Add input validation for color format and other parameters #4

New Issue

Closed

opened 2025-07-11 15:08:24 -05:00 by b3nw · 0 comments

b3nw commented 2025-07-11 15:08:24 -05:00

Owner

Copy Link

Enhancement: Missing Input Validation

Issue Description

Several functions in the milestone and label modules lack proper input validation, which could lead to runtime errors or API failures.

Missing Validations

1. Color Format Validation (Label Module)

Location: CreateLabelFn and EditLabelFn
Issue: No validation for hex color format
Current: Accepts any string as color
Expected: Should validate hex color format (e.g., "ff0000", "00ff00")

// Suggested validation function
func isValidHexColor(color string) bool {
    if len(color) != 6 {
        return false
    }
    _, err := strconv.ParseUint(color, 16, 32)
    return err == nil
}

2. Date Format Validation (Milestone Module)

Location: CreateMilestoneFn, EditMilestoneFn, EditMilestoneByNameFn
Issue: No validation before parsing RFC3339 dates
Current: Relies on Go's time.Parse to catch invalid formats
Expected: Pre-validate date format to provide better error messages

3. Array Size Validation (Label Module)

Location: AddIssueLabelsFn, RemoveIssueLabelsFn, ReplaceIssueLabelsFn
Issue: No validation for maximum array sizes
Current: Could accept extremely large arrays
Expected: Should limit array size to prevent API abuse

4. Negative Number Validation

Location: Multiple functions with ID parameters
Issue: No validation for negative IDs
Current: Accepts negative numbers that will cause API errors
Expected: Should validate positive integers for ID parameters

Suggested Implementation

// Color validation
func validateHexColor(color string) error {
    if len(color) != 6 {
        return fmt.Errorf("color must be exactly 6 characters long")
    }
    if _, err := strconv.ParseUint(color, 16, 32); err != nil {
        return fmt.Errorf("color must be a valid hex color format (without #)")
    }
    return nil
}

// Array size validation
func validateArraySize(arr []interface{}, maxSize int, name string) error {
    if len(arr) > maxSize {
        return fmt.Errorf("%s array cannot exceed %d items", name, maxSize)
    }
    return nil
}

// Positive ID validation
func validatePositiveID(id float64, name string) error {
    if id <= 0 {
        return fmt.Errorf("%s must be a positive number", name)
    }
    return nil
}

Priority

Medium - Improves user experience and prevents runtime errors

Affected Files

• /operation/label/label.go
• /operation/milestone/milestone.go

# Enhancement: Missing Input Validation ## Issue Description Several functions in the milestone and label modules lack proper input validation, which could lead to runtime errors or API failures. ## Missing Validations ### 1. Color Format Validation (Label Module) **Location**: `CreateLabelFn` and `EditLabelFn` **Issue**: No validation for hex color format **Current**: Accepts any string as color **Expected**: Should validate hex color format (e.g., "ff0000", "00ff00") ```go // Suggested validation function func isValidHexColor(color string) bool { if len(color) != 6 { return false } _, err := strconv.ParseUint(color, 16, 32) return err == nil } ``` ### 2. Date Format Validation (Milestone Module) **Location**: `CreateMilestoneFn`, `EditMilestoneFn`, `EditMilestoneByNameFn` **Issue**: No validation before parsing RFC3339 dates **Current**: Relies on Go's time.Parse to catch invalid formats **Expected**: Pre-validate date format to provide better error messages ### 3. Array Size Validation (Label Module) **Location**: `AddIssueLabelsFn`, `RemoveIssueLabelsFn`, `ReplaceIssueLabelsFn` **Issue**: No validation for maximum array sizes **Current**: Could accept extremely large arrays **Expected**: Should limit array size to prevent API abuse ### 4. Negative Number Validation **Location**: Multiple functions with ID parameters **Issue**: No validation for negative IDs **Current**: Accepts negative numbers that will cause API errors **Expected**: Should validate positive integers for ID parameters ## Suggested Implementation ```go // Color validation func validateHexColor(color string) error { if len(color) != 6 { return fmt.Errorf("color must be exactly 6 characters long") } if _, err := strconv.ParseUint(color, 16, 32); err != nil { return fmt.Errorf("color must be a valid hex color format (without #)") } return nil } // Array size validation func validateArraySize(arr []interface{}, maxSize int, name string) error { if len(arr) > maxSize { return fmt.Errorf("%s array cannot exceed %d items", name, maxSize) } return nil } // Positive ID validation func validatePositiveID(id float64, name string) error { if id <= 0 { return fmt.Errorf("%s must be a positive number", name) } return nil } ``` ## Priority **Medium** - Improves user experience and prevents runtime errors ## Affected Files - `/operation/label/label.go` - `/operation/milestone/milestone.go`

b3nw referenced this issue 2025-07-11 15:08:46 -05:00

Refactor duplicate array processing logic into helper functions #5

b3nw added the enhancementlabel-managementmilestone-management labels 2025-07-11 15:08:53 -05:00

b3nw closed this issue 2025-07-11 15:27:46 -05:00

This repo is archived. You cannot comment on issues.

No Branch/Tag Specified

Branches Tags

main

network-mode-v0.3.0

combined-server

feature/milestone-label-management

v0.4.0

v0.3.0

v0.2.0

v0.1.9

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

bug

Something isn't working

enhancement

New feature or request

feature

New feature implementation

label-management

Related to label functionality

milestone-management

Related to milestone functionality

No Label enhancement label-management milestone-management

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

b3nw

No Assignees

1 Participants

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: b3nw/gitea-mcp#4