Improve input sanitization and test coverage for name query param #4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: nofarblue <[email protected]>
Copilot
AI
changed the title
Copilot finished work on behalf of
nofarblue
July 14, 2025 09:41
nofarblue
approved these changes
Jul 14, 2025
|
@copilot continue working on this PR
|
Co-authored-by: nofarblue <[email protected]>
Updated the README with comprehensive documentation. Expanded from 29 to 276 lines including project features, security enhancements, installation guides, API documentation, testing details, Docker deployment, CI/CD info, and contributing guidelines. Commit: 615fcee |
Copilot finished work on behalf of
nofarblue
July 20, 2025 12:26
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR hardens the input handling for the
namequery parameter to improve security, logging safety, and user experience.Changes Made
Input Validation in
CreateGreetingstrings.TrimSpace()to remove leading/trailing whitespace"Hello, Guest"for empty strings after trimmingunicode.IsControl()Logging Safety in HTTP Handler
nameparameter before logging to remove control characters"<empty>"in logs for empty names instead of blank entriesComprehensive Test Coverage
Added 8 new test functions covering all edge cases:
TestGreeting_WhitespaceOnly: Whitespace-only names → "Hello, Guest"TestGreeting_LongName: Names >100 chars → proper truncationTestGreeting_NewlineInjection: Control characters → safely removedTestGreeting_SpecialSymbols: Special symbols like!@#→ preserved correctlyTestGreeting_TrimWhitespace: Leading/trailing spaces → properly trimmedTestSanitizeControlChars: Unit test for control character removalTestSanitizeForLogging: Unit test for logging sanitizationBefore/After Examples
Whitespace handling:
Security improvements:
Length limiting:
All tests pass (10/10) and manual verification confirms the server correctly handles malicious inputs, logging is safe, and UX is improved.
Fixes #3.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.