$ loading_
帮助用户系统检查外部输入有效性,降低错误、异常与安全风险。
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "Validating Inputs" 技能: 1. 下载 https://raw.githubusercontent.com/obra/clank/main/skills/coding/validating-inputs/SKILL.md 2. 保存为 ~/.claude/skills/validating-inputs/SKILL.md 3. 装好后重载技能,告诉我可以用了
请为一个用户注册 API 设计完整的输入校验方案,覆盖邮箱、密码、用户名、手机号的格式校验、长度限制、必填规则、错误提示与服务端兜底校验,并给出示例代码。
一套结构化的参数校验规则、错误处理建议和可落地的示例代码。
我有一个 CSV 导入流程,请帮我列出需要验证的输入项,包括空值、字段类型、日期格式、重复记录、异常字符和越界数值,并输出校验清单与处理策略。
面向数据导入场景的校验清单,以及对应的异常处理与拦截策略。
请检查一个 Web 表单可能存在的输入风险,重点关注 SQL 注入、脚本注入、路径遍历和非法文件上传,并给出输入校验与过滤建议。
一份输入安全风险清单,附带针对性的校验、过滤和防护建议。
Professional-grade software never outputs garbage regardless of what it receives. "Garbage in, garbage out" is the mark of sloppy, insecure code.
Core principle: Check all data from external sources. Validate all routine parameters from untrusted sources. Decide consciously how to handle invalid data.
Modern standard: "Garbage in, nothing out" OR "Garbage in, error message out" OR "No garbage allowed in"
Violating the letter of this rule is violating the spirit of defensive programming.
Always use when writing functions that receive:
Warning signs you need this:
Don't skip when:
Use for: Conditions that indicate bugs in YOUR code
def calculate_velocity(distance: float, time: float) -> float:
# Preconditions: These should NEVER be violated if caller is correct
assert distance >= 0, "distance cannot be negative"
assert time > 0, "time must be positive"
result = distance / time
# Postcondition: Result should be reasonable
assert result >= 0, f"velocity cannot be negative: {result}"
return result
Assertions are:
Use for: Conditions you expect might occur in production
def calculate_average_score(scores: list[float]) -> float:
"""Calculate average of test scores (must be 0-100)."""
# Error handling: Validate external data
if scores is None:
raise ValueError("scores cannot be None")
if not scores:
raise ValueError("Cannot calculate average of empty score list")
# Validate each score
for i, score in enumerate(scores):
if not isinstance(score, (int, float)):
raise TypeError(f"Score {i} is not a number: {score}")
if score < 0 or score > 100:
raise ValueError(f"Score {i} out of range [0-100]: {score}")
result = sum(scores) / len(scores)
# Postcondition: Verify result is valid
assert 0 <= result <= 100, f"Calculated average out of range: {result}"
return result
Error handling:
| Situation | Approach | Example |
|---|---|---|
| External data | Validate everything | Check ranges, types, formats, lengths |
| Routine parameters | Check if from untrusted source | Validate or document assumptions |
| Internal invariants | Assert they hold | Assert postconditions, state assumptions |
| Null/None | Check explicitly | if value is None: raise ValueError() |
| Empty collections | Decide if valid or error | Empty list error or return default? |
| Type mismatches | Check with isinstance | if not isinstance(score, (int, float)) |
| Range violations | Check bounds | if score < 0 or score > 100 |
…
帮助你为变量选择清晰准确、易维护的命名,提升代码可读性。
在提交前验证代码变更,并检查是否满足 React 贡献要求。