Skip to content
Draft
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion backend/WebApp.Api/Services/AzureAIAgentService.cs
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
using OpenAI.Responses;
using System.Runtime.CompilerServices;
using WebApp.Api.Models;
using System.Linq;

Copilot AI Dec 1, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The using System.Linq; directive is redundant because the project has <ImplicitUsings>enable</ImplicitUsings> in the csproj file (line 6), which automatically includes System.Linq. While harmless, it's unnecessary.

Suggested change
using System.Linq;

Copilot uses AI. Check for mistakes.

namespace WebApp.Api.Services;

Expand Down Expand Up @@ -376,7 +377,10 @@ private MessageResponseItem BuildUserMessage(string message, List<string>? image
var validationErrors = ValidateImageDataUris(imageDataUris);
if (validationErrors.Count > 0)
{
_logger.LogWarning("Image attachment validation failed: {Errors}", string.Join("; ", validationErrors));
_logger.LogWarning(
"Image attachment validation failed: {Errors}",
string.Join("; ", validationErrors.Select(e => e.Replace("\r", "").Replace("\n", "")))
);
throw new ArgumentException($"Invalid image attachments: {string.Join(", ", validationErrors)}");

Copilot AI Dec 1, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The sanitization applied to the log statement should also be applied to the exception message on line 384. The same validationErrors list contains user-controlled data (MIME types from data URIs) that could include newline characters, creating a log injection vulnerability when the exception is logged by the caller.

Consider applying the same sanitization:

throw new ArgumentException($"Invalid image attachments: {string.Join(", ", validationErrors.Select(e => e.Replace("\r", "").Replace("\n", "")))}");
Suggested change
throw new ArgumentException($"Invalid image attachments: {string.Join(", ", validationErrors)}");
throw new ArgumentException($"Invalid image attachments: {string.Join(", ", validationErrors.Select(e => e.Replace("\r", "").Replace("\n", "")))}");

Copilot uses AI. Check for mistakes.
}

Expand Down