Harden event catalog ingestion#34
Merged
Merged
Conversation
Extract focused runtime and agent-safety hardening inspired by PR #32. Co-authored-by: Jose Luis Latorre Millas <9831011+joslat@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens Microsoft event catalog ingestion in @microsoft/events-cli and updates the associated skill/plugin metadata to reduce security and runtime risk from untrusted remote/catalog inputs and local cache tampering.
Changes:
- Added a “safe fetch” wrapper with timeout, response-size limiting, JSON Content-Type validation, and host allow-listing; added additional cache shape validation and debug diagnostics.
- Sanitized untrusted catalog fields during normalization and output formatting to mitigate terminal escape/control-sequence injection, and tightened session normalization rules.
- Hardened cache I/O with atomic writes and
nextCheckAtcapping; validated--limitas a strict positive integer with clamping and messaging; updated skill guidance and bumped versions.
Reviewed changes
Copilot reviewed 21 out of 22 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| skills/microsoft-build/SKILL.md | Bumps skill version and documents “catalog as untrusted data” guidance for agents. |
| cli/test/validate.test.ts | Adds tests for cache/session shape validators. |
| cli/test/sanitize.test.ts | Adds tests for control-sequence stripping behavior. |
| cli/test/normalize.test.ts | Adds tests for sanitization, field caps, session-code validation, and prototype safety during normalization. |
| cli/test/limit.test.ts | Adds tests for strict --limit validation and clamping behavior. |
| cli/test/http.test.ts | Adds tests for safe fetch behaviors (host allow-list, timeouts, byte caps, content-type checks, etc.). |
| cli/test/format.test.ts | Adds tests ensuring output formatting strips control sequences and avoids “Invalid Date” output. |
| cli/test/cache.test.ts | Extends cache tests for malformed cache handling, atomic write behavior, nextCheckAt capping, and stale-cache fallback scenarios. |
| cli/src/output/format.ts | Sanitizes session fields at formatting time for both human and JSON output; improves date rendering for malformed timestamps. |
| cli/src/log.ts | Introduces a debug logging helper gated by MSEVENTS_DEBUG. |
| cli/src/index.ts | Switches sessions command to strict --limit validation instead of parseInt. |
| cli/src/data/validate.ts | Adds runtime validators for raw sessions, cache meta, and cached session arrays. |
| cli/src/data/sanitize.ts | Adds control-sequence stripping utility used across normalization/formatting. |
| cli/src/data/normalize.ts | Sanitizes/limits untrusted text, validates session codes, ignores prototype-chain displayValue, and skips non-object catalog entries. |
| cli/src/data/http.ts | Adds safeFetchJson with timeout/size/content-type checks and host allow-listing. |
| cli/src/data/cache.ts | Uses safe fetch, validates cache shapes on read, adds atomic writes, adds debug diagnostics, and caps far-future nextCheckAt. |
| cli/src/commands/common.ts | Implements strict --limit validation with clamping and stderr messaging. |
| cli/README.md | Documents new environment variables for fetch/caching/debugging hardening. |
| cli/package.json | Bumps CLI package version to 0.3.0. |
| cli/package-lock.json | Updates lockfile package version metadata. |
| .github/plugin/plugin.json | Bumps plugin manifest version. |
| .claude-plugin/plugin.json | Bumps plugin manifest version (kept in sync with GitHub Copilot manifest). |
Files not reviewed (1)
- cli/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Coerce cached sessions into the known output shape instead of requiring an exact schema match, so missing or future fields do not invalidate otherwise safe cache entries. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Keep the PR focused on fetch safety, atomic cache writes, strict limit validation, and agent guidance by removing allow-listing, cache schema coercion, output sanitization, debug logging, and nextCheckAt capping. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Release non-2xx and 304 response bodies without buffering them. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
Thanks for the quote - and impressed on the fast progress of this!! - super happy to have done a tiny contribution to the BUILD-cli, @TianqiZhang |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extracts a focused subset of runtime and agent-safety hardening inspired by #32:
--limitas a full positive integer and clamp large valuesIntentionally left out broader or higher-maintenance changes from #32, including redirect allow-listing, cache schema coercion, output sanitization, debug logging, release workflow changes, Dependabot, Actions SHA pinning, CI pin gates, and large security review/fix-plan docs.
Thanks to @joslat for the original security review and implementation proposal in #32. Key implementation pieces are co-authored with him in the commit trailer.
Validation
npm run buildnpm testnpm run smoke:fixturenode .\\dist\\index.js sessions --query AI --event build-2026 --limit 1 --json