[quality] test: unit tests for sanitizeForPrompt (prompt injection defense) and staleCacheEvents#19713
Conversation
kubestellar-prow
Bot
added
the
dco-signoff: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
clubanderson
added
hold
|
👋 Hey @clubanderson — thanks for opening this PR!
This is an automated message. |
|
🐝 Hi @clubanderson! I'm Trusted users — org members and contributors with write access — can mention Automation may take a moment to start, and follow-up happens through workflow activity rather than chat replies. |
kubestellar-prow
Bot
added
the
size/L
✅ Deploy Preview for kubestellarconsole ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
There was a problem hiding this comment.
Pull request overview
This PR adds Vitest unit coverage for two web/src/lib utilities: sanitizeForPrompt (prompt-injection hardening) and staleCacheEvents (observability event dispatch/subscription used during cache cleanup).
Changes:
- Add unit tests covering sanitization behaviors (escaping/encoding, trimming, and max-length capping) for
sanitizeForPrompt. - Add unit tests validating
kc:stale-cache-cleanupevent dispatching and subscribe/unsubscribe behavior forstaleCacheEvents.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| web/src/lib/tests/sanitizeForPrompt.test.ts | Adds unit tests for prompt-input sanitization behaviors and attack-vector handling. |
| web/src/lib/tests/staleCacheEvents.test.ts | Adds unit tests for stale-cache cleanup event dispatch and subscription lifecycle. |
| @@ -0,0 +1,100 @@ | |||
| import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest' | |||
| const makeDetail = ( | ||
| overrides: Partial<StaleCacheCleanupEventDetail> = {}, | ||
| ): StaleCacheCleanupEventDetail => ({ | ||
| staleKeysFound: 5, | ||
| staleKeysRemoved: 3, | ||
| oldestStaleAgeMs: 86400000, | ||
| cleanupDurationMs: 42, | ||
| timestamp: Date.now(), | ||
| ...overrides, | ||
| }) |
| import { describe, it, expect } from 'vitest' | ||
| import { sanitizeForPrompt } from '../sanitizeForPrompt' | ||
|
|
||
| describe('sanitizeForPrompt', () => { |
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
| @@ -0,0 +1,100 @@ | |||
| import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest' | |||
|
Closing — superseded by #19719 which provides more comprehensive coverage (55+ test cases vs 28, includes K8s scenarios and boundary conditions). |
kubestellar-prow
Bot
added
the
needs-rebase
clubanderson
force-pushed
the
quality/test-sanitize-prompt
branch
from
dfbd63c to
bc2b11a
Compare
kubestellar-prow
Bot
added
dco-signoff: yes
…fense) and staleCacheEvents Signed-off-by: Andrew Anderson <andy@clubanderson.com>
clubanderson
force-pushed
the
quality/test-sanitize-prompt
branch
from
bc2b11a to
5975455
Compare
|
Thank you for your contribution! Your PR has been merged. Check out what's new:
Stay connected: Slack #kubestellar-dev | Multi-Cluster Survey |
✅ Post-Merge Verification: passedCommit: |
|
Post-merge build verification passed ✅ Both Go and frontend builds compiled successfully against merge commit |
Test Improvement
Adds unit tests for two previously untested lib modules:
sanitizeForPrompt.test.ts— 28 test cases (critical: prompt injection defense)<>, unicode\u003c/\u003e, hex\x3c/\x3e, leading zeros&→&,"→",'→'staleCacheEvents.test.ts— 5 test casesWhy this matters
sanitizeForPromptis the primary prompt injection defense — it sanitizes all user-supplied text before interpolation into AI prompts across the mission-control and AI chat features. It had zero test coverage despite being security-critical.Filed by quality agent (hold-gated mode). Human review required.