[quality] test: unit tests for sanitizeForPrompt (prompt injection defense) and staleCacheEvents#19713
[quality] test: unit tests for sanitizeForPrompt (prompt injection defense) and staleCacheEvents#19713clubanderson wants to merge 1 commit into
Conversation
…ents Adds test coverage for two previously untested lib modules: sanitizeForPrompt.test.ts (28 test cases): - Basic sanitization: plain text, trim, empty input - Angle bracket removal: literal <>, unicode \u003c/\u003e, hex \x3c/\x3e, leading zeros - HTML entity encoding: &, quotes - Length capping: default 500, custom, trim-before-cap - Prompt injection defense: HTML tags, unicode injection, combined vectors, length-bomb attempts staleCacheEvents.test.ts (5 test cases): - dispatchStaleCacheCleanupEvent: event dispatching, detail fields - subscribeToStaleCacheCleanupEvents: subscribe/unsubscribe, multiple independent subscribers Signed-off-by: Quality Agent <quality-agent@kubestellar.io>
kubestellar-prow
Bot
added
the
dco-signoff: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
clubanderson
added
hold
|
👋 Hey @clubanderson — thanks for opening this PR!
This is an automated message. |
|
🐝 Hi @clubanderson! I'm Trusted users — org members and contributors with write access — can mention Automation may take a moment to start, and follow-up happens through workflow activity rather than chat replies. |
kubestellar-prow
Bot
added
the
size/L
✅ Deploy Preview for kubestellarconsole ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
There was a problem hiding this comment.
Pull request overview
This PR adds Vitest unit coverage for two web/src/lib utilities: sanitizeForPrompt (prompt-injection hardening) and staleCacheEvents (observability event dispatch/subscription used during cache cleanup).
Changes:
- Add unit tests covering sanitization behaviors (escaping/encoding, trimming, and max-length capping) for
sanitizeForPrompt. - Add unit tests validating
kc:stale-cache-cleanupevent dispatching and subscribe/unsubscribe behavior forstaleCacheEvents.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| web/src/lib/tests/sanitizeForPrompt.test.ts | Adds unit tests for prompt-input sanitization behaviors and attack-vector handling. |
| web/src/lib/tests/staleCacheEvents.test.ts | Adds unit tests for stale-cache cleanup event dispatch and subscription lifecycle. |
| @@ -0,0 +1,100 @@ | |||
| import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest' | |||
| const makeDetail = ( | ||
| overrides: Partial<StaleCacheCleanupEventDetail> = {}, | ||
| ): StaleCacheCleanupEventDetail => ({ | ||
| staleKeysFound: 5, | ||
| staleKeysRemoved: 3, | ||
| oldestStaleAgeMs: 86400000, | ||
| cleanupDurationMs: 42, | ||
| timestamp: Date.now(), | ||
| ...overrides, | ||
| }) |
| import { describe, it, expect } from 'vitest' | ||
| import { sanitizeForPrompt } from '../sanitizeForPrompt' | ||
|
|
||
| describe('sanitizeForPrompt', () => { |
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
| @@ -0,0 +1,100 @@ | |||
| import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest' | |||
|
Closing — superseded by #19719 which provides more comprehensive coverage (55+ test cases vs 28, includes K8s scenarios and boundary conditions). |
kubestellar-prow
Bot
added
the
needs-rebase
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Test Improvement
Adds unit tests for two previously untested lib modules:
sanitizeForPrompt.test.ts— 28 test cases (critical: prompt injection defense)<>, unicode\u003c/\u003e, hex\x3c/\x3e, leading zeros&→&,"→",'→'staleCacheEvents.test.ts— 5 test casesWhy this matters
sanitizeForPromptis the primary prompt injection defense — it sanitizes all user-supplied text before interpolation into AI prompts across the mission-control and AI chat features. It had zero test coverage despite being security-critical.Filed by quality agent (hold-gated mode). Human review required.