pook/compliancebot
1
0
Fork 0
Code Issues 1.1k Pull requests 82 Projects Releases Packages Wiki Activity Actions

Sanitize generate inputs to prevent prompt injection via control chars #447

Open
pook wants to merge 50 commits from feat/sanitize-generate-inputs into main
pull from: feat/sanitize-generate-inputs
merge into: pook:main
Conversation 1 Commits 50 Files changed 61 +5878 -52
pook commented 2026-04-10 16:12:04 -04:00
Owner
Copy link

Summary

  • Adds sanitize-input.ts utility that strips dangerous control characters (0x00-0x08, 0x0B, 0x0C, 0x0E-0x1F) and collapses redundant horizontal whitespace from strings
  • Applies sanitizeObject() to all questionnaire data in generateComplianceDocument() — the single entry point for all three generate routes (privacy, ToS, DPA) — before data reaches the OpenAI prompt builder
  • Preserves tabs, newlines, and carriage returns; non-string values pass through unchanged

Test plan

  • 17 new unit tests covering control char stripping, whitespace collapsing, newline preservation, recursive object/array sanitization, injection payloads, and QuestionnaireData-shaped objects
  • Existing document-generator tests still pass (no regression)

🤖 Generated with Claude Code

## Summary - Adds `sanitize-input.ts` utility that strips dangerous control characters (0x00-0x08, 0x0B, 0x0C, 0x0E-0x1F) and collapses redundant horizontal whitespace from strings - Applies `sanitizeObject()` to all questionnaire data in `generateComplianceDocument()` — the single entry point for all three generate routes (privacy, ToS, DPA) — before data reaches the OpenAI prompt builder - Preserves tabs, newlines, and carriage returns; non-string values pass through unchanged ## Test plan - [x] 17 new unit tests covering control char stripping, whitespace collapsing, newline preservation, recursive object/array sanitization, injection payloads, and QuestionnaireData-shaped objects - [x] Existing document-generator tests still pass (no regression) 🤖 Generated with [Claude Code](https://claude.com/claude-code)
Sanitize generate inputs to strip control characters before OpenAI
Some checks are pending
CI Quality Gate / Lint / Typecheck / Test / Build (pull_request) Waiting to run
Details
acf0c8a4f4 
Control characters (0x00-0x08, 0x0B, 0x0C, 0x0E-0x1F) in user-provided
questionnaire data could corrupt LLM prompts or enable injection. This adds
a sanitization step in generateComplianceDocument that strips dangerous
control chars and collapses redundant whitespace from all string fields
before they reach the prompt builder.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat: issue #444 user-inputs-to-apigenerate-business-name (agent task liancebot444)
Some checks failed
CI Quality Gate / Lint / Typecheck / Test / Build (pull_request) Has been cancelled
Details
23bc64a667
pook commented 2026-04-10 17:18:32 -04:00
Author
Owner
Copy link

Code Review — PR #447: Sanitize generate inputs

Typecheck: PASS (npx tsc --noEmit)

Code Review Findings

Regex analysis (/[\x00-\x08\x0B\x0C\x0E-\x1F]/g):

  • Catches null bytes (0x00)
  • Catches C0 controls (0x01-0x08, 0x0E-0x1F)
  • Preserves tab (0x09), newline (0x0A), carriage return (0x0D)
  • Missing C1 control characters (0x7F-0x9F) — DEL (0x7F) and C1 controls (0x80-0x9F) are not stripped. These can be used for injection in some contexts.

Integration point: Correctly applied at the top of generateComplianceDocument() before validation and business info extraction. All three generate routes (privacy, ToS, DPA) flow through this single entry point.

Test coverage: Thorough — 12 test cases covering null bytes, C0 controls, whitespace collapsing, mixed objects, arrays, nested objects, null/undefined passthrough, and a realistic questionnaire-shaped object.

Issues

  1. Medium: Regex misses DEL (0x7F) and C1 control range (0x80-0x9F). Recommend extending to: /[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/g
  2. Low: No test for Unicode directional overrides (U+202E) or zero-width characters (U+200B) that could affect rendered policy documents.
  3. Nit: sanitizeObject loses prototype chain — the out as T cast returns a plain object. Fine for questionnaire data (plain JSON from HTTP).

Verdict: Approve with suggestion to extend regex for C1 controls

Reviewed by Claude Code

## Code Review — PR #447: Sanitize generate inputs ### Typecheck: PASS (npx tsc --noEmit) ### Code Review Findings **Regex analysis** (`/[\x00-\x08\x0B\x0C\x0E-\x1F]/g`): - Catches null bytes (0x00) - Catches C0 controls (0x01-0x08, 0x0E-0x1F) - Preserves tab (0x09), newline (0x0A), carriage return (0x0D) - **Missing C1 control characters (0x7F-0x9F)** — DEL (0x7F) and C1 controls (0x80-0x9F) are not stripped. These can be used for injection in some contexts. **Integration point**: Correctly applied at the top of `generateComplianceDocument()` before validation and business info extraction. All three generate routes (privacy, ToS, DPA) flow through this single entry point. **Test coverage**: Thorough — 12 test cases covering null bytes, C0 controls, whitespace collapsing, mixed objects, arrays, nested objects, null/undefined passthrough, and a realistic questionnaire-shaped object. ### Issues 1. **Medium**: Regex misses DEL (0x7F) and C1 control range (0x80-0x9F). Recommend extending to: `/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/g` 2. **Low**: No test for Unicode directional overrides (U+202E) or zero-width characters (U+200B) that could affect rendered policy documents. 3. **Nit**: `sanitizeObject` loses prototype chain — the `out as T` cast returns a plain object. Fine for questionnaire data (plain JSON from HTTP). ### Verdict: Approve with suggestion to extend regex for C1 controls Reviewed by Claude Code
Some checks failed
CI Quality Gate / Lint / Typecheck / Test / Build (pull_request) Has been cancelled
Details
This pull request has changes conflicting with the target branch.
  • .forgejo/workflows/ci.yml
  • bun.lock
  • package.json
  • packages/api/src/db/schema.ts
  • packages/api/src/index.ts
  • packages/api/src/middleware/rate-limit.ts
  • packages/api/src/middleware/security-headers.ts
  • packages/api/src/routes/generate-tos.ts
  • packages/api/src/routes/generate.ts
  • packages/api/src/routes/health.ts
  • packages/api/src/routes/questionnaire.ts
  • packages/api/src/services/document-generator.ts
  • packages/api/src/services/llm.ts
  • packages/api/src/templates/index.ts
  • packages/api/tsconfig.json
  • packages/shared/src/types.ts
  • packages/web/src/app/questionnaire/page.tsx
  • packages/web/src/components/documents/DocumentList.tsx
  • packages/web/src/components/questionnaire/ReviewStep.tsx
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin feat/sanitize-generate-inputs:feat/sanitize-generate-inputs
git switch feat/sanitize-generate-inputs
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
agent-task

Task for autonomous agent execution

  
agent-task

Paperclip autonomous agent task

No labels
agent-task
agent-task
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pook/compliancebot!447
No description provided.