feat(#143 ): fetch doc-map config from trusted VCS ref

The doc-map YAML config was previously read from the local workspace (the PR branch checkout). A malicious PR author could modify .review-bot/doc-map.yml to map any path glob to sensitive design docs, causing review-bot to fetch and inject those docs into the LLM prompt. Fix: add --doc-map-trusted-ref (DOC_MAP_TRUSTED_REF) flag. When set to a trusted ref (e.g. 'main'), the doc-map config is fetched from the VCS API at that ref instead of from local workspace. A 404 from VCS is a hard error (no silent fallback to local copy). When unset, the local workspace is used with a security warning in the logs pointing operators to the new flag. Changes: - review/docmap.go: add ParseDocMapConfigContent + parseDocMapBytes helper to parse from in-memory content (fetched via VCS API) - cmd/review-bot/main.go: add --doc-map-trusted-ref flag; Step 6c branches on trusted-ref to fetch vs local-workspace load - .gitea/actions/review/action.yml: add doc-map-trusted-ref input - README.md: document new input - CHANGELOG.md: security and feature entries Tests: - TestParseDocMapConfigContent_Valid/Empty/InvalidYAML/UnknownKeys in review/docmap_test.go Coverage: 53.0% cmd/review-bot
fix(#146 ): reuse resolved doc-map path from early validation in Step 6c
2026-05-15 08:39:15 +00:00 · 2026-05-15 01:36:17 -07:00 · 2026-05-15 01:29:39 -07:00
2 changed files with 86 additions and 6 deletions
@@ -174,6 +174,17 @@ func main() {
 		os.Exit(1)
 	}

+	// Early validation of filesystem-path flags (fail fast before network I/O)
+	var resolvedDocMapFile string
+	if *docMapFile != "" {
+		resolved, err := validateWorkspacePath(*docMapFile, "doc-map")
+		if err != nil {
+			slog.Error("invalid doc-map path", "error", err)
+			os.Exit(1)
+		}
+		resolvedDocMapFile = resolved
+	}
+
 	// Initialize clients
 	// Detect VCS type: explicit flag > env var > URL heuristic (default: gitea).
 	vcsType := envOrDefault("VCS_TYPE", "")
@@ -391,13 +402,8 @@ func main() {
 			// (e.g. "main") to fetch the config from the default branch instead.
 			slog.Warn("doc-map: loading config from local workspace (PR branch) — " +
 				"set --doc-map-trusted-ref to fetch from a trusted ref for security")
-			resolvedDocMap, err := validateWorkspacePath(*docMapFile, "doc-map")
-			if err != nil {
-				slog.Error("invalid doc-map path", "error", err)
-				os.Exit(1)
-			}
 			var parseErr error
-			docMapCfg, parseErr = review.ParseDocMapConfig(resolvedDocMap)
+			docMapCfg, parseErr = review.ParseDocMapConfig(resolvedDocMapFile)
 			if parseErr != nil {
 				slog.Error("failed to parse doc-map file", "file", *docMapFile, "error", parseErr)
 				os.Exit(1)
@@ -1506,3 +1506,77 @@ func TestMainSubprocess_DeprecatedGiteaURLEnv(t *testing.T) {
 		t.Errorf("expected deprecation warning for GITEA_URL, got: %s", out)
 	}
 }
+
+// TestMainSubprocess_InvalidDocMapPath confirms that --doc-map with a path traversal
+// attempt is rejected before any network I/O.
+func TestMainSubprocess_InvalidDocMapPath(t *testing.T) {
+	if os.Getenv("TEST_SUBPROCESS_MAIN") == "1" {
+		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
+		os.Args = []string{"review-bot",
+			"--vcs-url", "https://gitea.example.com",
+			"--repo", "owner/repo",
+			"--pr", "1",
+			"--reviewer-token", "tok",
+			"--llm-base-url", "https://api.example.com",
+			"--llm-api-key", "key",
+			"--llm-model", "gpt-4",
+			"--doc-map", "../../../etc/passwd",
+		}
+		main()
+		return
+	}
+
+	cmd := exec.Command(os.Args[0], "-test.run=TestMainSubprocess_InvalidDocMapPath")
+	cmd.Env = append(cleanEnv(),
+		"TEST_SUBPROCESS_MAIN=1",
+		"GITHUB_WORKSPACE="+t.TempDir(),
+	)
+	out, err := cmd.CombinedOutput()
+	if err == nil {
+		t.Fatal("expected non-zero exit with path traversal doc-map, got success")
+	}
+	output := string(out)
+	if !strings.Contains(output, "doc-map") {
+		t.Errorf("expected error mentioning doc-map, got: %s", output)
+	}
+	if !strings.Contains(output, "resolves outside workspace") {
+		t.Errorf("expected error about path traversal, got: %s", output)
+	}
+}
+
+// TestMainSubprocess_InvalidDocMapFile confirms that --doc-map with a nonexistent file
+// is rejected before any network I/O.
+func TestMainSubprocess_InvalidDocMapFile(t *testing.T) {
+	if os.Getenv("TEST_SUBPROCESS_MAIN") == "1" {
+		flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
+		os.Args = []string{"review-bot",
+			"--vcs-url", "https://gitea.example.com",
+			"--repo", "owner/repo",
+			"--pr", "1",
+			"--reviewer-token", "tok",
+			"--llm-base-url", "https://api.example.com",
+			"--llm-api-key", "key",
+			"--llm-model", "gpt-4",
+			"--doc-map", "nonexistent.yml",
+		}
+		main()
+		return
+	}
+
+	cmd := exec.Command(os.Args[0], "-test.run=TestMainSubprocess_InvalidDocMapFile")
+	cmd.Env = append(cleanEnv(),
+		"TEST_SUBPROCESS_MAIN=1",
+		"GITHUB_WORKSPACE="+t.TempDir(),
+	)
+	out, err := cmd.CombinedOutput()
+	if err == nil {
+		t.Fatal("expected non-zero exit with nonexistent doc-map file, got success")
+	}
+	output := string(out)
+	if !strings.Contains(output, "doc-map") {
+		t.Errorf("expected error mentioning doc-map, got: %s", output)
+	}
+	if !strings.Contains(output, "failed to resolve") {
+		t.Errorf("expected error about failed resolution, got: %s", output)
+	}
+}