Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 aweiker
|
51b9a6dc46 |
@@ -9,13 +9,7 @@
|
||||
# token exfiltration. API calls use github.api_url; downloads use
|
||||
# github.server_url. Tokens are never sent to user-supplied URLs.
|
||||
# - On Gitea (VCS_TYPE=gitea), inputs.vcs-url is validated (https scheme,
|
||||
# no whitespace/newlines, and DNS resolution to a public IP) before use.
|
||||
# Python3 resolves the hostname and rejects RFC1918, RFC6598 (carrier-grade
|
||||
# NAT), loopback, link-local, and other reserved addresses to prevent SSRF attacks.
|
||||
# The installed review-bot binary additionally uses a safe HTTP transport
|
||||
# (DialContext-level IP check) for all Gitea API calls at runtime.
|
||||
# The binary also exposes a `validate-url` subcommand for use in any future
|
||||
# shell steps that need to validate a URL before passing it to curl.
|
||||
# no whitespace/newlines) before use.
|
||||
# - action-repo is validated against owner/repo pattern.
|
||||
# - Tokens are passed via masked environment variables, not step outputs.
|
||||
#
|
||||
@@ -191,36 +185,6 @@ runs:
|
||||
echo "Error: SERVER_URL '${SERVER_URL}' must be an https:// URL with no whitespace" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Additional IP-level SSRF defense: resolve the hostname and reject
|
||||
# requests to RFC1918, RFC6598 (carrier-grade NAT), loopback, link-local,
|
||||
# and other reserved addresses.
|
||||
# python3 is required on ubuntu-* runners (see requirements comment above).
|
||||
# Use printf to write the script to a temp file so the python lines are valid
|
||||
# YAML (each indented line becomes a printf argument — no unindented code).
|
||||
# SERVER_URL is passed via CHECK_URL env var, never interpolated into python code.
|
||||
printf '%s\n' \
|
||||
'import socket,ipaddress,sys,os' \
|
||||
'from urllib.parse import urlparse' \
|
||||
'u=os.environ["CHECK_URL"]; parsed=urlparse(u)' \
|
||||
'if parsed.username or parsed.password:' \
|
||||
' print("Error: URL contains user-info — not allowed",file=sys.stderr); sys.exit(2)' \
|
||||
'h=parsed.hostname' \
|
||||
'(print("Error: no hostname",file=sys.stderr) or sys.exit(2)) if not h else None' \
|
||||
'try: rs=socket.getaddrinfo(h,None)' \
|
||||
'except socket.gaierror as e: print(f"DNS error: {e}",file=sys.stderr); sys.exit(1)' \
|
||||
'if not rs: print("Error: no addresses",file=sys.stderr); sys.exit(1)' \
|
||||
'for _,_,_,_,(a,*_) in rs:' \
|
||||
' ip=ipaddress.ip_address(a)' \
|
||||
' if isinstance(ip,ipaddress.IPv6Address) and ip.ipv4_mapped: ip=ip.ipv4_mapped' \
|
||||
' cgn=ipaddress.ip_network("100.64.0.0/10")' \
|
||||
' if ip.is_private or ip.is_loopback or ip.is_link_local or ip.is_multicast or ip.is_reserved or ip in cgn:' \
|
||||
' print(f"blocked: {a}",file=sys.stderr); sys.exit(1)' \
|
||||
> /tmp/_ssrf_check.py
|
||||
CHECK_URL="${SERVER_URL}" python3 /tmp/_ssrf_check.py || {
|
||||
echo "Error: SERVER_URL '${SERVER_URL}' resolves to a private/reserved IP address" >&2
|
||||
exit 1
|
||||
}
|
||||
fi
|
||||
|
||||
# Determine auth token for release API requests
|
||||
@@ -341,36 +305,6 @@ runs:
|
||||
ACTION_TOKEN="${ACTION_TOKEN:-}"
|
||||
BINARY="review-bot-${OS}-${ARCH}"
|
||||
|
||||
# SECURITY: Re-validate SERVER_URL at the start of this step to mitigate DNS
|
||||
# rebinding attacks. A DNS TTL expiry between "Determine version" and here
|
||||
# could allow an attacker to change the resolved IP to a private/reserved
|
||||
# address, causing curl to send ACTION_TOKEN to an internal host.
|
||||
# Only needed on Gitea path (VCS_TYPE=gitea); GitHub/GHES uses platform-controlled URLs.
|
||||
if [ "$VCS_TYPE" = "gitea" ]; then
|
||||
printf '%s\n' \
|
||||
'import socket,ipaddress,sys,os' \
|
||||
'from urllib.parse import urlparse' \
|
||||
'u=os.environ["CHECK_URL"]; parsed=urlparse(u)' \
|
||||
'if parsed.username or parsed.password:' \
|
||||
' print("Error: URL contains user-info — not allowed",file=sys.stderr); sys.exit(2)' \
|
||||
'h=parsed.hostname' \
|
||||
'(print("Error: no hostname",file=sys.stderr) or sys.exit(2)) if not h else None' \
|
||||
'try: rs=socket.getaddrinfo(h,None)' \
|
||||
'except socket.gaierror as e: print(f"DNS error: {e}",file=sys.stderr); sys.exit(1)' \
|
||||
'if not rs: print("Error: no addresses",file=sys.stderr); sys.exit(1)' \
|
||||
'for _,_,_,_,(a,*_) in rs:' \
|
||||
' ip=ipaddress.ip_address(a)' \
|
||||
' if isinstance(ip,ipaddress.IPv6Address) and ip.ipv4_mapped: ip=ip.ipv4_mapped' \
|
||||
' cgn=ipaddress.ip_network("100.64.0.0/10")' \
|
||||
' if ip.is_private or ip.is_loopback or ip.is_link_local or ip.is_multicast or ip.is_reserved or ip in cgn:' \
|
||||
' print(f"blocked: {a}",file=sys.stderr); sys.exit(1)' \
|
||||
> /tmp/_ssrf_check_install.py
|
||||
CHECK_URL="${SERVER_URL}" python3 /tmp/_ssrf_check_install.py || {
|
||||
echo "Error: SERVER_URL '${SERVER_URL}' resolves to a private/reserved IP address" >&2
|
||||
exit 1
|
||||
}
|
||||
fi
|
||||
|
||||
if [ "$VCS_TYPE" = "github" ]; then
|
||||
# GitHub/GHES: Use REST API for release asset downloads.
|
||||
# Web release URLs ({server}/.../releases/download/{tag}/{asset}) redirect
|
||||
@@ -389,13 +323,27 @@ runs:
|
||||
fi
|
||||
|
||||
# Extract asset IDs for binary and checksums
|
||||
BINARY_ASSET_ID=$(printf '%s' "$RELEASE_JSON" | python3 -c "import sys, json; assets = json.load(sys.stdin).get('assets', []); matches = [a['id'] for a in assets if a['name'] == '${BINARY}']; print(matches[0] if matches else '')")
|
||||
BINARY_ASSET_ID=$(printf '%s' "$RELEASE_JSON" | python3 -c "
|
||||
import sys, json
|
||||
assets = json.load(sys.stdin).get('assets', [])
|
||||
for a in assets:
|
||||
if a['name'] == '${BINARY}':
|
||||
print(a['id'])
|
||||
break
|
||||
")
|
||||
if [ -z "$BINARY_ASSET_ID" ]; then
|
||||
echo "Error: could not find asset '${BINARY}' in release ${VERSION}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CHECKSUMS_ASSET_ID=$(printf '%s' "$RELEASE_JSON" | python3 -c "import sys, json; assets = json.load(sys.stdin).get('assets', []); matches = [a['id'] for a in assets if a['name'] == 'checksums.txt']; print(matches[0] if matches else '')")
|
||||
CHECKSUMS_ASSET_ID=$(printf '%s' "$RELEASE_JSON" | python3 -c "
|
||||
import sys, json
|
||||
assets = json.load(sys.stdin).get('assets', [])
|
||||
for a in assets:
|
||||
if a['name'] == 'checksums.txt':
|
||||
print(a['id'])
|
||||
break
|
||||
")
|
||||
if [ -z "$CHECKSUMS_ASSET_ID" ]; then
|
||||
echo "Error: could not find asset 'checksums.txt' in release ${VERSION}" >&2
|
||||
exit 1
|
||||
@@ -476,7 +424,6 @@ runs:
|
||||
shell: bash
|
||||
env:
|
||||
VCS_URL: ${{ steps.version.outputs.server_url }}
|
||||
VCS_TYPE: ${{ steps.version.outputs.vcs_type }}
|
||||
GITEA_REPO: ${{ inputs.repo || github.repository }}
|
||||
PR_NUMBER: ${{ inputs.pr-number || github.event.pull_request.number }}
|
||||
REVIEWER_TOKEN: ${{ inputs.reviewer-token }}
|
||||
|
||||
@@ -285,7 +285,7 @@ review-bot \
|
||||
--vcs-url https://gitea.example.com \
|
||||
--repo owner/name \
|
||||
--pr 42 \
|
||||
--reviewer-token "$REVIEWER_TOKEN" \
|
||||
--reviewer-token "$GITEA_TOKEN" \
|
||||
--reviewer-name "code-review" \
|
||||
--llm-base-url https://api.openai.com/v1 \
|
||||
--llm-api-key "$OPENAI_API_KEY" \
|
||||
@@ -300,8 +300,7 @@ All flags have environment variable equivalents:
|
||||
| Flag | Env Var |
|
||||
|------|---------|
|
||||
| `--vcs-url` | `VCS_URL` (fallback: `GITEA_URL`) |
|
||||
| `--vcs-type` | `VCS_TYPE` (auto-detected from URL if not set; `gitea` or `github`) |
|
||||
| `--repo` | `GITEA_REPO` (also accepted: set `GITEA_REPO` for Gitea; VCS-agnostic `REPO` coming) |
|
||||
| `--repo` | `GITEA_REPO` |
|
||||
| `--pr` | `PR_NUMBER` |
|
||||
| `--reviewer-token` | `REVIEWER_TOKEN` |
|
||||
| `--reviewer-name` | `REVIEWER_NAME` |
|
||||
|
||||
@@ -1,88 +0,0 @@
|
||||
## Dev Loop: review-bot — 2026-05-14 20:10 UTC
|
||||
|
||||
### Latest: ✅ STABLE STATE — REPO HEALTH COMPLETE
|
||||
- **Last action:** health check; verified tests pass, repo clean, no action needed
|
||||
- **Repository:** Clean, all merges complete, no open issues/PRs
|
||||
- **Main branch:** Up to date with origin/main
|
||||
- **Test suite:** All passing (cached)
|
||||
|
||||
---
|
||||
|
||||
## Repository Status
|
||||
|
||||
### ✅ Merged to main (recent):
|
||||
- issue-123 (IP-level SSRF defense) — 6 commits, main at 4440823
|
||||
- issue-125 (VCS_URL rename + deprecation) — merged
|
||||
- issue-124 (multi-arch binary support) — merged
|
||||
- issue-120 (GitHub Actions + VCS abstraction) — merged
|
||||
- issue-121 (VCS host type detection for binary download) — merged
|
||||
|
||||
### 🧹 Cleanup COMPLETE:
|
||||
- ✅ Removed old worktrees (issue-123, review-bot-issue-125)
|
||||
- ✅ Test suite passes (all packages)
|
||||
- ✅ No TODO/FIXME in code except expected GitHub client notes
|
||||
- ✅ No open issues or pull requests
|
||||
- ✅ Dependencies up to date
|
||||
|
||||
---
|
||||
|
||||
## Current Feature Completeness
|
||||
|
||||
✅ **Core Capabilities:**
|
||||
- Multi-provider LLM support (OpenAI, Anthropic, SAP AI Core)
|
||||
- Gitea PR integration with structured reviews
|
||||
- SSRF defense with IP-level validation
|
||||
- VCS abstraction (Gitea/GitHub support)
|
||||
- Multi-architecture binary support
|
||||
- GitHub Actions composite action
|
||||
|
||||
✅ **Recent Security Work:**
|
||||
- RFC6598 CGN range detection
|
||||
- IP fallback dialing for local endpoint rejection
|
||||
- URL validation for SSRF prevention
|
||||
|
||||
✅ **Code Quality:**
|
||||
- Comprehensive test coverage (all packages tested)
|
||||
- Consistent error handling with context propagation
|
||||
- Secure credential handling (unexported fields)
|
||||
- Concurrency-safe designs
|
||||
|
||||
---
|
||||
|
||||
## Next Priority Actions
|
||||
|
||||
### Phase 2: Feature Exploration (NEXT SESSION)
|
||||
- Scan code for potential improvements per REVIEW.md findings
|
||||
- Assess performance under load
|
||||
- Review REVIEW.md findings for targeted fixes
|
||||
- Consider backlog items from design docs
|
||||
|
||||
### Phase 3: Optional Enhancements (BACKLOG)
|
||||
- Address REVIEW.md context propagation findings (if prioritized)
|
||||
- Additional LLM provider support
|
||||
- Enhanced context detection
|
||||
- Custom report formats
|
||||
- Webhook management improvements
|
||||
|
||||
---
|
||||
|
||||
## Worktrees Status
|
||||
All old worktrees cleaned up. Ready for new issue work.
|
||||
|
||||
---
|
||||
|
||||
## Dev-Loop Metadata
|
||||
- **Repo:** /home/ubuntu/review-bot
|
||||
- **Main branch SHA:** ed3a5dd (last commit)
|
||||
- **Cron ID:** 5342ac81-4bbc-4e4c-a123-347a7788d50c
|
||||
- **Scheduled:** Every 4 hours
|
||||
- **Last health check:** 2026-05-14 20:10 UTC (✅ all healthy)
|
||||
|
||||
## Self-Review: review-bot-issue-130-work — 2026-05-14
|
||||
|
||||
### Verdict: NEEDS_WORK
|
||||
|
||||
- [x] [completeness] `VCS_TYPE` env var is detected in `main.go` but **not passed from `action.yml`'s `Run review` step** to the binary. The binary falls back to a URL heuristic (`github.com` / `github.concur.com` substrings), which will silently misclassify any GitHub Enterprise Server whose hostname does not contain `github`. The action already has `vcs_type` as a step output — it should be passed as `VCS_TYPE: ${{ steps.version.outputs.vcs_type }}` in the `Run review` env block.
|
||||
- [x] [completeness] `README.md` still references `GITEA_REPO` and `$GITEA_TOKEN` in the CLI example (line ~288) and the env var table (line ~303). Now that the binary supports GitHub too, these should be renamed to VCS-agnostic names (`VCS_REPO`/`REPO`, `VCS_TOKEN`/`REVIEWER_TOKEN`) or at minimum the env var table should note GitHub support.
|
||||
- [x] [fit] `vcsReviewComment.NewPosition` field comment says "Gitea: absolute line; GitHub: diff hunk position" but in `githubVCSAdapter.PostReview` it is actually mapped to `Line` (absolute line) + `Side: "RIGHT"`, not to `Position` (hunk position). The field name and comment are now slightly misleading — the field means "new line number" for Gitea and is repurposed as "absolute line" for GitHub. Consider renaming to `Line` or `NewLine` with a clearer comment explaining the per-backend semantics.
|
||||
- [x] [instinct] `validateurl.go` imports `gitea` package for `gitea.IsBlockedIP` — this creates a dependency from the GitHub-generic `validateurl.go` on the Gitea-specific package. The `IsBlockedIP` function is a general networking utility. Consider moving it to a shared `internal/netutil` package (or keeping it in `gitea` and accepting the coupling), but the current import is an unexpected relationship.
|
||||
+61
-102
@@ -4,7 +4,6 @@ import (
|
||||
"context"
|
||||
"flag"
|
||||
"fmt"
|
||||
"io"
|
||||
"log/slog"
|
||||
"os"
|
||||
"path/filepath"
|
||||
@@ -14,20 +13,12 @@ import (
|
||||
|
||||
"gitea.weiker.me/rodin/review-bot/budget"
|
||||
"gitea.weiker.me/rodin/review-bot/gitea"
|
||||
"gitea.weiker.me/rodin/review-bot/github"
|
||||
"gitea.weiker.me/rodin/review-bot/llm"
|
||||
"gitea.weiker.me/rodin/review-bot/review"
|
||||
)
|
||||
|
||||
var version = "dev"
|
||||
|
||||
// outWriter and errWriter are the output and error writers for subcommands.
|
||||
// They are variables so tests can capture output.
|
||||
var (
|
||||
outWriter io.Writer = os.Stdout
|
||||
errWriter io.Writer = os.Stderr
|
||||
)
|
||||
|
||||
// setupLogger configures the global slog default logger based on format and verbosity.
|
||||
func setupLogger(format, verbosity string) {
|
||||
var level slog.Level
|
||||
@@ -58,15 +49,6 @@ func setupLogger(format, verbosity string) {
|
||||
}
|
||||
|
||||
func main() {
|
||||
// Dispatch subcommands before flag parsing so they get their own args.
|
||||
// e.g. `review-bot validate-url <url>`
|
||||
if len(os.Args) > 1 {
|
||||
switch os.Args[1] {
|
||||
case "validate-url":
|
||||
os.Exit(runValidateURL(os.Args[2:]))
|
||||
}
|
||||
}
|
||||
|
||||
versionFlag := flag.Bool("version", false, "Print version and exit")
|
||||
// Logging flags
|
||||
logFormat := flag.String("log-format", envOrDefault("LOG_FORMAT", "text"), "Log output format: text or json")
|
||||
@@ -170,39 +152,7 @@ func main() {
|
||||
}
|
||||
|
||||
// Initialize clients
|
||||
// Detect VCS type: explicit flag > env var > URL heuristic (default: gitea).
|
||||
vcsType := envOrDefault("VCS_TYPE", "")
|
||||
if vcsType == "" {
|
||||
// Heuristic: if the URL looks like github.com or a GitHub Enterprise host,
|
||||
// default to GitHub. The composite action sets VCS_TYPE explicitly, so this
|
||||
// is a fallback for manual invocations.
|
||||
if strings.Contains(*vcsURL, "github.com") || strings.Contains(*vcsURL, "github.concur.com") {
|
||||
vcsType = "github"
|
||||
} else {
|
||||
vcsType = "gitea"
|
||||
}
|
||||
}
|
||||
slog.Info("VCS type detected", "vcs_type", vcsType, "vcs_url", *vcsURL)
|
||||
|
||||
var vcs vcsClient
|
||||
switch vcsType {
|
||||
case "github":
|
||||
// GitHub: baseURL is the API URL, derived from server URL.
|
||||
// github.com → https://api.github.com
|
||||
// GHES (e.g. https://ghe.example.com) → https://ghe.example.com/api/v3
|
||||
apiURL := githubAPIURL(*vcsURL)
|
||||
ghClient := github.NewClient(*reviewerToken, apiURL)
|
||||
vcs = newGithubVCSAdapter(ghClient)
|
||||
slog.Info("using GitHub VCS client", "api_url", apiURL)
|
||||
case "gitea":
|
||||
giteaClient := gitea.NewClient(*vcsURL, *reviewerToken)
|
||||
vcs = newGiteaVCSAdapter(giteaClient)
|
||||
slog.Info("using Gitea VCS client", "url", *vcsURL)
|
||||
default:
|
||||
slog.Error("unsupported VCS type", "vcs_type", vcsType, "valid", "gitea, github")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
giteaClient := gitea.NewClient(*vcsURL, *reviewerToken)
|
||||
llmClient := llm.NewClient(*llmBaseURL, *llmAPIKey, *llmModel)
|
||||
if *llmTemp < 0 || *llmTemp > 2 {
|
||||
slog.Error("invalid LLM temperature", "temperature", *llmTemp, "range", "0-2")
|
||||
@@ -240,7 +190,7 @@ func main() {
|
||||
var persona *review.Persona
|
||||
if *personaName != "" {
|
||||
// Try loading from repo first, then fall back to built-in
|
||||
repoPersonas, err := review.LoadRepoPersonas(ctx, vcs, owner, repoName)
|
||||
repoPersonas, err := review.LoadRepoPersonas(ctx, newGiteaClientAdapter(giteaClient), owner, repoName)
|
||||
if err != nil {
|
||||
slog.Warn("could not load repo personas", "repo", owner+"/"+repoName, "error", err)
|
||||
// Continue with built-in personas only.
|
||||
@@ -276,7 +226,7 @@ func main() {
|
||||
slog.Info("reviewing pull request", "pr", prNumber, "repo", fmt.Sprintf("%s/%s", owner, repoName))
|
||||
|
||||
// Step 1: Fetch PR metadata
|
||||
pr, err := vcs.GetPullRequest(ctx, owner, repoName, prNumber)
|
||||
pr, err := giteaClient.GetPullRequest(ctx, owner, repoName, prNumber)
|
||||
if err != nil {
|
||||
slog.Error("failed to fetch PR", "pr", prNumber, "error", err)
|
||||
os.Exit(1)
|
||||
@@ -284,7 +234,7 @@ func main() {
|
||||
slog.Info("fetched PR metadata", "pr", prNumber, "title", pr.Title)
|
||||
|
||||
// Step 2: Fetch diff
|
||||
diff, err := vcs.GetPullRequestDiff(ctx, owner, repoName, prNumber)
|
||||
diff, err := giteaClient.GetPullRequestDiff(ctx, owner, repoName, prNumber)
|
||||
if err != nil {
|
||||
slog.Error("failed to fetch diff", "pr", prNumber, "error", err)
|
||||
os.Exit(1)
|
||||
@@ -293,11 +243,11 @@ func main() {
|
||||
|
||||
// Step 3: Fetch full file content for modified files
|
||||
fileContext := ""
|
||||
files, err := vcs.GetPullRequestFiles(ctx, owner, repoName, prNumber)
|
||||
files, err := giteaClient.GetPullRequestFiles(ctx, owner, repoName, prNumber)
|
||||
if err != nil {
|
||||
slog.Warn("could not fetch PR files list", "pr", prNumber, "error", err)
|
||||
} else {
|
||||
fileContext = fetchFileContext(ctx, vcs, owner, repoName, pr.Head.Ref, files)
|
||||
fileContext = fetchFileContext(ctx, giteaClient, owner, repoName, pr.Head.Ref, files)
|
||||
slog.Debug("fetched file context", "files", len(files))
|
||||
}
|
||||
|
||||
@@ -305,7 +255,7 @@ func main() {
|
||||
ciPassed := true
|
||||
ciDetails := ""
|
||||
if pr.Head.Sha != "" {
|
||||
statuses, err := vcs.GetCommitStatuses(ctx, owner, repoName, pr.Head.Sha)
|
||||
statuses, err := giteaClient.GetCommitStatuses(ctx, owner, repoName, pr.Head.Sha)
|
||||
if err != nil {
|
||||
slog.Warn("could not fetch CI status", "sha", pr.Head.Sha, "error", err)
|
||||
} else {
|
||||
@@ -317,7 +267,7 @@ func main() {
|
||||
// Step 5: Load conventions file if specified
|
||||
conventions := ""
|
||||
if *conventionsFile != "" {
|
||||
content, err := vcs.GetFileContent(ctx, owner, repoName, *conventionsFile)
|
||||
content, err := giteaClient.GetFileContent(ctx, owner, repoName, *conventionsFile)
|
||||
if err != nil {
|
||||
slog.Warn("could not load conventions file", "file", *conventionsFile, "error", err)
|
||||
} else {
|
||||
@@ -329,7 +279,7 @@ func main() {
|
||||
// Step 6: Load patterns from external repo if specified
|
||||
patterns := ""
|
||||
if *patternsRepo != "" {
|
||||
patterns = fetchPatterns(ctx, vcs, *patternsRepo, *patternsFiles)
|
||||
patterns = fetchPatterns(ctx, giteaClient, *patternsRepo, *patternsFiles)
|
||||
slog.Debug("loaded patterns", "repo", *patternsRepo, "bytes", len(patterns))
|
||||
}
|
||||
|
||||
@@ -444,7 +394,7 @@ func main() {
|
||||
// Stale check: verify HEAD hasn't moved since we started
|
||||
evaluatedSHA := pr.Head.Sha
|
||||
var currentSHA string
|
||||
currentPR, err := vcs.GetPullRequest(ctx, owner, repoName, prNumber)
|
||||
currentPR, err := giteaClient.GetPullRequest(ctx, owner, repoName, prNumber)
|
||||
if err != nil {
|
||||
slog.Warn("could not re-fetch PR for stale check", "pr", prNumber, "error", err)
|
||||
// currentSHA stays empty — shouldSkipStaleReview will return false
|
||||
@@ -461,13 +411,13 @@ func main() {
|
||||
|
||||
// Map findings to inline comments for lines present in the diff
|
||||
diffRanges := gitea.ParseDiffNewLines(diff)
|
||||
var inlineComments []vcsReviewComment
|
||||
var inlineComments []gitea.ReviewComment
|
||||
for _, f := range result.Findings {
|
||||
if f.File != "" && f.Line > 0 && diffRanges.Contains(f.File, f.Line) {
|
||||
inlineComments = append(inlineComments, vcsReviewComment{
|
||||
Path: f.File,
|
||||
NewLine: int64(f.Line),
|
||||
Body: fmt.Sprintf("**[%s]** %s", f.Severity, f.Finding),
|
||||
inlineComments = append(inlineComments, gitea.ReviewComment{
|
||||
Path: f.File,
|
||||
NewPosition: int64(f.Line),
|
||||
Body: fmt.Sprintf("**[%s]** %s", f.Severity, f.Finding),
|
||||
})
|
||||
}
|
||||
}
|
||||
@@ -479,9 +429,9 @@ func main() {
|
||||
// 1. POST new review first (gets non-stale approval badge on HEAD)
|
||||
// 2. Then supersede old review with link to the new one
|
||||
// Order matters: post first so we have the new review's URL for the supersede message.
|
||||
var oldReviews []vcsReview
|
||||
var oldReviews []gitea.Review
|
||||
if *reviewerName != "" {
|
||||
existingReviews, err := vcs.ListReviews(ctx, owner, repoName, prNumber)
|
||||
existingReviews, err := giteaClient.ListReviews(ctx, owner, repoName, prNumber)
|
||||
if err != nil {
|
||||
slog.Warn("could not list existing reviews", "pr", prNumber, "error", err)
|
||||
} else {
|
||||
@@ -494,11 +444,11 @@ func main() {
|
||||
}
|
||||
|
||||
// Self-request as reviewer (ensures we appear in required-reviewer checks)
|
||||
authUser, err := vcs.GetAuthenticatedUser(ctx)
|
||||
authUser, err := giteaClient.GetAuthenticatedUser(ctx)
|
||||
if err != nil {
|
||||
slog.Warn("could not determine authenticated user for reviewer self-request", "error", err)
|
||||
} else if authUser != "" {
|
||||
if err := vcs.RequestReviewer(ctx, owner, repoName, prNumber, authUser); err != nil {
|
||||
if err := giteaClient.RequestReviewer(ctx, owner, repoName, prNumber, authUser); err != nil {
|
||||
slog.Warn("could not self-request as reviewer", "user", authUser, "error", err)
|
||||
} else {
|
||||
slog.Debug("self-requested as reviewer", "user", authUser, "pr", prNumber)
|
||||
@@ -507,34 +457,31 @@ func main() {
|
||||
|
||||
// POST new review
|
||||
slog.Info("posting review", "event", event, "pr", prNumber)
|
||||
posted, err := vcs.PostReview(ctx, owner, repoName, prNumber, event, reviewBody, evaluatedSHA, inlineComments)
|
||||
posted, err := giteaClient.PostReview(ctx, owner, repoName, prNumber, event, reviewBody, evaluatedSHA, inlineComments)
|
||||
if err != nil {
|
||||
slog.Error("failed to post review", "pr", prNumber, "event", event, "error", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
slog.Info("review posted", "review_id", posted.ID, "user", posted.User.Login, "pr", prNumber)
|
||||
|
||||
// Supersede all old reviews with link to the new one.
