fix(sec-004): sanitize body field in assign_to_agent.cjs#22619
fix(sec-004): sanitize body field in assign_to_agent.cjs#22619
Conversation
…nt.cjs Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/e0eae109-12f4-4437-a8c3-6d3929bd3f78
There was a problem hiding this comment.
Pull request overview
Addresses SEC-004 Safe Outputs compliance by sanitizing the GitHub issue/PR failure comment body generated by assign_to_agent.cjs, preventing user-influenced error content from being posted unsanitized.
Changes:
- Import
sanitizeContentinactions/setup/js/assign_to_agent.cjs. - Wrap the failure comment
bodypassed togithub.rest.issues.createCommentwithsanitizeContent(...).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
actions/setup/js/assign_to_agent.cjs
Outdated
| repo: r.repo, | ||
| issue_number: failedNumber, | ||
| body: `⚠️ **Assignment failed**: Failed to assign ${r.agent} coding agent to this ${failedType}.\n\nError: ${r.error}`, | ||
| body: sanitizeContent(`⚠️ **Assignment failed**: Failed to assign ${r.agent} coding agent to this ${failedType}.\n\nError: ${r.error}`), |
There was a problem hiding this comment.
When posting the failure comment, the sanitized string can still exceed GitHub’s issue comment body limit (65536). Other callers cap this (e.g., handle_agent_failure.cjs uses sanitizeContent(..., { maxLength: 65000 })). Consider passing an explicit maxLength (or enforcing comment limits) here to avoid createComment failing on unusually large error messages.
| body: sanitizeContent(`⚠️ **Assignment failed**: Failed to assign ${r.agent} coding agent to this ${failedType}.\n\nError: ${r.error}`), | |
| body: sanitizeContent( | |
| `⚠️ **Assignment failed**: Failed to assign ${r.agent} coding agent to this ${failedType}.\n\nError: ${r.error}`, | |
| { maxLength: 65000 } | |
| ), |
actions/setup/js/assign_to_agent.cjs
Outdated
| repo: r.repo, | ||
| issue_number: failedNumber, | ||
| body: `⚠️ **Assignment failed**: Failed to assign ${r.agent} coding agent to this ${failedType}.\n\nError: ${r.error}`, | ||
| body: sanitizeContent(`⚠️ **Assignment failed**: Failed to assign ${r.agent} coding agent to this ${failedType}.\n\nError: ${r.error}`), |
There was a problem hiding this comment.
This change introduces a security-relevant behavior (sanitizing the failure comment body), but the existing unit tests only assert that a failure comment is posted, not that potentially dangerous content is neutralized. Please add a test case in assign_to_agent.test.cjs that makes r.error include something like an @mention and/or leading slash-command and asserts the posted comment body contains the sanitized/escaped form.
|
@copilot apply comments |
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/7eab21e8-ac57-4ae9-8dfb-570e171cc136
Applied both reviewer comments in commit
|
assign_to_agent.cjswas posting failure comments to GitHub issues/PRs with an unsanitizedbodyfield containingr.error— potentially user-influenced content — violating SEC-004 of the Safe Outputs specification.Changes
actions/setup/js/assign_to_agent.cjs: ImportsanitizeContentfromsanitize_content.cjs, wrap the failure comment body withsanitizeContent(..., { maxLength: 65000 })before it is passed togithub.rest.issues.createComment, capping it at GitHub's comment size limit.actions/setup/js/assign_to_agent.test.cjs: Added a test caseshould sanitize dangerous content in failure comment bodythat injects an@mentionand an HTML comment intor.errorand asserts the mention is neutralized and the HTML comment is stripped from the posted body.💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.