Skip to content

Add comprehensive edge case tests for NoSQL operator detection#36

Closed
Copilot wants to merge 5 commits intofeat/sanitizefrom
copilot/sub-pr-35
Closed

Add comprehensive edge case tests for NoSQL operator detection#36
Copilot wants to merge 5 commits intofeat/sanitizefrom
copilot/sub-pr-35

Conversation

Copy link
Contributor

Copilot AI commented Jan 11, 2026
edited
Loading

Addresses missing test coverage for boundary conditions in NoSQL injection detection logic, specifically around dollar sign parsing and operator identification.

Changes

  • Edge cases for dollar signs: Tests for $ at string end ("price$"), followed by non-alphabetic chars ("$123", "$_id"), and with unknown operators ("$unknown")

  • Boundary delimiter coverage: Tests for operators after all delimiters from isNoSQLOperatorBoundary ({, [, ,, :, ", ', (), plus whitespace variants (space, tab, newline)

  • False positive prevention: Tests ensuring mid-word operators ("test$nevalue") and legitimate dollar usage don't trigger detection

Added 24 test cases in TestNoSQLInjectionDetectorEdgeCases using table-driven approach for clarity and maintainability.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI mentioned this pull request Jan 11, 2026
Merged
@hyp3rd
test: add comprehensive edge case tests for NoSQL operator detection
eff4977 
Co-authored-by: hyp3rd <62474964+hyp3rd@users.noreply.github.com>
Copilot AI changed the title [WIP] Address feedback on NoSQL injection detector implementation Add comprehensive edge case tests for NoSQL operator detection Jan 11, 2026
Copilot AI requested a review from hyp3rd January 11, 2026 14:13
@hyp3rd hyp3rd marked this pull request as ready for review January 11, 2026 19:17
Copilot AI review requested due to automatic review settings January 11, 2026 19:17
Copilot AI reviewed Jan 11, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances test coverage for NoSQL injection detection by adding comprehensive edge case tests that verify correct behavior for boundary conditions in dollar sign parsing and operator identification.

Changes:

  • Restructured TestNoSQLInjectionDetectorEdgeCases with improved naming (shouldErr instead of wantError)
  • Added 25 test cases covering dollar signs at string end, non-alphabetic followers, unknown operators, all boundary delimiters, and false positive scenarios
  • Simplified test assertion logic for better readability

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

hyp3rd and others added 2 commits January 11, 2026 20:20
@hyp3rd
Update pkg/sanitize/nosql_detect_test.go
47b4b18 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@hyp3rd
Merge branch 'feat/sanitize' into copilot/sub-pr-35
61b6fda
@hyp3rd hyp3rd closed this Jan 11, 2026
@hyp3rd hyp3rd deleted the copilot/sub-pr-35 branch January 12, 2026 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@hyp3rd hyp3rd Awaiting requested review from hyp3rd

Assignees

@hyp3rd hyp3rd

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hyp3rd