Skip to content

[#34] feat: add input validation for component_id and area_id parameters #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mfaferek93 merged 2 commits into from
Nov 28, 2025
Merged

[#34] feat: add input validation for component_id and area_id parameters #39

mfaferek93 merged 2 commits into from
Nov 28, 2025

Conversation

@mfaferek93
Copy link
Collaborator

@mfaferek93 mfaferek93 commented Nov 26, 2025
edited
Loading

Pull Request

Summary

Add validation to REST API endpoints enforcing ROS 2 naming conventions
(alphanumeric, underscore, forward slash). Rejects invalid input with
400 Bad Request and descriptive error messages. Improves security by
blocking special characters and preventing injection attempts.

Issue

Link the related issue (required):

Type

  • Bug fix
  • New feature or tests
  • Breaking change
  • Documentation only

Testing

How was this tested / how should reviewers verify it?

Checklist

  • Breaking changes are clearly described (and announced in docs / changelog if needed)
  • Tests were added or updated if needed
  • Docs were updated if behavior or public API changed

@mfaferek93 mfaferek93 self-assigned this Nov 26, 2025
@mfaferek93 mfaferek93 added enhancement New feature or request milestone-1 labels Nov 26, 2025
@mfaferek93 mfaferek93 linked an issue Nov 26, 2025 that may be closed by this pull request
TODO Add input validation for component_id #34
Closed
@mfaferek93 mfaferek93 requested a review from Copilot November 26, 2025 20:59
Copilot AI reviewed Nov 26, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds input validation for component_id and area_id parameters in REST API endpoints to enforce ROS 2 naming conventions and improve security. The implementation introduces a new validate_entity_id() helper function that validates entity IDs against a whitelist of allowed characters (alphanumeric, underscore, forward slash) and rejects invalid input with descriptive 400 Bad Request error responses.

Key Changes:

  • Added validate_entity_id() helper function with character whitelist validation and length limits
  • Applied validation to both /areas/{area_id}/components and /components/{component_id}/data endpoints
  • Removed TODO comment about input validation in handle_component_data

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 8 comments.

File Description
src/ros2_medkit_gateway/src/rest_server.cpp Implements validation function and integrates it into area_components and component_data handlers
src/ros2_medkit_gateway/include/ros2_medkit_gateway/rest_server.hpp Declares validate_entity_id helper method in RESTServer class

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mfaferek93 mfaferek93 force-pushed the 34/feat/input_validation_for_component_id branch from cb02d3f to 0238d2f Compare November 26, 2025 21:13
@mfaferek93 mfaferek93 requested a review from Copilot November 26, 2025 21:14
Copilot AI reviewed Nov 26, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mfaferek93 mfaferek93 force-pushed the 34/feat/input_validation_for_component_id branch from 0238d2f to 4745f7a Compare November 27, 2025 19:55
[#34] feat: add input validation for component_id and area_id parameters
5866028 
  Add validation to REST API endpoints enforcing ROS 2 naming conventions
  (alphanumeric, underscore, forward slash). Rejects invalid input with
  400 Bad Request and descriptive error messages. Improves security by
  blocking special characters and preventing injection attempts.
@mfaferek93 mfaferek93 force-pushed the 34/feat/input_validation_for_component_id branch from 4745f7a to 5866028 Compare November 27, 2025 20:01
@mfaferek93 mfaferek93 requested a review from Copilot November 27, 2025 20:06
Copilot AI reviewed Nov 27, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mfaferek93 mfaferek93 requested a review from bburda November 27, 2025 20:26
bburda
bburda reviewed Nov 27, 2025
View reviewed changes
bburda
bburda reviewed Nov 27, 2025
View reviewed changes
bburda
bburda reviewed Nov 27, 2025
View reviewed changes
@mfaferek93 mfaferek93 requested a review from bburda November 28, 2025 14:43
[#34] fix: use C++23 std::expected and httplib status enums
1a5f3ba 
  - Upgrade to C++23 for std::expected support
  - Refactor validate_entity_id to return std::expected<void, std::string>
  - Replace magic numbers with httplib::StatusCode enums
@mfaferek93 mfaferek93 force-pushed the 34/feat/input_validation_for_component_id branch from c2f9445 to 1a5f3ba Compare November 28, 2025 16:48
bburda
bburda approved these changes Nov 28, 2025
View reviewed changes
Copy link
Collaborator

@bburda bburda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@mfaferek93 mfaferek93 merged commit 44ac9f9 into main Nov 28, 2025
3 checks passed
mfaferek93 added a commit that referenced this pull request Nov 28, 2025
@mfaferek93
[#34] feat: add input validation for component_id and area_id paramet…
52b9af4 
…ers (#39)

* [#34] feat: add input validation for component_id and area_id parameters

  Add validation to REST API endpoints enforcing ROS 2 naming conventions
  (alphanumeric, underscore, forward slash). Rejects invalid input with
  400 Bad Request and descriptive error messages. Improves security by
  blocking special characters and preventing injection attempts.

* [#34] fix: use C++23 std::expected and httplib status enums

  - Upgrade to C++23 for std::expected support
  - Refactor validate_entity_id to return std::expected<void, std::string>
  - Replace magic numbers with httplib::StatusCode enums

---------

Co-authored-by: Michał Fąferek <michal.faferek@42dot.ai>
@mfaferek93 mfaferek93 deleted the 34/feat/input_validation_for_component_id branch December 6, 2025 20:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bburda bburda bburda approved these changes

Assignees

@mfaferek93 mfaferek93

Labels

enhancement New feature or request milestone-1

Projects

None yet

Milestone

MS1: Full Discovery & Data Access

Development

Successfully merging this pull request may close these issues.

TODO Add input validation for component_id

2 participants

@mfaferek93 @bburda