Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Make MinLength required on GenerateParameterDefault #13641

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
afscrome wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Make MinLength required on GenerateParameterDefault #13641

afscrome wants to merge 1 commit into from

Conversation

@afscrome
Copy link
Contributor

@afscrome afscrome commented Dec 18, 2025

Description

Marked MinLength as a required property, and make it throw if you try to set the Min Length to an invalid (zero/negative) value.

Marking this property required is a breaking change, however if you forget to set this value, it will currently generate an insecure password of length zero, which almost certainly a mistake.

An alternative to avoid the breaking change would be to set a default value (e.g. 16).

Fixes #10570

Checklist

  • Is this feature complete?
    • Yes. Ready to ship.
    • No. Follow-up changes expected.
  • Are you including unit tests for the changes and scenario tests if relevant?
    • Yes
    • No
  • Did you add public API?
    • Yes
      • If yes, did you have an API Review for it?
        • Yes
        • No
      • Did you add <remarks /> and <code /> elements on your triple slash comments?
        • Yes
        • No
    • No
  • Does the change make any security assumptions or guarantees?
    • Yes
      • If yes, have you done a threat model and had a security review?
        • Yes
        • No
    • No
  • Does the change require an update in our Aspire docs?

Copilot AI review requested due to automatic review settings December 18, 2025 17:03
@github-actions
Copy link
Contributor

github-actions bot commented Dec 18, 2025
edited
Loading

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 13641

Or

  • Run remotely in PowerShell:
iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 13641"

@dotnet-policy-service dotnet-policy-service bot added the community-contribution Indicates that the PR has been added by a community member label Dec 18, 2025
@afscrome afscrome force-pushed the generate-default-length branch from 8dd5bb7 to 85e90fc Compare December 18, 2025 17:06
@afscrome afscrome requested a review from mitchdenny as a code owner December 18, 2025 17:06
Copilot AI reviewed Dec 18, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances security by making the MinLength property on GenerateParameterDefault required and adding validation to prevent setting it to zero or negative values. This is a breaking change designed to prevent the generation of insecure zero-length passwords when developers forget to set this property.

Key changes:

  • Made MinLength property required to enforce explicit specification
  • Added setter validation that throws ArgumentOutOfRangeException for invalid values (≤ 0)

src/Aspire.Hosting/ApplicationModel/ParameterDefault.cs Outdated
get;
set
{
ArgumentOutOfRangeException.ThrowIfLessThanOrEqual(0, value);
Copy link

Copilot AI Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The arguments to ArgumentOutOfRangeException.ThrowIfLessThanOrEqual are in the wrong order. The correct signature is ThrowIfLessThanOrEqual(value, other) which throws if value <= other.

Currently, this code passes (0, value) which throws if 0 <= value, meaning it would throw for any positive value (the opposite of the intended behavior). It should be ThrowIfLessThanOrEqual(value, 0) to throw when value <= 0.

Suggested change
ArgumentOutOfRangeException.ThrowIfLessThanOrEqual(0, value);
ArgumentOutOfRangeException.ThrowIfLessThanOrEqual(value, 0);

Copilot uses AI. Check for mistakes.
src/Aspire.Hosting/ApplicationModel/ParameterDefault.cs
Comment on lines 84 to 92
public required int MinLength
{
get;
set
{
ArgumentOutOfRangeException.ThrowIfLessThanOrEqual(0, value);
field = value;
}
}
Copy link

Copilot AI Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new validation logic for the MinLength property setter lacks test coverage. Consider adding tests to verify that:

  1. Setting MinLength to zero throws ArgumentOutOfRangeException
  2. Setting MinLength to a negative value throws ArgumentOutOfRangeException
  3. Setting MinLength to a positive value succeeds

These tests would be appropriate in the AddParameterTests.cs file where other GenerateParameterDefault tests exist.

Copilot uses AI. Check for mistakes.
@afscrome afscrome force-pushed the generate-default-length branch from 85e90fc to 47a7a2f Compare December 18, 2025 17:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mitchdenny mitchdenny Awaiting requested review from mitchdenny mitchdenny is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

community-contribution Indicates that the PR has been added by a community member

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

GenerateParameterDefault.MinLength should be required

1 participant

@afscrome