|
||||
// This is only supported on Gitea (requires timeline API); GitHub reviews cannot
|
||||
// be edited after submission, so we skip the supersede step there.
|
||||
extVCS, isGiteaExt := vcs.(giteaExtClient)
|
||||
if len(oldReviews) > 0 && isGiteaExt {
|
||||
// Supersede all old reviews with link to the new one
|
||||
if len(oldReviews) > 0 {
|
||||
newReviewURL := fmt.Sprintf("%s/%s/%s/pulls/%d#pullrequestreview-%d", strings.TrimRight(*vcsURL, "/"), owner, repoName, prNumber, posted.ID)
|
||||
for _, oldReview := range oldReviews {
|
||||
cid, err := extVCS.GetTimelineReviewCommentIDForReview(ctx, owner, repoName, int64(prNumber), oldReview.ID)
|
||||
cid, err := giteaClient.GetTimelineReviewCommentIDForReview(ctx, owner, repoName, prNumber, oldReview.ID)
|
||||
if err != nil {
|
||||
slog.Warn("could not find comment ID for old review", "review_id", oldReview.ID, "error", err)
|
||||
continue
|
||||
}
|
||||
supersededBody := buildSupersededBody(oldReview.Body, oldReview.CommitID, newReviewURL, sentinel)
|
||||
if err := extVCS.EditComment(ctx, owner, repoName, cid, supersededBody); err != nil {
|
||||
if err := giteaClient.EditComment(ctx, owner, repoName, cid, supersededBody); err != nil {
|
||||
slog.Warn("could not mark old review as superseded", "review_id", oldReview.ID, "comment_id", cid, "error", err)
|
||||
continue
|
||||
}
|
||||
slog.Info("marked old review as superseded", "review_id", oldReview.ID, "new_review_id", posted.ID, "pr", prNumber)
|
||||
|
||||
// Resolve old review's inline comments
|
||||
oldComments, err := extVCS.ListReviewComments(ctx, owner, repoName, int64(prNumber), oldReview.ID)
|
||||
oldComments, err := giteaClient.ListReviewComments(ctx, owner, repoName, prNumber, oldReview.ID)
|
||||
if err != nil {
|
||||
slog.Warn("could not list old review comments for resolution", "review_id", oldReview.ID, "error", err)
|
||||
continue
|
||||
@@ -544,7 +491,7 @@ func main() {
|
||||
if c.ID == 0 {
|
||||
continue
|
||||
}
|
||||
if err := extVCS.ResolveComment(ctx, owner, repoName, c.ID); err != nil {
|
||||
if err := giteaClient.ResolveComment(ctx, owner, repoName, c.ID); err != nil {
|
||||
slog.Debug("could not resolve inline comment", "comment_id", c.ID, "error", err)
|
||||
failed++
|
||||
} else {
|
||||
@@ -558,14 +505,12 @@ func main() {
|
||||
slog.Warn("some inline comments could not be resolved", "review_id", oldReview.ID, "failed", failed, "pr", prNumber)
|
||||
}
|
||||
}
|
||||
} else if len(oldReviews) > 0 {
|
||||
slog.Info("skipping supersede of old reviews (not supported on this VCS)", "old_count", len(oldReviews), "pr", prNumber)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// fetchFileContext fetches the full content of modified files from the PR branch.
|
||||
func fetchFileContext(ctx context.Context, client vcsClient, owner, repo, ref string, files []vcsChangedFile) string {
|
||||
func fetchFileContext(ctx context.Context, client *gitea.Client, owner, repo, ref string, files []gitea.ChangedFile) string {
|
||||
var sb strings.Builder
|
||||
for _, f := range files {
|
||||
if ctx.Err() != nil {
|
||||
@@ -592,7 +537,7 @@ func fetchFileContext(ctx context.Context, client vcsClient, owner, repo, ref st
|
||||
// patternsFiles is comma-separated list of file paths or directories.
|
||||
// If a path ends with / or is a directory, all files within it are fetched recursively.
|
||||
// If patternsFiles is empty, all files from the repo root are fetched.
|
||||
func fetchPatterns(ctx context.Context, client vcsClient, patternsRepo, patternsFiles string) string {
|
||||
func fetchPatterns(ctx context.Context, client *gitea.Client, patternsRepo, patternsFiles string) string {
|
||||
var sb strings.Builder
|
||||
|
||||
repos := strings.Split(patternsRepo, ",")
|
||||
@@ -669,7 +614,7 @@ func isPatternFile(path string) bool {
|
||||
}
|
||||
|
||||
// evaluateCIStatus checks if all CI statuses indicate success.
|
||||
func evaluateCIStatus(statuses []vcsCommitStatus) (passed bool, details string) {
|
||||
func evaluateCIStatus(statuses []gitea.CommitStatus) (passed bool, details string) {
|
||||
if len(statuses) == 0 {
|
||||
return true, "no CI statuses found"
|
||||
}
|
||||
@@ -692,19 +637,6 @@ func evaluateCIStatus(statuses []vcsCommitStatus) (passed bool, details string)
|
||||
return true, "all checks passed"
|
||||
}
|
||||
|
||||
// githubAPIURL converts a GitHub server URL to its API base URL.
|
||||
// github.com → https://api.github.com
|
||||
// GHES (e.g. https://ghe.example.com) → https://ghe.example.com/api/v3
|
||||
func githubAPIURL(serverURL string) string {
|
||||
const canonicalGitHub = "https://github.com"
|
||||
const githubAPIBase = "https://api.github.com"
|
||||
if serverURL == "" || strings.TrimRight(serverURL, "/") == canonicalGitHub {
|
||||
return githubAPIBase
|
||||
}
|
||||
// GitHub Enterprise Server: /api/v3 suffix
|
||||
return strings.TrimRight(serverURL, "/") + "/api/v3"
|
||||
}
|
||||
|
||||
func envOrDefault(key, defaultVal string) string {
|
||||
if v := os.Getenv(key); v != "" {
|
||||
return v
|
||||
@@ -820,7 +752,7 @@ func buildSupersededBody(originalBody, commitSHA, newReviewURL, sentinel string)
|
||||
// Gitea user. This indicates misconfiguration where two roles share a token
|
||||
// instead of having separate Gitea accounts. Returns true if shared token
|
||||
// detected (caller should skip update-in-place logic to avoid clobbering).
