From d3bc946300e76fe0deb30f6cc67ff96ed605e208 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Fri, 5 Jun 2026 04:22:25 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[MEDIUM]=20?=
 =?UTF-8?q?Add=20input=20validation=20to=20prevent=20Terminal=20Injection?=
 =?UTF-8?q?=20and=20DoS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 project/app.py    |  7 ++++++-
 tests/test_app.py | 14 ++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/project/app.py b/project/app.py
index c8e543c..8376997 100644
--- a/project/app.py
+++ b/project/app.py
@@ -1,4 +1,4 @@
-from click import command, option, secho, version_option
+from click import UsageError, command, option, secho, version_option
 
 
 @command(
@@ -22,6 +22,11 @@ def main(name: str = "World"):
     Args:
       name: the name to be greeted
     """
+    if len(name) > 100:
+        raise UsageError("Invalid name: maximum length is 100 characters.")
+    if any(c < " " for c in name):
+        raise UsageError("Invalid name: control characters are not allowed.")
+
     secho(f"Hello {name}! 👋", fg="green", bold=True)
 
 
diff --git a/tests/test_app.py b/tests/test_app.py
index 7498bef..6fba663 100644
--- a/tests/test_app.py
+++ b/tests/test_app.py
@@ -16,3 +16,17 @@ def test_greet():
     result = runner.invoke(main, ["--name", "Jules"])
     assert result.exit_code == 0
     assert "Hello Jules! 👋" in result.output
+
+
+def test_name_too_long():
+    runner = CliRunner()
+    result = runner.invoke(main, ["--name", "A" * 101])
+    assert result.exit_code != 0
+    assert "maximum length is 100 characters" in result.output
+
+
+def test_name_control_characters():
+    runner = CliRunner()
+    result = runner.invoke(main, ["--name", "Injected\x1b[31mRed\x1b[0m"])
+    assert result.exit_code != 0
+    assert "control characters are not allowed" in result.output