fix(web): validate git ref and file path inputs

[brendan-kellam]

Summary

• Reject ref values starting with - in list_commits, list_tree, and read_file — returns 400 INVALID_GIT_REF instead of passing the value unsanitized to the git CLI
• Apply existing isPathValid() path traversal check to read_file — returns 404 FILE_NOT_FOUND instead of an unhandled exception
• Add INVALID_GIT_REF error code and invalidGitRef service error helper (400 Bad Request)

Test plan

• list_commits with ref=--all returns 400 INVALID_GIT_REF
• list_commits with ref=-r returns 400 INVALID_GIT_REF
• list_tree with ref=--all returns 400 INVALID_GIT_REF
• read_file with path=../../../etc/passwd returns 404 FILE_NOT_FOUND
• list_commits with ref=main continues to work normally

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes

  • Added runtime validation for git references and file paths across git API endpoints.
  • Rejects invalid git refs (including those starting with '-') and invalid file paths before processing.
  • Standardized error responses for these validation failures.

• Tests

  • Added tests/mocks covering invalid git ref handling and logger behavior.

• Chores

  • Updated changelog with the new fix entry.

[coderabbitai]

Walkthrough

Adds runtime validation for git refs and file paths in multiple git-related API routes. Introduces isGitRefValid() to reject refs starting with '-' and a corresponding invalidGitRef() service error plus an INVALID_GIT_REF error code; routes return the new error before repository operations when validation fails.

Changes

Cohort / File(s)	Summary
Error codes & service errors packages/web/src/lib/errorCodes.ts, packages/web/src/lib/serviceError.ts	Added INVALID_GIT_REF to ErrorCode and added invalidGitRef(ref: string) which returns a BAD_REQUEST ServiceError for refs starting with '-'.
Git validation utilities packages/web/src/features/git/utils.ts	Added exported isGitRefValid(ref: string): boolean that returns false for refs beginning with '-' to prevent git flag injection.
API route input validation packages/web/src/features/git/getFileSourceApi.ts, packages/web/src/features/git/getTreeApi.ts, packages/web/src/features/git/listCommitsApi.ts	Added pre-repo-resolution checks using isGitRefValid() (and path validation for file paths); routes now return invalidGitRef when a provided ref is invalid before performing repository lookups.
Tests / mocks packages/web/src/features/git/listCommitsApi.test.ts	Updated/added mocks to include invalidGitRef and logger stubs for test scenarios involving invalid refs.
Changelog CHANGELOG.md	Recorded a Fixed entry under Unreleased describing validation of ref and path inputs in git API routes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• msukkari

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: adding validation for git ref and file path inputs across multiple API endpoints.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch brendan-kellam/validate-git-ref-and-path-inputs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

packages/web/src/features/git/listCommitsApi.test.ts (1)

29-32: Add test cases for git ref validation.

The invalidGitRef mock is correctly structured, but there are no test cases exercising the ref validation logic. The implementation validates that refs cannot start with - using isGitRefValid, yet the test suite has no coverage for this. Add tests for the scenarios mentioned in the PR objectives:

• list_commits with ref=--all returns 400 INVALID_GIT_REF
• list_commits with ref=-r returns 400 INVALID_GIT_REF

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/web/src/features/git/listCommitsApi.test.ts` around lines 29 - 32,
Add two unit tests to listCommitsApi.test.ts that exercise the ref validation:
call the list_commits endpoint (the code path using isGitRefValid) with query
param ref=--all and with ref=-r, and assert each response has HTTP 400 and the
body matches the invalidGitRef mock (errorCode 'INVALID_GIT_REF' and the
expected message). Place the tests alongside the existing list_commits tests so
they exercise the same request helper and response assertions used elsewhere in
this file.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@packages/web/src/features/git/listCommitsApi.test.ts`:
- Around line 29-32: Add two unit tests to listCommitsApi.test.ts that exercise
the ref validation: call the list_commits endpoint (the code path using
isGitRefValid) with query param ref=--all and with ref=-r, and assert each
response has HTTP 400 and the body matches the invalidGitRef mock (errorCode
'INVALID_GIT_REF' and the expected message). Place the tests alongside the
existing list_commits tests so they exercise the same request helper and
response assertions used elsewhere in this file.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6acd071 and 33dbbd6.

📒 Files selected for processing (1)

• packages/web/src/features/git/listCommitsApi.test.ts