test(telegram): add elicit() unit tests; sanitize JSON field keys

bug-ops · bug-ops · commit 5282718288cc · 2026-03-31T21:13:23.000+02:00
- Add 4 unit tests for TelegramChannel::elicit():
  - happy path string field → Accepted with correct key/value
  - /cancel command → Cancelled
  - timeout logic (rx-level isolation, matching confirm pattern)
  - sanitize_field_key strips dashes, spaces, special chars

- Fix sanitize_field_key test: function only strips non-alphanumeric/
  underscore chars, not ANSI sequences — corrected test assertion

- Update coverage-status.md: add row for MCP elicitation phase 2
  (status: Untested) in the zeph-mcp section
diff --git a/crates/zeph-channels/src/telegram.rs b/crates/zeph-channels/src/telegram.rs
@@ -553,7 +553,7 @@ impl Channel for TelegramChannel {
                     .await;
                 return Ok(ElicitationResponse::Declined);
             };
-            values.insert(field.name.clone(), value);
+            values.insert(sanitize_field_key(&field.name), value);
         }
 
         Ok(ElicitationResponse::Accepted(serde_json::Value::Object(
@@ -569,6 +569,17 @@ fn sanitize_markdown(s: &str) -> String {
         .collect()
 }
 
+/// Sanitize a field name for use as a JSON key.
+///
+/// Keeps only alphanumeric characters and underscores to prevent injection via
+/// malicious MCP server field names (e.g. keys with special chars that could
+/// confuse downstream consumers).
+fn sanitize_field_key(s: &str) -> String {
+    s.chars()
+        .filter(|c| c.is_alphanumeric() || *c == '_')
+        .collect()
+}
+
 fn build_telegram_field_prompt(field: &ElicitationField) -> String {
     let req = if field.required { " (required)" } else { "" };
     match &field.field_type {
@@ -976,4 +987,93 @@ mod tests {
             requests.len()
         );
     }
+
+    // ---------------------------------------------------------------------------
+    // elicit() — happy path, timeout, /cancel, field-key sanitization
+    // All tests that exercise elicit() need the mock server because elicit()
+    // calls self.send() (which calls the Telegram Bot API) before reading rx.
+    // ---------------------------------------------------------------------------
+
+    #[tokio::test]
+    async fn elicit_happy_path_string_field_returns_accepted() {
+        let server = MockServer::start().await;
+        let (mut channel, tx) = make_mocked_channel(&server, vec![]).await;
+
+        let request = ElicitationRequest {
+            server_name: "test-server".to_owned(),
+            message: "Please provide your name".to_owned(),
+            fields: vec![ElicitationField {
+                name: "username".to_owned(),
+                description: None,
+                field_type: ElicitationFieldType::String,
+                required: true,
+            }],
+        };
+
+        // Send the answer before calling elicit() so it is buffered in the channel.
+        tx.send(plain_message("alice")).await.unwrap();
+
+        let response = channel.elicit(request).await.unwrap();
+
+        match response {
+            ElicitationResponse::Accepted(val) => {
+                assert_eq!(val["username"], "alice");
+            }
+            other => panic!("expected Accepted, got {other:?}"),
+        }
+    }
+
+    #[tokio::test]
+    async fn elicit_cancel_command_returns_cancelled() {
+        let server = MockServer::start().await;
+        let (mut channel, tx) = make_mocked_channel(&server, vec![]).await;
+
+        let request = ElicitationRequest {
+            server_name: "test-server".to_owned(),
+            message: "Provide a value".to_owned(),
+            fields: vec![ElicitationField {
+                name: "token".to_owned(),
+                description: None,
+                field_type: ElicitationFieldType::String,
+                required: true,
+            }],
+        };
+
+        tx.send(plain_message("/cancel")).await.unwrap();
+
+        let response = channel.elicit(request).await.unwrap();
+        assert!(
+            matches!(response, ElicitationResponse::Cancelled),
+            "expected Cancelled, got {response:?}"
+        );
+    }
+
+    /// Verify the timeout branch of elicit() at the rx level, matching the
+    /// same pattern used in confirm_timeout_logic_denies_on_timeout.
+    #[tokio::test]
+    async fn elicit_timeout_logic_cancels_on_timeout() {
+        tokio::time::pause();
+        let (_tx, mut rx) = mpsc::channel::<IncomingMessage>(1);
+        let timeout_fut = tokio::time::timeout(crate::ELICITATION_TIMEOUT, rx.recv());
+        tokio::time::advance(crate::ELICITATION_TIMEOUT + Duration::from_millis(1)).await;
+        let result = timeout_fut.await;
+        assert!(
+            result.is_err(),
+            "expected Err(Elapsed) for elicitation timeout, got recv result"
+        );
+    }
+
+    // ---------------------------------------------------------------------------
+    // sanitize_field_key — pure unit test (no network)
+    // ---------------------------------------------------------------------------
+
+    #[test]
+    fn sanitize_field_key_strips_special_chars() {
+        assert_eq!(sanitize_field_key("hello world"), "helloworld");
+        assert_eq!(sanitize_field_key("field-name"), "fieldname");
+        assert_eq!(sanitize_field_key("__ok__"), "__ok__");
+        assert_eq!(sanitize_field_key("a.b.c"), "abc");
+        // Alphanumeric chars and underscores are kept; everything else stripped.
+        assert_eq!(sanitize_field_key("key!@#val"), "keyval");
+    }
 }
