fix: validate flag_reason in flag_invoice_for_review to reject None/empty#214
Open
Jean-Regis-M wants to merge 1 commit intoGenAI-Security-Project:mainfrom
Open
fix: validate flag_reason in flag_invoice_for_review to reject None/empty#214Jean-Regis-M wants to merge 1 commit intoGenAI-Security-Project:mainfrom
Jean-Regis-M wants to merge 1 commit intoGenAI-Security-Project:mainfrom
Conversation
Add validation forfix: validate flag_reason in flag_invoice_for_review to reject None/empty The function flag_invoice_for_review accepted None as flag_reason, which resulted in the literal string "None" being inserted into the fraud note. Empty or whitespace-only strings also produced misleading notes. Added input validation at the beginning of the function: - Raise ValueError if flag_reason is None - Raise ValueError if flag_reason is empty or whitespace-only This ensures that fraud notes always contain a meaningful reason and prevents unactionable records. flag_reason parameter in flagging function Signed-off-by: JEAN REGIS <240509606@firat.edu.tr>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds input validation to
flag_invoice_for_reviewto rejectNoneand empty/whitespace-only values for theflag_reasonparameter.Problem
Currently, calling
flag_invoice_for_review(invoice.id, None, ...)produces a fraud note containing the literal string"None"(e.g.,[Fraud Agent] FLAG: None.). This corrupts structured audit data and makes records unactionable for both human reviewers and automated tooling. The same issue occurs with empty or whitespace-only strings.Solution
Insert validation at the top of the function:
if flag_reason is None: raise ValueError("flag_reason must not be None")if not flag_reason.strip(): raise ValueError("flag_reason must not be empty or whitespace")The validation runs before any logging or database operations, preventing invalid data from being recorded.
Impact
Noneand empty strings from entering the fraud note.Testing
test_fraud_flag_013_none_flag_reason_accepted_without_validationnow passes (expectsValueError).None,""," ", and valid strings.