fix: address PR review feedback

- Fix swap.go indentation (extra tab on idx assignment)
- Reject relative nextLink URLs in pagination (SSRF protection)
- Clarify sanitizeControlChars comment
- Use golang.org/x/term.IsTerminal for reliable TTY detection

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jongio

cli/azd/extensions/azure.appservice/internal/cmd/swap.go

@@ -267,7 +267,7 @@ func runSwap(ctx context.Context, flags *swapFlags, rootFlags rootFlagsDefinitio
 					return fmt.Errorf("selecting source slot: %w", err)
 				}
 
-					idx := int(prompt.GetValue())
+				idx := int(prompt.GetValue())
 				if idx < 0 || idx >= len(srcChoices) {
 					return fmt.Errorf("invalid source slot selection index: %d", idx)
 				}

cli/azd/pkg/azdext/pagination.go

@@ -219,7 +219,13 @@ func (p *Pager[T]) validateNextLink(nextLink string) error {
 		return fmt.Errorf("invalid nextLink URL: %w", err)
 	}
 
-	if u.Scheme != "" && u.Scheme != "https" {
+	// Reject relative URLs (empty scheme) — they would fail at request time
+	// with a "missing protocol scheme" error, and non-absolute URLs may be
+	// used for path-based SSRF attacks.
+	if u.Scheme == "" {
+		return fmt.Errorf("nextLink must be an absolute URL with an HTTPS scheme")
+	}
+	if u.Scheme != "https" {
 		return fmt.Errorf("nextLink must use HTTPS (got %q)", u.Scheme)
 	}
 
@@ -313,8 +319,8 @@ func redactURL(rawURL string) string {
 	return u.String()
 }
 
-// sanitizeControlChars replaces control characters with spaces to prevent
-// log-forging attacks in stored error bodies. Newlines and tabs are preserved.
+// sanitizeControlChars replaces control characters (except newlines and tabs)
+// with spaces to prevent log-forging attacks in stored error bodies.
 func sanitizeControlChars(s string) string {
 	return strings.Map(func(r rune) rune {
 		if unicode.IsControl(r) && r != '\n' && r != '\t' {

cli/azd/pkg/azdext/shell.go

@@ -10,6 +10,8 @@ import (
 	"os/exec"
 	"runtime"
 	"strings"
+
+	"golang.org/x/term"
 )
 
 // ---------------------------------------------------------------------------
@@ -182,20 +184,16 @@ func ShellCommandWith(ctx context.Context, info ShellInfo, script string) (*exec
 // IsInteractiveTerminal reports whether the given file descriptor is connected
 // to an interactive terminal (TTY).
 //
-// Platform behavior:
-//   - Unix: Uses [os.File.Stat] to check for character device mode.
-//   - Windows: Uses [os.File.Stat] to check for character device mode.
+// Uses [golang.org/x/term.IsTerminal] for reliable cross-platform detection,
+// correctly distinguishing TTYs from non-interactive character devices
+// like /dev/null.
 //
 // This function is safe to call with nil (returns false).
 func IsInteractiveTerminal(f *os.File) bool {
 	if f == nil {
 		return false
 	}
-	fi, err := f.Stat()
-	if err != nil {
-		return false
-	}
-	return fi.Mode()&os.ModeCharDevice != 0
+	return term.IsTerminal(int(f.Fd()))
 }
 
 // IsStdinTerminal reports whether standard input is an interactive terminal.