Phase 1: Security hardening, validation, logging, and image optimization #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- CODE_REVIEW_AND_INTEGRATION_PLAN.md: Comprehensive analysis including: - Security vulnerabilities (hardcoded credentials, OAuth exposure) - Missing components (OAuth script was documented but never created) - Architectural weaknesses (legacy SMTP, no connection pooling) - Operational gaps (no logging, no metrics, no bounce handling) - Compliance issues (GDPR/CAN-SPAM gaps) - 10 expanded enhancement ideas with code examples - 12-week phased integration plan with priorities - Send-M365Digest-OAuth.ps1: The missing OAuth authentication script that was referenced in documentation but never implemented. Includes: - OAuth2 client credentials flow - Secure credential loading options (env vars, Key Vault, encrypted files) - Configuration validation - Detailed setup instructions
## Security Improvements
- Removed all hardcoded credentials from Send-M365Digest-BasicAuth.ps1
- Added 4 secure credential methods: Prompt, Environment, CredentialManager, SecureFile
- URLs in templates are now validated (blocks javascript:, data:, vbscript:)
- Non-URL values are HTML-encoded to prevent XSS injection
## New Features - M365DigestEmailModule v1.1.0
- Test-EmailAddress: RFC-compliant email validation
- Test-UrlSafety: URL scheme validation (http/https only)
- Add-FailedRecipient: Tracks failed emails to CSV file
- Set-DigestLogConfig/Write-DigestLog: Structured JSON logging
- Campaign correlation IDs for tracing
## Module Manifest
- Created M365DigestEmailModule.psd1 with:
- Version 1.1.0
- PowerShell 5.1 minimum requirement
- Exported functions list
- Release notes and metadata
## Image Optimization
- Compressed PNG icons from 4.8MB to 90KB total (98% reduction)
- m365_icon.png: 1.6MB -> 42KB
- exchange_icon.png: 1.6MB -> 34KB
- sharepoint_icon.png: 1.6MB -> 14KB
- Resized to 200x200 max (appropriate for email icons)
## Breaking Changes
- Send-HtmlEmail returns hashtable {Success, Error, Email} instead of boolean
- BasicAuth script requires -CredentialMethod parameter (defaults to 'Prompt')
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
+56
to
+59
| $script:LogConfig.LogFilePath = $LogFilePath | ||
| $script:LogConfig.LogLevel = $LogLevel | ||
| $script:LogConfig.JsonFormat = $JsonFormat | ||
| $script:LogConfig.CorrelationId = $CorrelationId ?? [guid]::NewGuid().ToString('N').Substring(0, 8) |
There was a problem hiding this comment.
With PowerShell 5.1 (the module’s declared minimum), the line in Set-DigestLogConfig uses the PowerShell 7 ?? null-coalescing operator, which 5.1 cannot parse; this prevents the module from loading at all and causes any consuming script to fail before execution. Use an explicit null check instead of ?? to keep the code compatible with the required runtime.
Useful? React with 👍 / 👎.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Test plan