Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(ci): validate sanitized title is non-empty in spec drafter#2160

Merged
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/ci-spec-drafter-safe-title-validation
May 12, 2026
Merged

fix(ci): validate sanitized title is non-empty in spec drafter#2160
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/ci-spec-drafter-safe-title-validation

Conversation

@finnoybu

Copy link
Copy Markdown
Contributor

Summary

.github/workflows/ai-spec-drafter.yml:84-87 sanitizes a user-supplied issue title down to [a-z0-9-] and uses it in both a git branch name and a file path:

SAFE_TITLE=$(printf '%s' "$ISSUE_TITLE" | tr '[:upper:]' '[:lower:]' \
  | sed 's/[^a-z0-9]/-/g' | sed 's/--*/-/g' | head -c 50)
BRANCH="docs/spec-${ISSUE_NUMBER}-${SAFE_TITLE}"
SPEC_FILE="docs/specs/issue-${ISSUE_NUMBER}-${SAFE_TITLE}.md"

If the title contains no [a-z0-9] characters at all (e.g. an issue titled "✨🚀✨"), the sed pipeline collapses to a single - which head -c 50 keeps. The resulting branch (docs/spec-123--) and filename (docs/specs/issue-123--.md) are malformed; a fully-empty result would produce dangling-dash paths.

This builds on the shell-injection hardening from #2138 — same workflow, related defensive layer.

Change

  • Strip leading/trailing dashes after the collapse.
  • Abort cleanly with a ::warning:: if the sanitized result is empty.

The workflow exits 0 so the broader CI run isn't marked failed for a content issue on the source issue.

Verification

  • Diff is local to a single run: block.
  • Manual shell test on a few title shapes:
    • "Add new feature" -> add-new-feature (unchanged)
    • "✨🚀✨" -> empty -> workflow exits with warning (was: docs/spec-N--)
    • "---fix---" -> fix after the new strip (was: -fix-)

Surfaced during independent audit conducted by @finnoybu (Ken Tannenbaum, AEGIS Initiative); [LOW, Infrastructure/CI].

The spec-drafter workflow sanitizes a user-supplied issue title down
to `[a-z0-9-]` and uses it in both a git branch name and a file path:

  BRANCH="docs/spec-${ISSUE_NUMBER}-${SAFE_TITLE}"
  SPEC_FILE="docs/specs/issue-${ISSUE_NUMBER}-${SAFE_TITLE}.md"

If the title contains no `[a-z0-9]` characters at all (e.g. an issue
titled "✨🚀✨" or in a script the sanitizer drops entirely), the
collapse-runs sed yields `-` and `head -c 50` keeps it. The resulting
branch (`docs/spec-123--`) and filename (`docs/specs/issue-123--.md`)
are technically valid but malformed; a fully-empty result would
produce dangling-dash paths.

Strip leading/trailing dashes after the collapse, then abort cleanly
with a workflow warning if the result is empty. The workflow exits 0
so the broader CI run isn't marked failed for a content issue on the
source issue.
@github-actions github-actions Bot added scripts/ci/cd size/S Small PR (< 50 lines) labels May 12, 2026
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: security-scanner — View details

No security issues found.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: docs-sync-checker — Docs Sync

Docs Sync

  • ai-spec-drafter.yml -- missing docstring for the new sanitization logic
  • CHANGELOG.md -- missing entry for the behavioral change regarding empty sanitized titles

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: code-reviewer — View details

TL;DR: 1 blocker, 0 warnings. The sanitization logic may lead to malformed paths if not properly validated.

# Sev Issue Where
1 CRITICAL Potential for malformed branch/filename if sanitized title is empty .github/workflows/ai-spec-drafter.yml

Ensure that the workflow correctly handles cases where the sanitized title results in an empty string, preventing malformed paths.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: test-generator — `.github/workflows/ai-spec-drafter.yml`

.github/workflows/ai-spec-drafter.yml

  • test_sanitization_empty_title -- validates that an empty title results in a warning and does not create malformed paths.
  • test_sanitization_only_special_chars -- checks that titles with only special characters trigger the warning and exit cleanly.
  • test_sanitization_leading_trailing_dashes -- ensures that titles with leading/trailing dashes are sanitized correctly without producing malformed paths.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: breaking-change-detector — API Compatibility

API Compatibility

Severity Change Impact
Potentially Breaking Introduced a warning and early exit if the sanitized title is empty Users relying on the previous behavior of generating a branch/filename from any input may encounter unexpected behavior if the input title contains no valid characters.

@github-actions

Copy link
Copy Markdown

🟡 Contributor Check: MEDIUM

Check Result
Profile MEDIUM
Credential NONE
Overall MEDIUM

Automated check by AGT Contributor Check.

@github-actions github-actions Bot added the needs-review:MEDIUM Contributor check flagged MEDIUM risk label May 12, 2026
@github-actions

Copy link
Copy Markdown

PR Review Summary

Check Status Details
🔍 Code Review ❌ Failed Issues detected
🛡️ Security Scan ✅ Passed No issues found
🔄 Breaking Changes ✅ Completed Analysis complete
📝 Docs Sync ✅ Completed Analysis complete
🧪 Test Coverage ✅ Passed No issues found

Verdict: ❌ Changes needed

@imran-siddique imran-siddique merged commit fdabd06 into microsoft:main May 12, 2026
13 of 14 checks passed
MohammadHaroonAbuomar pushed a commit to MohammadHaroonAbuomar/agt-acs that referenced this pull request Jun 1, 2026
…soft#2160)

The spec-drafter workflow sanitizes a user-supplied issue title down
to `[a-z0-9-]` and uses it in both a git branch name and a file path:

  BRANCH="docs/spec-${ISSUE_NUMBER}-${SAFE_TITLE}"
  SPEC_FILE="docs/specs/issue-${ISSUE_NUMBER}-${SAFE_TITLE}.md"

If the title contains no `[a-z0-9]` characters at all (e.g. an issue
titled "✨🚀✨" or in a script the sanitizer drops entirely), the
collapse-runs sed yields `-` and `head -c 50` keeps it. The resulting
branch (`docs/spec-123--`) and filename (`docs/specs/issue-123--.md`)
are technically valid but malformed; a fully-empty result would
produce dangling-dash paths.

Strip leading/trailing dashes after the collapse, then abort cleanly
with a workflow warning if the result is empty. The workflow exits 0
so the broader CI run isn't marked failed for a content issue on the
source issue.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-review:MEDIUM Contributor check flagged MEDIUM risk scripts/ci/cd size/S Small PR (< 50 lines)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants