fix(fraud): validate agent_notes not whitespace-only in update_fraud_agent_notes#253
Open
Jean-Regis-M wants to merge 1 commit intoGenAI-Security-Project:mainfrom
Open
fix(fraud): validate agent_notes not whitespace-only in update_fraud_agent_notes#253Jean-Regis-M wants to merge 1 commit intoGenAI-Security-Project:mainfrom
Jean-Regis-M wants to merge 1 commit intoGenAI-Security-Project:mainfrom
Conversation
…agent_notes Root cause: Function directly concatenated agent_notes without checking content, allowing strings consisting only of whitespace (e.g., "\t") to be stored. Solution: Add validation at function entry: raise ValueError if agent_notes is empty or whitespace-only (using .strip()). This ensures notes carry meaningful content. Impact: - Prevents storage of meaningless fraud agent entries. - Maintains backward compatibility for valid inputs. - Minimal diff and zero side effects. Signed-off-by: JEAN REGIS <240509606@firat.edu.tr>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #191: Prevent
update_fraud_agent_notesfrom accepting whitespace-only notes (e.g., tabs), which currently results in phantom fraud agent entries.Problem
The function
update_fraud_agent_notesinfinbot/tools/data/fraud.pyaccepts any non-empty string, including strings consisting only of whitespace characters like"\t". These are stored as"[Fraud Agent] \t"after concatenation, polluting vendor notes with meaningless entries.Root Cause
The function lacks input validation. It directly uses
agent_notesin the string interpolation: