, XML fork bomb, etc.) to a separate file different than blns.txt to make sure that testing will be done with no potential data-loss.

This change will be particularly useful for testing in a production environment (I'm sure that some of the users using BLNS test directly in a production environment).

mattgrande commented 8 years ago

This change will be particularly useful for testing in a production environment (I'm sure that some of the users using BLNS test directly in a production environment).

What? No, don't do that!

The whole idea of this is to have a list of dangerous strings. That's what BLNS is. There already is a list of problematic strings in an extracted file: blns.txt.

wizzwizz4 commented 6 years ago

Status Completed! The potentially dangerous strings have been left in blns.txt - the non-dangerous strings have been moved to /dev/null. If you want to test using strings that have no potential to be dangerous, use the strings contained in /dev/null.