Deep application boundary validation for zero trust code development

A good rule when developing code, in any situation, is to not trust inputs. Regardless where the input is coming from, internally within the code from other functions or externally from users or others systems. The default line of thinking should be, the input we receive is incorrect.

Writing your code in a defensive manner will increase the resilience against incorrect inputs and ensure valid error handling. One of the examples where you might want to validate inputs is when reading a .JSON file. Regardless of the fact if this file is generate by your own code or by an external party, it should not be trusted until validated.

One of the first steps when handling a JSON file is, checking if this is a valid JSON file. The below example function will take an input and validate if the provided data is a valid JSON structure.

import json

def validate_json(json_data):
    try:
        json_object = json.loads(json_data)
    except ValueError as e:
        return False
    return True

We can use the above function in the validation process. Below is an example on how we will call the validate_json function to validate the input and check if it is a valid JSON structure.

with open('example.json', 'r') as f:
    json_data = f.read()…