Sanitize subprocess output in run_validate_workflows.cjs (SEC-004)

[Copilot]

run_validate_workflows.cjs embeds raw gh aw compile --validate stdout/stderr into GitHub issue and comment bodies without sanitization. Malformed tool output could escape the code fence or inject unexpected Markdown/HTML.

Changes

• Import the shared sanitizeContent helper (used by 30+ other handlers) and apply it to truncatedOutput before embedding in both the comment body (existing issue path) and issue body (new issue path)
• Add tests verifying @mention neutralization in both code paths

const { sanitizeContent } = require("./sanitize_content.cjs");

const truncatedOutput = combinedOutput.substring(0, 50000) + ...;
const sanitizedOutput = sanitizeContent(truncatedOutput);
// sanitizedOutput used in template instead of truncatedOutput

[Copilot]

Pull request overview

This PR aims to prevent Markdown/HTML injection when run_validate_workflows.cjs posts gh aw compile --validate output into GitHub issue/comment bodies by sanitizing the embedded output.

Changes:

• Import and apply the shared sanitizeContent helper to the truncated validator output before embedding it in issue/comment templates.
• Add Vitest coverage to ensure @mentions in output are neutralized in both “new issue” and “existing issue comment” paths.

Show a summary per file

File	Description
actions/setup/js/run_validate_workflows.cjs	Sanitizes truncated subprocess output before embedding in issue/comment Markdown.
actions/setup/js/run_validate_workflows.test.cjs	Adds tests asserting @mention neutralization in both posting paths.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 3

[Copilot]

The validation output is embedded inside a triple-backtick fenced code block. If the subprocess output itself contains a bare fence line like "```" (or "~~~"), it can prematurely close the outer fence and escape the intended code region. sanitizeContent() balances markdown fences but does not neutralize/escape fence delimiters, so this is still exploitable for Markdown injection. Consider switching the wrapper to a longer fence length (the repo uses 6 backticks for untrusted content; see `actions/setup/js/log_parser_shared.cjs:1006-1013`) or otherwise ensure fence sequences in the output cannot terminate the wrapper fence.

[Copilot]

sanitizeContent(truncatedOutput) is called without a maxLength, and sanitization can expand the string (e.g., wrapping many @mentions in backticks, balancing fences). That means the final issue/comment body can exceed GitHub's size limits even though you pre-truncate to 50k. To keep the post size bounded, pass an explicit maxLength to sanitizeContent (e.g., 50k) and/or perform truncation after sanitization so the sanitized string is what gets size-limited.

Suggested change

	const truncatedOutput = combinedOutput.substring(0, 50000) + (combinedOutput.length > 50000 ? "\n\n... (output truncated)" : "");
	const sanitizedOutput = sanitizeContent(truncatedOutput);
	const maxOutputLength = 50000;
	const truncatedOutput = combinedOutput.substring(0, maxOutputLength) + (combinedOutput.length > maxOutputLength ? "\n\n... (output truncated)" : "");
	const sanitizedOutput = sanitizeContent(truncatedOutput, maxOutputLength);

[Copilot]

The new tests only assert that @mentions are neutralized, but the PR description calls out code-fence escaping/Markdown injection as the main risk. Add a regression test where the tool output contains a bare fence line (e.g., "```\n...") and verify the created issue/comment body still keeps the output confined (for example by using a longer wrapper fence or escaping fence delimiters).

[github-actions]

🧪 Test Quality Sentinel Report

Test Quality Score: 80/100

✅ Excellent test quality

Metric	Value
New/modified tests analyzed	2
✅ Design tests (behavioral contracts)	2 (100%)
⚠️ Implementation tests (low value)	0 (0%)
Tests with error/edge cases	2 (100%)
Duplicate test clusters	0
Test inflation detected	⚠️ Yes (47 test lines / 5 prod lines = 9.4x — see note below)
🚨 Coding-guideline violations	0

---

Test Classification Details

📋 Per-test classification (2 tests)

Test	File	Classification	Issues Detected
should sanitize output containing @mentions in new issue body	actions/setup/js/run_validate_workflows.test.cjs	✅ Design	None — verifies observable security behavior in new issue body
should sanitize output containing @mentions in comment body	actions/setup/js/run_validate_workflows.test.cjs	✅ Design	None — verifies observable security behavior in existing issue comment

---

Test Analysis

Both new tests target the SEC-004 sanitization behavior added in run_validate_workflows.cjs. They correctly simulate command output containing @malicious-user and assert that the constructed issue/comment body does not contain unsanitized @mention text — verifying the behavioral contract that subprocess output cannot trigger GitHub notifications.

Mocking assessment: The tests mock global.core, global.exec, global.github, and global.context — all GitHub Actions runtime globals. This is legitimate external-I/O mocking; the business logic under test (sanitization of subprocess content) runs un-mocked. ✅

Error coverage: Both tests drive an error path (exec returns exit code 1) which exercises the code paths that produce issues/comments. Full credit. ✅

Coverage gap noted: The tests cover @mention neutralization but do not cover other possible injection vectors (e.g., #issue-ref, backtick injection, or HTML in subprocess output). Depending on what sanitizeContent actually neutralizes, additional tests for those patterns could strengthen the contract. This is a suggestion only, not a blocker.

---

Inflation Note

The 9.4x test-to-production ratio (47 test lines / 5 production lines) technically triggers the inflation flag, but this is contextually justified: the production change is minimal (calling an already-existing sanitizeContent helper in two places), while proper security coverage requires end-to-end tests for both affected code paths (new issue creation and comment-on-existing-issue). The tests are not inflated in spirit.

---

Language Support

Tests analyzed:

• 🐹 Go (*_test.go): 0 tests
• 🟨 JavaScript (*.test.cjs): 2 tests (vitest)

---

Verdict

✅ Check passed. 0% of new tests are implementation tests (threshold: 30%). Both new tests enforce the behavioral security contract that subprocess output is sanitized before being written to GitHub issues/comments.

---

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

• Assert on observable outputs, return values, or state changes
• Cover error paths and boundary conditions
• Would catch a behavioral regression if deleted
• Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

• Assert on internal function calls (mocking internals)
• Only test the happy path with typical inputs
• Break during legitimate refactoring even when behavior is correct
• Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

🧪 Test quality analysis by Test Quality Sentinel · ● 547.5K · ◷

[github-actions]

✅ Test Quality Sentinel: 80/100. Test quality is excellent — 0% of new tests are implementation tests (threshold: 30%). Both new tests enforce the behavioral security contract for SEC-004 sanitization.