|
||||
func hasSharedToken(reviews []vcsReview, ownSentinel string) bool {
|
||||
func hasSharedToken(reviews []gitea.Review, ownSentinel string) bool {
|
||||
ownLogin := ""
|
||||
for _, r := range reviews {
|
||||
if strings.Contains(r.Body, ownSentinel) {
|
||||
@@ -858,8 +790,8 @@ func extractSentinelName(body string) string {
|
||||
}
|
||||
|
||||
// findOwnReview locates the most recent non-superseded review matching the sentinel.
|
||||
func findOwnReview(reviews []vcsReview, sentinel string) *vcsReview {
|
||||
var best *vcsReview
|
||||
func findOwnReview(reviews []gitea.Review, sentinel string) *gitea.Review {
|
||||
var best *gitea.Review
|
||||
for i := range reviews {
|
||||
if !strings.Contains(reviews[i].Body, sentinel) {
|
||||
continue
|
||||
@@ -875,8 +807,8 @@ func findOwnReview(reviews []vcsReview, sentinel string) *vcsReview {
|
||||
}
|
||||
|
||||
// findAllOwnReviews returns all non-superseded reviews matching the sentinel.
|
||||
func findAllOwnReviews(reviews []vcsReview, sentinel string) []vcsReview {
|
||||
var result []vcsReview
|
||||
func findAllOwnReviews(reviews []gitea.Review, sentinel string) []gitea.Review {
|
||||
var result []gitea.Review
|
||||
for i := range reviews {
|
||||
if !strings.Contains(reviews[i].Body, sentinel) {
|
||||
continue
|
||||
@@ -902,4 +834,31 @@ func shouldSkipStaleReview(evaluatedSHA, currentSHA string) bool {
|
||||
return evaluatedSHA != currentSHA
|
||||
}
|
||||
|
||||
// giteaClientAdapter adapts gitea.Client to review.GiteaClient interface.
|
||||
type giteaClientAdapter struct {
|
||||
client *gitea.Client
|
||||
}
|
||||
|
||||
func newGiteaClientAdapter(c *gitea.Client) *giteaClientAdapter {
|
||||
return &giteaClientAdapter{client: c}
|
||||
}
|
||||
|
||||
func (a *giteaClientAdapter) ListContents(ctx context.Context, owner, repo, path string) ([]review.ContentEntry, error) {
|
||||
entries, err := a.client.ListContents(ctx, owner, repo, path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := make([]review.ContentEntry, len(entries))
|
||||
for i, e := range entries {
|
||||
result[i] = review.ContentEntry{
|
||||
Name: e.Name,
|
||||
Path: e.Path,
|
||||
Type: e.Type,
|
||||
}
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (a *giteaClientAdapter) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
|
||||
return a.client.GetFileContent(ctx, owner, repo, filepath)
|
||||
}
|
||||
|
||||
+32
-30
@@ -10,6 +10,7 @@ import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"gitea.weiker.me/rodin/review-bot/gitea"
|
||||
)
|
||||
|
||||
func TestValidateReviewerName(t *testing.T) {
|
||||
@@ -153,11 +154,12 @@ func TestValidateWorkspacePath(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func makeReview(id int64, login, state string, _ bool, body string) vcsReview {
|
||||
r := vcsReview{
|
||||
func makeReview(id int64, login, state string, stale bool, body string) gitea.Review {
|
||||
r := gitea.Review{
|
||||
ID: id,
|
||||
Body: body,
|
||||
State: state,
|
||||
Stale: stale,
|
||||
}
|
||||
r.User.Login = login
|
||||
return r
|
||||
@@ -214,7 +216,7 @@ func TestBuildSupersededBodyShortSHA(t *testing.T) {
|
||||
func TestFindOwnReview(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
reviews []vcsReview
|
||||
reviews []gitea.Review
|
||||
sentinel string
|
||||
wantID int64
|
||||
wantNil bool
|
||||
@@ -227,7 +229,7 @@ func TestFindOwnReview(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "found by sentinel",
|
||||
reviews: []vcsReview{
|
||||
reviews: []gitea.Review{
|
||||
makeReview(42, "bot", "APPROVED", false, "review body\n<!-- review-bot:sonnet -->"),
|
||||
},
|
||||
sentinel: "<!-- review-bot:sonnet -->",
|
||||
@@ -235,7 +237,7 @@ func TestFindOwnReview(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "wrong sentinel",
|
||||
reviews: []vcsReview{
|
||||
reviews: []gitea.Review{
|
||||
makeReview(42, "bot", "APPROVED", false, "body\n<!-- review-bot:gpt -->"),
|
||||
},
|
||||
sentinel: "<!-- review-bot:sonnet -->",
|
||||
@@ -243,7 +245,7 @@ func TestFindOwnReview(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "multiple reviews, returns first match",
|
||||
reviews: []vcsReview{
|
||||
reviews: []gitea.Review{
|
||||
makeReview(10, "bot", "APPROVED", false, "old\n<!-- review-bot:gpt -->"),
|
||||
makeReview(20, "bot", "APPROVED", false, "new\n<!-- review-bot:sonnet -->"),
|
||||
},
|
||||
@@ -252,7 +254,7 @@ func TestFindOwnReview(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "skips superseded review",
|
||||
reviews: []vcsReview{
|
||||
reviews: []gitea.Review{
|
||||
makeReview(10, "bot", "APPROVED", false, "~~Original review~~\n\n**Superseded**\n<!-- review-bot:sonnet -->"),
|
||||
makeReview(20, "bot", "APPROVED", false, "fresh review\n<!-- review-bot:sonnet -->"),
|
||||
},
|
||||
@@ -261,7 +263,7 @@ func TestFindOwnReview(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "only superseded reviews exist",
|
||||
reviews: []vcsReview{
|
||||
reviews: []gitea.Review{
|
||||
makeReview(10, "bot", "APPROVED", false, "~~Original review~~\n\n<!-- review-bot:sonnet -->"),
|
||||
},
|
||||
sentinel: "<!-- review-bot:sonnet -->",
|
||||
@@ -269,7 +271,7 @@ func TestFindOwnReview(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "picks highest ID among matches",
|
||||
reviews: []vcsReview{
|
||||
reviews: []gitea.Review{
|
||||
makeReview(50, "bot", "APPROVED", false, "v1\n<!-- review-bot:sonnet -->"),
|
||||
makeReview(30, "bot", "APPROVED", false, "v0\n<!-- review-bot:sonnet -->"),
|
||||
},
|
||||
@@ -300,7 +302,7 @@ func TestFindOwnReview(t *testing.T) {
|
||||
func TestHasSharedToken(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
reviews []vcsReview
|
||||
reviews []gitea.Review
|
||||
sentinel string
|
||||
want bool
|
||||
}{
|
||||
@@ -312,36 +314,36 @@ func TestHasSharedToken(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "no own review yet - cannot detect",
|
||||
reviews: []vcsReview{
|
||||
{ID: 1, User: struct{ Login string }{Login: "other"}, Body: "<!-- review-bot:gpt --> body"},
|
||||
reviews: []gitea.Review{
|
||||
{ID: 1, User: struct{ Login string `json:"login"` }{Login: "other"}, Body: "<!-- review-bot:gpt --> body"},
|
||||
},
|
||||
sentinel: "<!-- review-bot:sonnet -->",
|
||||
want: false,
|
||||
},
|
||||
{
|
||||
name: "separate users - no shared token",
|
||||
reviews: []vcsReview{
|
||||
{ID: 1, User: struct{ Login string }{Login: "sonnet-review-bot"}, Body: "<!-- review-bot:sonnet --> body"},
|
||||
{ID: 2, User: struct{ Login string }{Login: "security-review-bot"}, Body: "<!-- review-bot:security --> body"},
|
||||
reviews: []gitea.Review{
|
||||
{ID: 1, User: struct{ Login string `json:"login"` }{Login: "sonnet-review-bot"}, Body: "<!-- review-bot:sonnet --> body"},
|
||||
{ID: 2, User: struct{ Login string `json:"login"` }{Login: "security-review-bot"}, Body: "<!-- review-bot:security --> body"},
|
||||
},
|
||||
sentinel: "<!-- review-bot:sonnet -->",
|
||||
want: false,
|
||||
},
|
||||
{
|
||||
name: "shared token detected - same user different sentinels",
|
||||
reviews: []vcsReview{
|
||||
{ID: 1, User: struct{ Login string }{Login: "sonnet-review-bot"}, Body: "<!-- review-bot:sonnet --> body"},
|
||||
{ID: 2, User: struct{ Login string }{Login: "sonnet-review-bot"}, Body: "<!-- review-bot:security --> body"},
|
||||
reviews: []gitea.Review{
|
||||
{ID: 1, User: struct{ Login string `json:"login"` }{Login: "sonnet-review-bot"}, Body: "<!-- review-bot:sonnet --> body"},
|
||||
{ID: 2, User: struct{ Login string `json:"login"` }{Login: "sonnet-review-bot"}, Body: "<!-- review-bot:security --> body"},
|
||||
},
|
||||
sentinel: "<!-- review-bot:sonnet -->",
|
||||
want: true,
|
||||
},
|
||||
{
|
||||
name: "three roles same user",
|
||||
reviews: []vcsReview{
|
||||
{ID: 1, User: struct{ Login string }{Login: "bot"}, Body: "<!-- review-bot:sonnet --> body"},
|
||||
{ID: 2, User: struct{ Login string }{Login: "bot"}, Body: "<!-- review-bot:security --> body"},
|
||||
{ID: 3, User: struct{ Login string }{Login: "bot"}, Body: "<!-- review-bot:gpt --> body"},
|
||||
reviews: []gitea.Review{
|
||||
{ID: 1, User: struct{ Login string `json:"login"` }{Login: "bot"}, Body: "<!-- review-bot:sonnet --> body"},
|
||||
{ID: 2, User: struct{ Login string `json:"login"` }{Login: "bot"}, Body: "<!-- review-bot:security --> body"},
|
||||
{ID: 3, User: struct{ Login string `json:"login"` }{Login: "bot"}, Body: "<!-- review-bot:gpt --> body"},
|
||||
},
|
||||
sentinel: "<!-- review-bot:sonnet -->",
|
||||
want: true,
|
||||
@@ -551,7 +553,7 @@ func TestBuildPatternPaths(t *testing.T) {
|
||||
func TestEvaluateCIStatus(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
statuses []vcsCommitStatus
|
||||
statuses []gitea.CommitStatus
|
||||
wantPassed bool
|
||||
wantSubstr string
|
||||
}{
|
||||
@@ -563,7 +565,7 @@ func TestEvaluateCIStatus(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "all success",
|
||||
statuses: []vcsCommitStatus{
|
||||
statuses: []gitea.CommitStatus{
|
||||
{Status: "success", Context: "ci/build", Description: "Build passed"},
|
||||
{Status: "success", Context: "ci/test", Description: "Tests passed"},
|
||||
},
|
||||
@@ -572,7 +574,7 @@ func TestEvaluateCIStatus(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "one failure",
|
||||
statuses: []vcsCommitStatus{
|
||||
statuses: []gitea.CommitStatus{
|
||||
{Status: "success", Context: "ci/build", Description: "Build passed"},
|
||||
{Status: "failure", Context: "ci/test", Description: "Tests failed"},
|
||||
},
|
||||
@@ -581,7 +583,7 @@ func TestEvaluateCIStatus(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "error status",
|
||||
statuses: []vcsCommitStatus{
|
||||
statuses: []gitea.CommitStatus{
|
||||
{Status: "error", Context: "ci/lint", Description: "Lint error"},
|
||||
},
|
||||
wantPassed: false,
|
||||
@@ -589,7 +591,7 @@ func TestEvaluateCIStatus(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "pending treated as not-failed",
|
||||
statuses: []vcsCommitStatus{
|
||||
statuses: []gitea.CommitStatus{
|
||||
{Status: "pending", Context: "ci/build", Description: "In progress"},
|
||||
{Status: "success", Context: "ci/test", Description: "Tests passed"},
|
||||
},
|
||||
@@ -598,7 +600,7 @@ func TestEvaluateCIStatus(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "multiple failures",
|
||||
statuses: []vcsCommitStatus{
|
||||
statuses: []gitea.CommitStatus{
|
||||
{Status: "failure", Context: "ci/build", Description: "Build failed"},
|
||||
{Status: "failure", Context: "ci/test", Description: "Tests failed"},
|
||||
},
|
||||
@@ -607,7 +609,7 @@ func TestEvaluateCIStatus(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "mixed with pending and failure",
|
||||
statuses: []vcsCommitStatus{
|
||||
statuses: []gitea.CommitStatus{
|
||||
{Status: "success", Context: "ci/build", Description: "Build passed"},
|
||||
{Status: "pending", Context: "ci/deploy", Description: "Deploying"},
|
||||
{Status: "failure", Context: "ci/test", Description: "Tests failed"},
|
||||
@@ -995,7 +997,7 @@ func cleanEnv() []string {
|
||||
}
|
||||
|
||||
func TestFindAllOwnReviews(t *testing.T) {
|
||||
reviews := []vcsReview{
|
||||
reviews := []gitea.Review{
|
||||
{ID: 1, Body: "<!-- review-bot:sonnet -->\nfirst review"},
|
||||
{ID: 2, Body: "<!-- review-bot:gpt -->\nother bot"},
|
||||
{ID: 3, Body: "<!-- review-bot:sonnet -->\nsecond review"},
|
||||
|
||||
@@ -1,125 +0,0 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/url"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"gitea.weiker.me/rodin/review-bot/internal/netutil"
|
||||
)
|
||||
|
||||
// runValidateURL implements the `review-bot validate-url <url>` subcommand.
