Skip to content

[Copilot AI] discussion_id not validated before API path interpolation #12

Open
Open
[Copilot AI] discussion_id not validated before API path interpolation#12
Labels
P2-mediumRobustness gaps that should be fixedcopilot-aiIdentified by Copilot AI agentmcp-serverMCP server (omniforge_mcp_server.py)validationInput validation issues
@nexiouscaliver

Description

@nexiouscaliver
nexiouscaliver
opened on Apr 5, 2026

Problem

In _reply_to_discussion (line 784) and _resolve_discussion (line 828), discussion_id is interpolated directly into API URL paths without any format validation:

f"projects/:fullpath/merge_requests/{iid}/discussions/{discussion_id}/notes"

Impact

Malformed IDs (empty string, special characters, extremely long values) produce confusing API errors instead of clear validation failures.

Fix Direction

Add validate_discussion_id() that checks for non-empty hex/alphanumeric format matching GitLab discussion ID patterns.

Acceptance Criteria

  • New validate_discussion_id function
  • Called in both _reply_to_discussion and _resolve_discussion
  • Returns validation_error for invalid IDs
  • Tests for empty, special chars, and valid IDs

Identified by Copilot AI agent

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2-mediumRobustness gaps that should be fixedcopilot-aiIdentified by Copilot AI agentmcp-serverMCP server (omniforge_mcp_server.py)validationInput validation issues

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions