feat(messages): validate message length before sending#140
Conversation
Test Coverage ReviewAll four new tests pass. Coverage is solid for a focused validation feature. What's covered well:
Gaps worth noting:
Verdict: Coverage is adequate for the change. The critical happy/sad paths and the file-bypass carve-out are all tested. The gaps are minor and consistent with the rest of the test suite's style. |
monit-reviewer
left a comment
There was a problem hiding this comment.
Automated PR Review
Reviewed commit: 8997bc0
Summary
| Reviewer | Findings |
|---|---|
| database:sql-reviewer | 1 |
| security:code-auditor | 2 |
database:sql-reviewer (1 findings)
💡 Suggestion - internal/cmd/messages/messages_test.go:1618
All test strings use ASCII-only
strings.Repeat("x", n), so byte count equals rune count and thelen()vs rune-count bug is not exercised. Add a test case with multi-byte characters (e.g.,strings.Repeat("😀", maxMessageTextLen-1)) to catch the discrepancy.
security:code-auditor (2 findings)
internal/cmd/messages/messages.go:83
len(text)counts UTF-8 bytes, not Unicode characters. Slack's 40,000 limit is on characters. A message with multi-byte characters (emoji, CJK, accented text) will be incorrectly rejected — e.g., 20,000 emoji (4 bytes each) = 80,000 bytes but only 20,000 characters, well under the limit. Useutf8.RuneCountInString(text)instead. Also update line 93 (len(text)in the error message) to report rune count so the number matches the limit.
💡 Suggestion - internal/cmd/messages/update.go:46
The
updatecommand callsvalidateMessageLengthwhich suggests--file <path>as an alternative, butupdatedoesn't support--file. Consider using a variant error message for update, or at minimum note that--fileapplies tosendonly.
1 PR discussion thread considered.
Completed in 5m 07s | $0.68
| Field | Value |
|---|---|
| Reviewers | hybrid-synthesis, database:sql-reviewer, security:code-auditor, harness-engineering:knowledge-reviewer, harness-engineering:enforcement-reviewer, harness-engineering:architecture-reviewer, harness-engineering:legibility-reviewer |
| Reviewed by | pr-review-daemon · monit-pr-reviewer |
| Duration | 5m 07s (Reviewers: 1m 13s · Synthesis: 52s) |
| Cost | $0.68 |
| Tokens | 198.9k in / 19.1k out |
| Turns | 17 |
internal/cmd/messages/messages.go
Outdated
|
|
||
| // validateMessageLength checks whether text exceeds Slack's message length limit. | ||
| func validateMessageLength(text string) error { | ||
| if len(text) <= maxMessageTextLen { |
There was a problem hiding this comment.
🟡 Medium (security:code-auditor): len(text) counts UTF-8 bytes, not Unicode characters. Slack's 40,000 limit is on characters. A message with multi-byte characters (emoji, CJK, accented text) will be incorrectly rejected — e.g., 20,000 emoji (4 bytes each) = 80,000 bytes but only 20,000 characters, well under the limit. Use utf8.RuneCountInString(text) instead. Also update line 93 (len(text) in the error message) to report rune count so the number matches the limit.
| err := validateMessageLength(text) | ||
| if tt.wantErr { | ||
| require.Error(t, err) | ||
| assert.Contains(t, err.Error(), "exceeds Slack's 40000 character limit") |
There was a problem hiding this comment.
🔵 Low (database:sql-reviewer): All test strings use ASCII-only strings.Repeat("x", n), so byte count equals rune count and the len() vs rune-count bug is not exercised. Add a test case with multi-byte characters (e.g., strings.Repeat("😀", maxMessageTextLen-1)) to catch the discrepancy.
internal/cmd/messages/update.go
Outdated
| // Unescape shell-escaped characters (e.g., \! from zsh) | ||
| text = unescapeShellChars(text) | ||
|
|
||
| if err := validateMessageLength(text); err != nil { |
There was a problem hiding this comment.
🔵 Low (security:code-auditor): The update command calls validateMessageLength which suggests --file <path> as an alternative, but update doesn't support --file. Consider using a variant error message for update, or at minimum note that --file applies to send only.
…entiate update error message
|
All three review findings addressed in cfe1285:
|
monit-reviewer
left a comment
There was a problem hiding this comment.
Automated PR Review
Reviewed commit: cfe1285 | Previous: 8997bc0 (incremental)
Summary
No issues found.
5 PR discussion threads considered.
Completed in 5m 18s | $0.73
| Field | Value |
|---|---|
| Mode | Re-review · Cycle 2 · Session resumed |
| Reviewers | hybrid-synthesis, database:sql-reviewer, security:code-auditor, harness-engineering:knowledge-reviewer, harness-engineering:enforcement-reviewer, harness-engineering:architecture-reviewer, harness-engineering:legibility-reviewer |
| Reviewed by | pr-review-daemon · monit-pr-reviewer |
| Duration | 5m 18s (Reviewers: 1m 11s · Synthesis: 35s) |
| Cost | $0.73 |
| Tokens | 239.1k in / 19.9k out |
| Turns | 15 |
Summary
--file,canvas create, manual chunking) instead of letting Slack silently truncatemessages sendandmessages update; skipped for file uploads[Unreleased], creates[3.2.0]and[3.1.35]sectionsCloses #139
Test plan
TestValidateMessageLength— under/at/over limit boundary testsTestRunSend_MessageTooLong— send rejects oversized textTestRunUpdate_MessageTooLong— update rejects oversized textTestRunSend_FileUpload_LongTextAllowed— file uploads bypass length checkpython3 -c "print('x' * 50000)" | ./bin/slck messages send C123 -→ error with helpful messagemake build && make test && make lintall pass