Bug Report: NUL character in file content causes HTTP 400 error in Duo Chat
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
When a file contains a NUL character (\u0000), Duo Chat commands such as /review fails with an HTTP 400 error. The HandleMalformedStrings middleware's depth limit (2 levels) is insufficient to catch malformed strings in GraphQL mutation variables, which are nested 3+ levels deep.
Steps to reproduce
- Create a file with a NUL character at the end (e.g., a VBA file)
- Open the file in VS Code with GitLab Workflow extension
- Select the file content
- Use Duo Chat with the /review command
- Observe HTTP 400 error
What is the current bug behavior?
The GraphQL mutation fails with HTTP 400 and no meaningful error message:
[error]: Error: GraphQL request "mutation: chat" failed with
...
- Response:
- Status: 400
- Errors:What is the expected correct behavior?
Either:
- The request should be rejected with a clear error message indicating invalid characters in the input
- The NUL character should be sanitized/stripped before processing
Relevant logs and/or screenshots
Will add that as confidential comment as this contains customer's information.
Results of GitLab environment info
GitLab Self-Managed 17.11.7
Possible fixes from Duo
Add a custom validator to strip or reject NUL bytes in the affected input types there
# ee/app/graphql/types/ai/current_file_input_type.rb
argument :selected_text, GraphQL::Types::String,
required: true,
description: 'Selected text.',
validates: {
length: { maximum: API::CodeSuggestions::MAX_CONTENT_SIZE },
format: { without: /\x00/, message: 'contains invalid null byte character' }
}Customer Workaround
Remove the NUL character from the file before using Duo Chat.
Link to the support ticket: internal link