fix: address review feedback on PR #93

- Fix Retry-After slice mutation: copy c.RetryBackoff before modifying to prevent permanent mutation of the shared slice (sonnet#1, security#1) - Cap Retry-After to 120s maximum to prevent excessive sleeps (security#2) - Guard auth header: only set Authorization when token is non-empty (gpt#2) - Fix GetFileContent doc comment to match actual behavior (sonnet#3, gpt#1) - Remove dead 'in_progress/queued' case in mapCheckRunStatus (sonnet#4) - Add testing.Short() guard to slow retry test (sonnet#5) - Reject dot-segments in escapePath to prevent path traversal (security#3) - Add regression tests for non-mutation and escapePath safety
2026-05-12 15:43:45 -07:00
parent d1ef1e21e5
commit 5b43afc6d4
5 changed files with 86 additions and 13 deletions
@@ -205,7 +205,7 @@ func (c *Client) GetCommitStatuses(ctx context.Context, owner, repo, sha string)
 }

 // mapCheckRunStatus maps a check run conclusion+status to a vcs.CommitStatus status string.
-func mapCheckRunStatus(conclusion *string, status string) string {
+func mapCheckRunStatus(conclusion *string, _ string) string {
 	if conclusion == nil {
 		// Still running or queued
 		return "pending"
@@ -217,8 +217,6 @@ func mapCheckRunStatus(conclusion *string, status string) string {
 		return "failure"
 	case "cancelled", "skipped", "neutral":
 		return "success" // non-blocking
-	case "in_progress", "queued":
-		return "pending"
 	default:
 		return "pending"
 	}