fix(amazonq): escaping user input to mitigate xss issue (#2360)

* fix(amazonq): escaping user input to mitigate xss issue

* fix: adding conditional check for applying sanitizeinput

Author: laileni-aws

package-lock.json

@@ -67,8 +67,7 @@
         "vscode-uri": "^3.1.0",
         "ws": "^8.18.0",
         "xml2js": "^0.6.2",
-        "xmlbuilder2": "^3.1.1",
-        "unescape-html": "^1.1.0"
+        "xmlbuilder2": "^3.1.1"
     },
     "devDependencies": {
         "@types/adm-zip": "^0.5.5",

server/aws-lsp-codewhisperer/package.json

@@ -231,7 +231,6 @@ import { CodeWhispererServiceToken } from '../../shared/codeWhispererService'
 import { DisplayFindings } from './tools/qCodeAnalysis/displayFindings'
 import { IDE } from '../../shared/constants'
 import { IdleWorkspaceManager } from '../workspaceContext/IdleWorkspaceManager'
-import escapeHTML = require('escape-html')
 import { SemanticSearch } from './tools/workspaceContext/semanticSearch'
 import { MemoryBankController } from './context/memorybank/memoryBankController'
 
@@ -834,7 +833,7 @@ export class AgenticChatController implements ChatHandlers {
 
     async onChatPrompt(params: ChatParams, token: CancellationToken): Promise<ChatResult | ResponseError<ChatResult>> {
         // Phase 1: Initial Setup - This happens only once
-        params.prompt.prompt = sanitizeInput(params.prompt.prompt || '')
+        params.prompt.prompt = sanitizeInput(params.prompt.prompt || '', true)
 
         IdleWorkspaceManager.recordActivityTimestamp()
 
@@ -1451,7 +1450,7 @@ export class AgenticChatController implements ChatHandlers {
                     this.#debug('Skipping adding user message to history - cancelled by user')
                 } else {
                     this.#chatHistoryDb.addMessage(tabId, 'cwc', conversationIdentifier, {
-                        body: escapeHTML(currentMessage.userInputMessage?.content ?? ''),
+                        body: currentMessage.userInputMessage?.content ?? '',
                         type: 'prompt' as any,
                         userIntent: currentMessage.userInputMessage?.userIntent,
                         origin: currentMessage.userInputMessage?.origin,

server/aws-lsp-codewhisperer/src/language-server/agenticChat/agenticChatController.ts

@@ -35,7 +35,6 @@ import { ChatItemType } from '@aws/mynah-ui'
 import { getUserHomeDir } from '@aws/lsp-core/out/util/path'
 import { ChatHistoryMaintainer } from './chatHistoryMaintainer'
 import { existsSync, renameSync } from 'fs'
-import escapeHTML = require('escape-html')
 
 export class ToolResultValidationError extends Error {
     constructor(message?: string) {
@@ -689,7 +688,6 @@ export class ChatDatabase {
             }
             return {
                 ...message,
-                body: escapeHTML(message.body),
                 userInputMessageContext: {
                     // keep falcon context when inputMessage is not a toolResult message
                     editorState: hasToolResults ? undefined : message.userInputMessageContext?.editorState,

server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/chatDb/chatDb.ts

@@ -28,7 +28,6 @@ import { activeFileCmd } from '../../context/additionalContextProvider'
 import { PriorityQueue } from 'typescript-collections'
 import { Features } from '@aws/language-server-runtimes/server-interface/server'
 import * as crypto from 'crypto'
-import unescapeHTML = require('unescape-html')
 
 // Ported from https://github.com/aws/aws-toolkit-vscode/blob/master/packages/core/src/shared/db/chatDb/util.ts
 
@@ -173,7 +172,7 @@ export function messageToStreamingMessage(msg: Message): StreamingMessage {
 export function messageToChatMessage(msg: Message): ChatMessage[] {
     const chatMessages: ChatMessage[] = [
         {
-            body: unescapeHTML(msg.body),
+            body: msg.body,
             type: msg.type,
             codeReference: msg.codeReference,
             relatedContent:

server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/chatDb/util.ts

@@ -29,9 +29,9 @@ import { ServiceException } from '@smithy/smithy-client'
 import { promises as fs } from 'fs'
 import * as fg from 'fast-glob'
 import { getAuthFollowUpType } from '../language-server/chat/utils'
-import ignore = require('ignore')
 import { InitializeParams } from '@aws/language-server-runtimes/server-interface'
 import { QClientCapabilities } from '../language-server/configuration/qConfigurationServer'
+import escapeHTML = require('escape-html')
 
 export function isAwsError(error: unknown): error is AWSError {
     if (error === undefined) {
@@ -610,10 +610,13 @@ export function getFileExtensionName(filepath: string): string {
  * @param input The input string to sanitize
  * @returns The sanitized string with dangerous characters removed
  */
-export function sanitizeInput(input: string): string {
+export function sanitizeInput(input: string, enableEscapingHTML: boolean = false): string {
     if (!input) {
         return input
     }
+    if (enableEscapingHTML) {
+        input = escapeHTML(input)
+    }
 
     // Remove Unicode tag characters (U+E0000-U+E007F) used in ASCII smuggling
     // Remove other invisible/control characters that could hide content