[Security][Medium] Encode user-supplied IDs in API path segments

### Summary
Some tool handlers interpolate user-controlled `id` values directly into URL path segments without `encodeURIComponent`, enabling path/query manipulation.

### Affected code
- `src/tools/cloudIncidents.ts:213` (`.../cloudincidents/${id}`)
- `src/tools/anomalies.ts:206` (`.../anomalies/v1/${id}`)

### Impact
IDs containing reserved characters (`/`, `?`, `#`, `%`) can alter the requested path/query and hit unintended endpoints under `api.doit.com`.

### Recommended fix
- Change to `.../${encodeURIComponent(id)}` for all user-provided path segments.

### Acceptance criteria
- All untrusted path segments encoded.
- Tests cover IDs containing reserved characters.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Security][Medium] Encode user-supplied IDs in API path segments #82

Summary

Affected code

Impact

Recommended fix

Acceptance criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Security][Medium] Encode user-supplied IDs in API path segments #82

Description

Summary

Affected code

Impact

Recommended fix

Acceptance criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions