fix: improve input validation, error handling, and path safety

[jongio]

Summary

Improve input validation, error handling, and path safety across the CLI.

Changes

• Harden path resolution with containment checks for extensions and templates
• Add vault ID validation with allowlist pattern
• Enforce authenticated context for gRPC streaming RPCs
• Add WebSocket origin validation for localhost-only connections
• Pin JWT signing algorithm and increase signing key size
• Replace sync.Once with retry-capable lazy init for tool downloads
• Add sensitive data redaction in error paths
• Validate constructor inputs and escape URL path segments
• Add comprehensive test coverage (1700+ lines of new tests)

Testing

• All existing tests pass
• Added new test coverage for path validation, JWT handling, gRPC auth, WebSocket origin checks, lazy init concurrency, and constructor validation

[Copilot]

Pull request overview

This PR strengthens the CLI’s security and reliability posture by adding stricter validation and safer defaults around file path handling, extension/auth flows, and local RPC connectivity.

Changes:

• Introduces shared path-containment utilities (IsPathContained, ResolveContainedPath) and applies them to templates, extensions, and vault path resolution.
• Replaces sync.Once-based lazy initialization with retry-capable osutil.LazyRetryInit for tool installation and telemetry singleton init.
• Tightens local connectivity/auth controls (WebSocket origin validation, gRPC stream auth interceptors, JWT algorithm pinning/key sizing) and adds/updates tests accordingly.

Reviewed changes

Copilot reviewed 48 out of 48 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
cli/azd/test/recording/sanitize.go	Fixes pointer assignment when sanitizing recorded HTTP interactions.
cli/azd/pkg/tools/pack/pack.go	Switches pack tool install guard from sync.Once to retryable lazy init.
cli/azd/pkg/tools/maven/maven.go	Makes Maven command resolution retryable after transient failures.
cli/azd/pkg/tools/github/github.go	Switches GitHub CLI install guard to retryable lazy init.
cli/azd/pkg/tools/bicep/bicep.go	Switches bicep install guard to retryable lazy init; updates concurrency note.
cli/azd/pkg/templates/file_source.go	Uses shared contained-path resolver when loading template sources from files.
cli/azd/pkg/project/container_helper.go	Fixes pointer assignment for Docker file path in ACR build request.
cli/azd/pkg/osutil/path_test.go	Adds unit tests for contained path resolution and containment checks.
cli/azd/pkg/osutil/path.go	Adds shared path containment and root-contained resolution helpers.
cli/azd/pkg/osutil/lazy_retry_init_test.go	Adds tests for retryable lazy init behavior, including concurrency.
cli/azd/pkg/osutil/lazy_retry_init.go	Introduces LazyRetryInit primitive (cache success, retry on error).
cli/azd/pkg/input/console_test.go	Fixes pointer assignment in test prompt server responses.
cli/azd/pkg/infra/provisioning/bicep/bicep_provider_test.go	Fixes pointer assignment in ARM resource mocks.
cli/azd/pkg/infra/azure_resource_manager_test.go	Fixes pointer assignment for target resource IDs in tests.
cli/azd/pkg/extensions/manager_test.go	Adds tests covering containment logic for extension entrypoints and artifact paths.
cli/azd/pkg/extensions/manager.go	Adds containment checks to block path traversal for entrypoints and relative artifact paths.
cli/azd/pkg/extensions/file_source.go	Uses shared contained-path resolver when loading extension sources from files.
cli/azd/pkg/extensions/claims_test.go	Adds tests for claims propagation via context.
cli/azd/pkg/extensions/claims.go	Changes claims retrieval to require validated claims stored in context (interceptor-provided).
cli/azd/pkg/entraid/entraid.go	Fixes pointer assignment for role definition ID.
cli/azd/pkg/config/file_config_manager_test.go	Updates env handling to t.Setenv; adds vault-id validation/path traversal tests.
cli/azd/pkg/config/file_config_manager.go	Adds vault ID allowlist validation + defense-in-depth containment check for vault paths.
cli/azd/pkg/azdext/debugger.go	Clarifies intentional ParseUnverified use for diagnostics only.
cli/azd/pkg/azdext/azd_client_test.go	Adds tests for localhost-address detection.
cli/azd/pkg/azdext/azd_client.go	Requires TLS for non-localhost gRPC connections; adds localhost detection helper.
cli/azd/pkg/azapi/webapp.go	Fixes pointer assignment returning deployment status text.
cli/azd/pkg/azapi/permissions.go	Fixes pointer assignment for ARM filter option.
cli/azd/pkg/azapi/function_app.go	Fixes pointer assignment returning deployment status text.
cli/azd/pkg/alpha/alpha_feature_test.go	Uses t.Setenv; adds concurrent access test and cleanup for default enablement globals.
cli/azd/pkg/alpha/alpha_feature_manager.go	Adds RWMutex protections and reset helper for global default enablement map.
cli/azd/internal/vsrpc/server_test.go	Adds tests validating localhost-only WebSocket Origin handling.
cli/azd/internal/vsrpc/server.go	Adds WebSocket CheckOrigin to prevent cross-site WebSocket hijacking.
cli/azd/internal/vsrpc/origin_case_test.go	Adds tests for origin host case-insensitivity handling.
cli/azd/internal/telemetry/telemetry_test.go	Adjusts tests for retryable singleton init via reset helper.
cli/azd/internal/telemetry/telemetry.go	Replaces sync.Once with retryable lazy init and adds test reset hook.
cli/azd/internal/telemetry/appinsights-exporter/logging.go	Makes diagnostic log listener updates thread-safe.
cli/azd/internal/grpcserver/server_test.go	Adds coverage ensuring stream interceptors enforce auth similarly to unary.
cli/azd/internal/grpcserver/server.go	Adds stream interceptors, shared token validation helper, and stronger signing key size.
cli/azd/internal/grpcserver/extension_claims_test.go	Adds tests for signing key length, algorithm substitution, tampering, and expiry.
cli/azd/internal/grpcserver/extension_claims.go	Pins JWT algorithm to HS256 and uses signing key bytes directly.
cli/azd/internal/agent/tools/mcp/redact_test.go	Adds tests for sensitive-data redaction behavior.
cli/azd/internal/agent/tools/mcp/redact.go	Adds regex-based redaction for auth headers/bearer tokens/query token params.
cli/azd/extensions/azure.ai.agents/internal/pkg/azure/foundry_projects_client_test.go	Adds SSRF-origin checks for pagination and URL path escaping tests.
cli/azd/extensions/azure.ai.agents/internal/pkg/azure/foundry_projects_client.go	Validates constructor inputs, escapes URL path segments, and blocks cross-origin pagination links.
cli/azd/extensions/azure.ai.agents/internal/cmd/init_from_code.go	Adapts to Foundry client constructor now returning an error.
cli/azd/extensions/azure.ai.agents/internal/cmd/init.go	Adapts to Foundry client constructor now returning an error.
cli/azd/cmd/vs_server.go	Fixes pointer assignment for TLS certificate bytes returned to callers.
cli/azd/.vscode/cspell.yaml	Adds new project-specific words for spell checking.

[jongio]

@copilot please re-review the latest changes addressing your 5 review comments.

[Copilot]

@jongio I've opened a new pull request, #7176, to work on those changes. Once the pull request is ready, I'll request review from you.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[vhvb1989]

unit tests are always good, but a big % of these changes are overengineering.

I would also reconsider returning errors to users that are not accionable or validated too late. user-input should be validated after the prompt, and not when the values are used.

[jongio]

Thanks for the review. These changes target specific input validation gaps as defense-in-depth without changing user-facing behavior.