Input Validation and Sanitization Middleware

> Labels: middleware, security, validation, high-priority

### Description:
Build a comprehensive input validation and sanitization middleware to prevent injection attacks, XSS, and invalid data from reaching controllers.

### Requirements:

- Validate request body, query parameters, and URL parameters
- Sanitize string inputs to remove/escape dangerous characters
- Validate data types (strings, numbers, booleans, arrays, objects)
- Enforce length constraints (min/max length for strings)
- Validate email formats, URLs, and other special formats
- Check for SQL injection patterns and reject malicious input
- Prevent XSS attacks by escaping HTML entities
- Validate against JSON schemas for complex objects
- Strip null bytes and control characters
- Normalize Unicode characters to prevent homograph attacks
- Support custom validation rules per route
- Return 400 Bad Request with detailed validation errors
- Integration with class-validator for DTO validation

### Acceptance Criteria:

- [ ] All user inputs validated before reaching business logic
- [ ] Common injection patterns (SQL, NoSQL, command injection) blocked
- [ ] XSS payloads neutralized through proper escaping
- [ ] Invalid data types rejected with clear error messages
- [ ] String length limits enforced as per schema
- [ ] Email and URL formats validated correctly
- [ ] Validation errors return descriptive messages for debugging
- [ ] Custom validation rules easily added per endpoint
- [ ] Performance optimized for high request volumes
- [ ] No false positives blocking legitimate user input

### Validation Types:

- String validation (length, pattern, allowed characters)
- Number validation (min, max, integer vs float)
- Email validation (RFC 5322 compliance)
- URL validation (valid protocol, domain)
- Date validation (ISO 8601 format)
- Array validation (element types, min/max items)
- Object schema validation (required fields, nested objects)
- Enum validation (value must be in predefined set)

### Attack Patterns to Block:

SQL injection: '; DROP TABLE users; --
NoSQL injection: {"$gt": ""}
XSS: <script>alert('xss')</script>
Command injection: ; rm -rf /
Path traversal: ../../etc/passwd
Null byte injection: file.txt\0.png

### Error Response Format:

```json
{
  statusCode: 400,
  message: "Validation failed",
  errors: [
    { field: "email", message: "Invalid email format" },
    { field: "password", message: "Must be at least 8 characters" }
  ]
}
```

NOTE: ALL SHOULD BE IMPLEMENTED IN THE MIDDLEWARE FOLDER/REPO

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Input Validation and Sanitization Middleware #315

Description:

Requirements:

Acceptance Criteria:

Validation Types:

Attack Patterns to Block:

Error Response Format:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Input Validation and Sanitization Middleware #315

Description

Description:

Requirements:

Acceptance Criteria:

Validation Types:

Attack Patterns to Block:

Error Response Format:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions