fix: reduce public content credential fixture false positives#1929
fix: reduce public content credential fixture false positives#1929HanShaoshuai-k wants to merge 1 commit into
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (10)
🚧 Files skipped from review as they are similar to previous changes (9)
📝 WalkthroughWalkthroughThe public-content scanner now uses provider-specific credential evidence, refined assignment parsing, and broader benign-value handling. Comment auditing carries review-comment paths into scanning and diagnostics, with expanded tests for detection and fixture behavior. ChangesPublic content auditing
Estimated code review effort: 4 (Complex) | ~60 minutes Sequence Diagram(s)sequenceDiagram
participant EventFile
participant CommentAudit
participant PublicContent
participant Diagnostics
EventFile->>CommentAudit: read event body and review-comment path
CommentAudit->>PublicContent: ScanCommentAtPath(kind, path, body)
PublicContent->>Diagnostics: return diagnostics with the resolved path
CommentAudit->>Diagnostics: print diagnostics and exit with report.ExitCode
Possibly related PRs
Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@internal/qualitygate/publiccontent/scan.go`:
- Around line 62-64: Update sourceCodeTypedCredentialRHS and both its
evidence-extraction and benign-expression classification call sites to accept
and use the current match offset location[0], rather than searching from the
start of the line. Propagate that offset through all affected paths, including
the additional occurrences noted in the review. Add an adjacent regression test
with two identical typed assignments on one line where only the second RHS is
provider-shaped, and verify the second assignment is evaluated correctly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 31834fb3-2579-4c41-95ba-f650b46bc221
📒 Files selected for processing (10)
internal/qualitygate/cmd/comment-audit/main.gointernal/qualitygate/cmd/comment-audit/main_test.gointernal/qualitygate/publiccontent/collect_test.gointernal/qualitygate/publiccontent/comment_audit.gointernal/qualitygate/publiccontent/comment_audit_test.gointernal/qualitygate/publiccontent/credential.gointernal/qualitygate/publiccontent/rules.gointernal/qualitygate/publiccontent/scan.gointernal/qualitygate/publiccontent/scan_test.gointernal/qualitygate/rules/run_test.go
🚀 PR Preview Install Guide🧰 CLI updatenpm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@f6a0c8d5aa446cceec0bc486797c48c05094ad08🧩 Skill updatenpx skills add larksuite/cli#fix/public-content-credential-fixtures -y -g |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #1929 +/- ##
==========================================
- Coverage 74.96% 74.91% -0.06%
==========================================
Files 892 893 +1
Lines 94077 94162 +85
==========================================
+ Hits 70529 70544 +15
- Misses 18137 18200 +63
- Partials 5411 5418 +7 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
8465147 to
0ee2e94
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@internal/qualitygate/publiccontent/scan_test.go`:
- Around line 417-418: Replace aggregate count-only assertions with individual
classification assertions in internal/qualitygate/publiccontent/scan_test.go at
lines 417-418, 394-395, 597-598, 1150-1163, 1183-1184, and 1656-1657: verify
each benign-key, provider, readable, placeholder, expression, and source-literal
fixture directly as allowed or rejected, then retain combined deduplication
checks where applicable.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: c8e13390-295e-4117-9338-57fe18486bd3
📒 Files selected for processing (10)
internal/qualitygate/cmd/comment-audit/main.gointernal/qualitygate/cmd/comment-audit/main_test.gointernal/qualitygate/publiccontent/collect_test.gointernal/qualitygate/publiccontent/comment_audit.gointernal/qualitygate/publiccontent/comment_audit_test.gointernal/qualitygate/publiccontent/credential.gointernal/qualitygate/publiccontent/rules.gointernal/qualitygate/publiccontent/scan.gointernal/qualitygate/publiccontent/scan_test.gointernal/qualitygate/rules/run_test.go
🚧 Files skipped from review as they are similar to previous changes (7)
- internal/qualitygate/publiccontent/comment_audit_test.go
- internal/qualitygate/cmd/comment-audit/main.go
- internal/qualitygate/publiccontent/credential.go
- internal/qualitygate/cmd/comment-audit/main_test.go
- internal/qualitygate/publiccontent/rules.go
- internal/qualitygate/publiccontent/scan.go
- internal/qualitygate/publiccontent/collect_test.go
0ee2e94 to
037667f
Compare
037667f to
f6a0c8d
Compare
Summary
Reduce false positives in public-content credential detection while preserving detection of real credentials.
Changes
Test Plan
Summary by CodeRabbit
Bug Fixes
Tests