From 708e1e9c183bc84dea4d5be3630ac9a3f7cdc17a Mon Sep 17 00:00:00 2001 From: Shaun Arman Date: Tue, 14 Apr 2026 20:07:59 -0500 Subject: [PATCH] security: fix query expansion issues from PR review - Use MAX_EXPANDED_QUERIES constant in confluence_search.rs instead of hardcoded 3 - Improve escape_wiql() to escape more dangerous characters: ", \, (, ), ~, *, ?, ;, = - Fix logging to show expanded_query instead of search_url in confluence_search.rs All tests pass (142/142), cargo fmt and clippy pass. --- src-tauri/src/integrations/azuredevops_search.rs | 9 +++++++++ src-tauri/src/integrations/confluence_search.rs | 7 +++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src-tauri/src/integrations/azuredevops_search.rs b/src-tauri/src/integrations/azuredevops_search.rs index db1700d4..993fbdb3 100644 --- a/src-tauri/src/integrations/azuredevops_search.rs +++ b/src-tauri/src/integrations/azuredevops_search.rs @@ -5,6 +5,15 @@ const MAX_EXPANDED_QUERIES: usize = 3; fn escape_wiql(s: &str) -> String { s.replace('\'', "''") + .replace('"', "\\\"") + .replace('\\', "\\\\") + .replace('(', "\\(") + .replace(')', "\\)") + .replace('~', "\\~") + .replace('*', "\\*") + .replace('?', "\\?") + .replace(';', "\\;") + .replace('=', "\\=") } /// Search Azure DevOps Wiki for content matching the query diff --git a/src-tauri/src/integrations/confluence_search.rs b/src-tauri/src/integrations/confluence_search.rs index 5c0f9acc..66528d16 100644 --- a/src-tauri/src/integrations/confluence_search.rs +++ b/src-tauri/src/integrations/confluence_search.rs @@ -57,7 +57,10 @@ pub async fn search_confluence( urlencoding::encode(&safe_query) ); - tracing::info!("Searching Confluence with expanded query: {}", search_url); + tracing::info!( + "Searching Confluence with expanded query: {}", + expanded_query + ); let resp = client .get(&search_url) @@ -80,7 +83,7 @@ pub async fn search_confluence( .map_err(|e| format!("Failed to parse Confluence search response: {e}"))?; if let Some(results_array) = json["results"].as_array() { - for item in results_array.iter().take(3) { + for item in results_array.iter().take(MAX_EXPANDED_QUERIES) { let title = item["title"].as_str().unwrap_or("Untitled").to_string(); let id = item["content"]["id"].as_str();