feat(#143): fetch doc-map config from trusted VCS ref
CI / test (pull_request) Successful in 18s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 25s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m5s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m17s
CI / test (pull_request) Successful in 18s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 25s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m5s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m17s
The doc-map YAML config was previously read from the local workspace (the PR branch checkout). A malicious PR author could modify .review-bot/doc-map.yml to map any path glob to sensitive design docs, causing review-bot to fetch and inject those docs into the LLM prompt. Fix: add --doc-map-trusted-ref (DOC_MAP_TRUSTED_REF) flag. When set to a trusted ref (e.g. 'main'), the doc-map config is fetched from the VCS API at that ref instead of from local workspace. A 404 from VCS is a hard error (no silent fallback to local copy). When unset, the local workspace is used with a security warning in the logs pointing operators to the new flag. Changes: - review/docmap.go: add ParseDocMapConfigContent + parseDocMapBytes helper to parse from in-memory content (fetched via VCS API) - cmd/review-bot/main.go: add --doc-map-trusted-ref flag; Step 6c branches on trusted-ref to fetch vs local-workspace load - .gitea/actions/review/action.yml: add doc-map-trusted-ref input - README.md: document new input - CHANGELOG.md: security and feature entries Tests: - TestParseDocMapConfigContent_Valid/Empty/InvalidYAML/UnknownKeys in review/docmap_test.go Coverage: 53.0% cmd/review-bot
This commit is contained in:
Rodin
@@ -141,6 +141,16 @@ inputs:
|
||||
description: 'Maximum bytes of injected doc content from doc-map (default 102400 = 100KB)'
|
||||
required: false
|
||||
default: '102400'
|
||||
doc-map-trusted-ref:
|
||||
description: >-
|
||||
Git ref (branch, tag, or SHA) from which to fetch the doc-map config file
|
||||
via VCS API instead of reading it from the local workspace. Recommended
|
||||
when using doc-map: set this to the default branch (e.g. 'main') so a
|
||||
malicious PR cannot modify the doc-map config to inject arbitrary design
|
||||
docs into the LLM prompt. When unset, the config is read from the local
|
||||
workspace (the PR branch) with a security warning in the logs.
|
||||
required: false
|
||||
default: ''
|
||||
|
||||
runs:
|
||||
using: 'composite'
|
||||
@@ -506,6 +516,7 @@ runs:
|
||||
PERSONA_FILE: ${{ inputs.persona-file }}
|
||||
DOC_MAP_FILE: ${{ inputs.doc-map }}
|
||||
DOC_MAP_MAX_BYTES: ${{ inputs.doc-map-max-bytes }}
|
||||
DOC_MAP_TRUSTED_REF: ${{ inputs.doc-map-trusted-ref }}
|
||||
AICORE_CLIENT_ID: ${{ inputs.aicore-client-id }}
|
||||
AICORE_CLIENT_SECRET: ${{ inputs.aicore-client-secret }}
|
||||
AICORE_AUTH_URL: ${{ inputs.aicore-auth-url }}
|
||||
|
||||
Reference in New Issue
Block a user