Skip to content

feat(microsoft-excel): add SharePoint drive support for Excel integration #4162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
waleedlatif1 merged 17 commits into from
Apr 15, 2026
Merged

feat(microsoft-excel): add SharePoint drive support for Excel integration #4162

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
9669ca4
feat(microsoft-excel): add SharePoint drive support for Excel integra…
waleedlatif1 Apr 14, 2026
6162253
fix(microsoft-excel): address PR review comments
waleedlatif1 Apr 14, 2026
a3c93ee
fix(microsoft-excel): validate driveId in files route
waleedlatif1 Apr 14, 2026
780fa90
fix(microsoft-excel): unblock OneDrive users and validate driveId in …
waleedlatif1 Apr 14, 2026
f18af3c
fix(microsoft-excel): validate driveId in getItemBasePath utility
waleedlatif1 Apr 14, 2026
65308e4
fix(microsoft-excel): use centralized input validation
waleedlatif1 Apr 14, 2026
2884587
lint
waleedlatif1 Apr 14, 2026
649c3e6
improvement(microsoft-excel): add File Source dropdown to control Sha…
waleedlatif1 Apr 14, 2026
8b1c88c
fix(microsoft-excel): fix canonical param test failures
waleedlatif1 Apr 15, 2026
326114d
fix(microsoft-excel): address PR review feedback for SharePoint drive…
waleedlatif1 Apr 15, 2026
3be18ca
fix(microsoft-excel): use validateMicrosoftGraphId for driveId valida…
waleedlatif1 Apr 15, 2026
12231db
fix(microsoft-excel): use validatePathSegment with strict pattern for…
waleedlatif1 Apr 15, 2026
8148260
lint
waleedlatif1 Apr 15, 2026
16ad6ce
fix(microsoft-excel): reorder driveId before spreadsheetId in v1 block
waleedlatif1 Apr 15, 2026
d1b8778
fix(microsoft-excel): clear manualDriveId when fileSource changes
waleedlatif1 Apr 15, 2026
def6e90
refactor(microsoft-excel): use getItemBasePath in sheets route to rem…
waleedlatif1 Apr 15, 2026
5334c2b
lint
waleedlatif1 Apr 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix(microsoft-excel): use validateMicrosoftGraphId for driveId valida… 
…tion

SharePoint drive IDs use the format b!<base64-string> which contains !
characters rejected by validateAlphanumericId. Switch all driveId
validation to validateMicrosoftGraphId which blocks path traversal and
control characters while accepting valid Microsoft Graph identifiers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
  • Loading branch information
@waleedlatif1 @claude
waleedlatif1 and claude committed Apr 15, 2026
commit 3be18cab8655ff985730b35d09a531a6aa0f8c82
4 changes: 2 additions & 2 deletions apps/sim/app/api/auth/oauth/microsoft/files/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { authorizeCredentialUse } from '@/lib/auth/credential-access'
import { validateAlphanumericId } from '@/lib/core/security/input-validation'
import { validateMicrosoftGraphId } from '@/lib/core/security/input-validation'
import { generateRequestId } from '@/lib/core/utils/request'
import { getCredential, refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'

Expand Down Expand Up @@ -77,7 +77,7 @@ export async function GET(request: NextRequest) {
// When driveId is provided (SharePoint), search within that specific drive.
// Otherwise, search the user's personal OneDrive.
if (driveId) {
const driveIdValidation = validateAlphanumericId(driveId, 'driveId')
const driveIdValidation = validateMicrosoftGraphId(driveId, 'driveId')
if (!driveIdValidation.isValid) {
return NextResponse.json({ error: driveIdValidation.error }, { status: 400 })
}
Expand Down
4 changes: 2 additions & 2 deletions apps/sim/app/api/tools/microsoft_excel/drives/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { authorizeCredentialUse } from '@/lib/auth/credential-access'
import {
validateAlphanumericId,
validateMicrosoftGraphId,
validateSharePointSiteId,
} from '@/lib/core/security/input-validation'
import { generateRequestId } from '@/lib/core/utils/request'
Expand Down Expand Up @@ -70,7 +70,7 @@ export async function POST(request: NextRequest) {

// Single-drive lookup when driveId is provided (used by fetchById)
if (driveId) {
const driveIdValidation = validateAlphanumericId(driveId, 'driveId')
const driveIdValidation = validateMicrosoftGraphId(driveId, 'driveId')
if (!driveIdValidation.isValid) {
return NextResponse.json({ error: driveIdValidation.error }, { status: 400 })
}
Expand Down
7 changes: 2 additions & 5 deletions apps/sim/app/api/tools/microsoft_excel/sheets/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,7 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { authorizeCredentialUse } from '@/lib/auth/credential-access'
import {
validateAlphanumericId,
validateMicrosoftGraphId,
} from '@/lib/core/security/input-validation'
import { validateMicrosoftGraphId } from '@/lib/core/security/input-validation'
import { generateRequestId } from '@/lib/core/utils/request'
import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'

Expand Down Expand Up @@ -72,7 +69,7 @@ export async function GET(request: NextRequest) {
}

if (driveId) {
const driveIdValidation = validateAlphanumericId(driveId, 'driveId')
const driveIdValidation = validateMicrosoftGraphId(driveId, 'driveId')
if (!driveIdValidation.isValid) {
return NextResponse.json({ error: driveIdValidation.error }, { status: 400 })
}
Expand Down
7 changes: 2 additions & 5 deletions apps/sim/tools/microsoft_excel/utils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
import { createLogger } from '@sim/logger'
import {
validateAlphanumericId,
validateMicrosoftGraphId,
} from '@/lib/core/security/input-validation'
import { validateMicrosoftGraphId } from '@/lib/core/security/input-validation'
import type { ExcelCellValue } from '@/tools/microsoft_excel/types'

const logger = createLogger('MicrosoftExcelUtils')
Expand All @@ -19,7 +16,7 @@ export function getItemBasePath(spreadsheetId: string, driveId?: string): string
}

if (driveId) {
const driveValidation = validateAlphanumericId(driveId, 'driveId')
const driveValidation = validateMicrosoftGraphId(driveId, 'driveId')
if (!driveValidation.isValid) {
throw new Error(driveValidation.error)
}
Expand Down
Loading