Skip to content

improvement(tools): added input validation to jira service management routes #2642

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
waleedlatif1 merged 1 commit into from
Dec 30, 2025
Merged

improvement(tools): added input validation to jira service management routes #2642

waleedlatif1 merged 1 commit into from
Dec 30, 2025

Conversation

@waleedlatif1
Copy link
Collaborator

@waleedlatif1 waleedlatif1 commented Dec 30, 2025

Summary

  • added input validation to jira service management routes

Type of Change

  • Security

Testing

N/A

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link

vercel bot commented Dec 30, 2025

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Review Updated (UTC)
docs Skipped Skipped Dec 30, 2025 10:49pm

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Dec 30, 2025

Greptile Summary

This PR adds comprehensive input validation to all 15 Jira Service Management API routes to prevent security vulnerabilities such as path traversal and injection attacks.

  • Imported validation functions (validateJiraCloudId, validateJiraIssueKey, validateAlphanumericId, validateEnum) from the security input validation module
  • Applied validation to all user-controlled parameters including cloudId, issueIdOrKey, serviceDeskId, requestTypeId, organizationId, approvalId, transitionId, and action enums
  • Validation occurs after basic null checks but before any external API calls, ensuring that only sanitized inputs reach the Jira API
  • Each validation failure returns a clear 400 error response with a descriptive error message
  • Used constant arrays for enum validation (VALID_ACTIONS, VALID_DECISIONS) to ensure only expected values are accepted

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • The changes are purely additive security improvements that follow established validation patterns from the codebase. All validation functions are well-tested utilities that protect against path traversal, injection attacks, and malformed inputs. The implementation is consistent across all 15 files with appropriate error handling.
  • No files require special attention

Important Files Changed

Filename Overview
apps/sim/app/api/tools/jsm/approvals/route.ts Added comprehensive input validation for action, cloudId, issueIdOrKey, approvalId, and decision parameters
apps/sim/app/api/tools/jsm/organization/route.ts Added input validation for action, cloudId, serviceDeskId, and organizationId parameters
apps/sim/app/api/tools/jsm/participants/route.ts Added input validation for action, cloudId, and issueIdOrKey parameters
apps/sim/app/api/tools/jsm/request/route.ts Added input validation for cloudId, serviceDeskId, requestTypeId, and issueIdOrKey parameters
apps/sim/app/api/tools/jsm/transition/route.ts Added input validation for cloudId, issueIdOrKey, and transitionId parameters

Sequence Diagram

sequenceDiagram
    participant Client
    participant Route as JSM Route Handler
    participant Validator as Input Validation
    participant Jira as Jira Service Management API

    Client->>Route: POST request with parameters
    Note over Route: Extract body parameters
    
    Route->>Route: Check required fields (domain, accessToken, etc.)
    alt Missing required field
        Route-->>Client: 400 Bad Request
    end
    
    Route->>Validator: validateEnum(action, VALID_ACTIONS)
    alt Invalid action
        Validator-->>Route: {isValid: false, error}
        Route-->>Client: 400 Bad Request
    end
    
    Route->>Route: Get cloudId (from param or fetch)
    Route->>Validator: validateJiraCloudId(cloudId)
    alt Invalid cloudId
        Validator-->>Route: {isValid: false, error}
        Route-->>Client: 400 Bad Request
    end
    
    Route->>Validator: validateJiraIssueKey(issueIdOrKey)
    alt Invalid issueIdOrKey
        Validator-->>Route: {isValid: false, error}
        Route-->>Client: 400 Bad Request
    end
    
    opt Additional IDs (approvalId, serviceDeskId, etc.)
        Route->>Validator: validateAlphanumericId(id)
        alt Invalid ID
            Validator-->>Route: {isValid: false, error}
            Route-->>Client: 400 Bad Request
        end
    end
    
    Note over Route: All inputs validated
    Route->>Jira: API request with validated parameters
    Jira-->>Route: Response
    Route-->>Client: JSON response
Loading

@waleedlatif1 waleedlatif1 merged commit eca9123 into staging Dec 30, 2025
11 checks passed
@waleedlatif1 waleedlatif1 deleted the improvement/jsm branch December 30, 2025 22:55
@waleedlatif1 waleedlatif1 mentioned this pull request Dec 31, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@waleedlatif1