fix: improve input validation and JSON safety #17038
Conversation
Scripts: - Add validation for extracted duplicate issue numbers - Prevent referencing non-existent issues (number >= current issue) Workflows: - Use jq for safe JSON construction in log-issue-events.yml - Properly escape special characters (newlines, quotes) in issue titles Plugins: - Add missing plugin.json for plugin-dev plugin Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This pull request enhances input validation and JSON safety across three files: adding duplicate issue number validation in the auto-close script, improving JSON construction in a GitHub workflow, and adding a missing plugin configuration file.
- Input validation prevents referencing non-existent or future issue numbers
- JSON construction now uses jq for proper escaping of special characters
- Added missing plugin.json for the plugin-dev plugin
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
scripts/auto-close-duplicates.ts |
Adds validation to ensure duplicate issue references are valid (positive, less than current issue, reasonable upper bound) |
.github/workflows/log-issue-events.yml |
Replaces manual JSON string construction with jq for safe character escaping |
plugins/plugin-dev/.claude-plugin/plugin.json |
New configuration file with metadata for the plugin-dev plugin |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const num = parseInt(match[1], 10); | ||
| // Validate: must be positive, less than current issue, and reasonable | ||
| if (num > 0 && num < currentIssueNumber && num < 1000000) { | ||
| return num; | ||
| } | ||
| } | ||
|
|
||
| // Try to match GitHub issue URL format: https://github.com/owner/repo/issues/123 | ||
| match = commentBody.match(/github\.com\/[^\/]+\/[^\/]+\/issues\/(\d+)/); | ||
| if (match) { | ||
| return parseInt(match[1], 10); | ||
| const num = parseInt(match[1], 10); | ||
| // Validate: must be positive, less than current issue, and reasonable | ||
| if (num > 0 && num < currentIssueNumber && num < 1000000) { | ||
| return num; | ||
| } |
There was a problem hiding this comment.
The validation logic is duplicated in both pattern matching branches. Consider extracting this into a helper function or performing the validation after both pattern matches. This would make the code more maintainable and reduce the risk of the validation logic diverging between the two branches.
| { | ||
| "name": "plugin-dev", | ||
| "version": "1.0.0", | ||
| "description": "Comprehensive toolkit for developing Claude Code plugins with expert guidance on hooks, MCP integration, plugin structure, and marketplace publishing", | ||
| "author": { | ||
| "name": "Anthropic", | ||
| "email": "support@anthropic.com" | ||
| } |
There was a problem hiding this comment.
The field order in this plugin.json file differs from other plugin.json files in the repository. Other plugins use the order: name, description, version, author. This file uses: name, version, description, author. Consider reordering the fields to match the existing convention for consistency.
- Extract validation logic to isValidDuplicateIssueNumber helper function - Reorder plugin.json fields to match convention (name, description, version, author) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 participant
Summary
Add input validation for duplicate issue numbers in
auto-close-duplicates.tsUse jq for safe JSON construction in
log-issue-events.ymlAdd missing plugin.json for
plugin-devpluginTest plan
auto-close-duplicates.tscompiles:bun build scripts/auto-close-duplicates.tsjq . plugins/plugin-dev/.claude-plugin/plugin.jsonFiles Changed
scripts/auto-close-duplicates.ts.github/workflows/log-issue-events.ymlplugins/plugin-dev/.claude-plugin/plugin.json🤖 Generated with Claude Code