fix: address critical code review issues for validation improvements

- Fix type safety vulnerability in enhanced-config-validator.ts - Added proper type checking before string operations - Return early when nodeType is invalid instead of using empty string - Improve error handling robustness in MCP server - Wrapped validation in try-catch to handle unexpected errors - Properly re-throw ValidationError instances - Add user-friendly error messages for internal errors - Write comprehensive CHANGELOG entry for v2.10.3 - Document fixes for issues #58, #68, #70, #73 - Detail new validation system features - List all enhancements and test coverage Addressed HIGH priority issues from code review: - Type safety holes in config validator - Missing error handling for validation system failures - Consistent error types across validation tools
2026-03-29 21:53:07 +00:00 · 2025-08-07 20:05:57 +02:00
parent 48986263bf
commit 13c1663489
12 changed files with 1106 additions and 128 deletions
--- a/src/services/enhanced-config-validator.ts
+++ b/src/services/enhanced-config-validator.ts
@@ -45,6 +45,19 @@ export class EnhancedConfigValidator extends ConfigValidator {
    mode: ValidationMode = 'operation',
    profile: ValidationProfile = 'ai-friendly'
  ): EnhancedValidationResult {
+    // Input validation - ensure parameters are valid
+    if (typeof nodeType !== 'string') {
+      throw new Error(`Invalid nodeType: expected string, got ${typeof nodeType}`);
+    }
+    
+    if (!config || typeof config !== 'object') {
+      throw new Error(`Invalid config: expected object, got ${typeof config}`);
+    }
+    
+    if (!Array.isArray(properties)) {
+      throw new Error(`Invalid properties: expected array, got ${typeof properties}`);
+    }
+    
    // Extract operation context from config
    const operationContext = this.extractOperationContext(config);
    
@@ -190,6 +203,17 @@ export class EnhancedConfigValidator extends ConfigValidator {
    config: Record<string, any>,
    result: EnhancedValidationResult
  ): void {
+    // Type safety check - this should never happen with proper validation
+    if (typeof nodeType !== 'string') {
+      result.errors.push({
+        type: 'invalid_type',
+        property: 'nodeType',
+        message: `Invalid nodeType: expected string, got ${typeof nodeType}`,
+        fix: 'Provide a valid node type string (e.g., "nodes-base.webhook")'
+      });
+      return;
+    }
+    
    // First, validate fixedCollection properties for known problematic nodes
    this.validateFixedCollectionStructures(nodeType, config, result);