|
||||
//
|
||||
// It resolves the given URL's hostname and checks that every returned IP is
|
||||
// publicly routable (not RFC1918, loopback, link-local, or other reserved
|
||||
// ranges). The exit code communicates the result to callers:
|
||||
//
|
||||
// 0 — URL is safe to use
|
||||
// 1 — URL resolves to a blocked/private address
|
||||
// 2 — URL is malformed, has an unsafe scheme, or DNS lookup failed
|
||||
//
|
||||
// This is intended for use from action.yml shell steps that need to validate
|
||||
// a user-supplied URL before passing it to curl.
|
||||
func runValidateURL(args []string) int {
|
||||
if len(args) != 1 {
|
||||
fmt.Fprintln(errWriter, "usage: review-bot validate-url <url>")
|
||||
fmt.Fprintln(errWriter, "")
|
||||
fmt.Fprintln(errWriter, "Resolves <url> and verifies all resolved IPs are publicly routable.")
|
||||
fmt.Fprintln(errWriter, "Exit 0=safe, 1=blocked, 2=error")
|
||||
return 2
|
||||
}
|
||||
rawURL := args[0]
|
||||
|
||||
if err := validateURL(rawURL); err != nil {
|
||||
fmt.Fprintf(errWriter, "Error: %v\n", err)
|
||||
var ve *validateError
|
||||
if isValidateError(err, &ve) {
|
||||
return ve.code
|
||||
}
|
||||
return 2
|
||||
}
|
||||
fmt.Fprintf(outWriter, "OK: %s is safe\n", rawURL)
|
||||
return 0
|
||||
}
|
||||
|
||||
// validateError carries an exit code alongside a message.
|
||||
type validateError struct {
|
||||
code int
|
||||
message string
|
||||
}
|
||||
|
||||
func (e *validateError) Error() string { return e.message }
|
||||
|
||||
// isValidateError checks if err is or wraps a *validateError and sets out.
|
||||
// Uses errors.As so that wrapped *validateError values (e.g. from fmt.Errorf("...: %w", &validateError{...}))
|
||||
// are also detected, making the function robust against future wrapping.
|
||||
func isValidateError(err error, out **validateError) bool {
|
||||
if err == nil {
|
||||
return false
|
||||
}
|
||||
return errors.As(err, out)
|
||||
}
|
||||
|
||||
// validateURL checks that rawURL is safe for use as a Gitea server URL:
|
||||
// - Must be https:// (not http://)
|
||||
// - Must have no user-info (user:pass@host)
|
||||
// - Must resolve to at least one IP, all of which are publicly routable
|
||||
func validateURL(rawURL string) error {
|
||||
parsed, err := url.Parse(rawURL)
|
||||
if err != nil {
|
||||
return &validateError{code: 2, message: fmt.Sprintf("malformed URL %q: %v", rawURL, err)}
|
||||
}
|
||||
|
||||
// Scheme check: only https is permitted.
|
||||
if !strings.EqualFold(parsed.Scheme, "https") {
|
||||
return &validateError{
|
||||
code: 2,
|
||||
message: fmt.Sprintf("URL scheme must be https (got %q)", parsed.Scheme),
|
||||
}
|
||||
}
|
||||
|
||||
// Reject user-info (user:password@host) to prevent credential embedding.
|
||||
if parsed.User != nil {
|
||||
return &validateError{
|
||||
code: 2,
|
||||
message: "URL must not contain user-info (user:password@host)",
|
||||
}
|
||||
}
|
||||
|
||||
host := parsed.Hostname()
|
||||
if host == "" {
|
||||
return &validateError{code: 2, message: fmt.Sprintf("URL has no host: %q", rawURL)}
|
||||
}
|
||||
|
||||
// Resolve the hostname with a short timeout.
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
defer cancel()
|
||||
|
||||
addrs, err := net.DefaultResolver.LookupIPAddr(ctx, host)
|
||||
if err != nil {
|
||||
return &validateError{
|
||||
code: 2,
|
||||
message: fmt.Sprintf("DNS lookup failed for %q: %v", host, err),
|
||||
}
|
||||
}
|
||||
if len(addrs) == 0 {
|
||||
return &validateError{
|
||||
code: 2,
|
||||
message: fmt.Sprintf("DNS lookup returned no addresses for %q", host),
|
||||
}
|
||||
}
|
||||
|
||||
for _, a := range addrs {
|
||||
if netutil.IsBlockedIP(a.IP) {
|
||||
return &validateError{
|
||||
code: 1,
|
||||
message: fmt.Sprintf("blocked: %q resolves to private/reserved IP %s", host, a.IP),
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
@@ -1,127 +0,0 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"strings"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestRunValidateURL_Usage(t *testing.T) {
|
||||
var errBuf bytes.Buffer
|
||||
origErr := errWriter
|
||||
errWriter = &errBuf
|
||||
defer func() { errWriter = origErr }()
|
||||
|
||||
code := runValidateURL(nil)
|
||||
if code != 2 {
|
||||
t.Errorf("expected exit code 2 for no args, got %d", code)
|
||||
}
|
||||
if !strings.Contains(errBuf.String(), "usage") {
|
||||
t.Errorf("expected usage in stderr, got %q", errBuf.String())
|
||||
}
|
||||
|
||||
errBuf.Reset()
|
||||
code = runValidateURL([]string{"arg1", "arg2"})
|
||||
if code != 2 {
|
||||
t.Errorf("expected exit code 2 for too many args, got %d", code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateURL_MalformedURL(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
url string
|
||||
wantMsg string
|
||||
}{
|
||||
{"empty", "", "must be https"},
|
||||
{"http scheme", "http://example.com/", "must be https"},
|
||||
{"ftp scheme", "ftp://example.com/", "must be https"},
|
||||
{"no scheme", "example.com", "must be https"},
|
||||
{"user info", "https://user:pass@example.com/", "user-info"},
|
||||
}
|
||||
for _, tc := range cases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
err := validateURL(tc.url)
|
||||
if err == nil {
|
||||
t.Errorf("expected error for URL %q, got nil", tc.url)
|
||||
return
|
||||
}
|
||||
if !strings.Contains(err.Error(), tc.wantMsg) {
|
||||
t.Errorf("error %q does not contain %q", err.Error(), tc.wantMsg)
|
||||
}
|
||||
var ve *validateError
|
||||
if !isValidateError(err, &ve) {
|
||||
t.Fatalf("expected *validateError, got %T", err)
|
||||
}
|
||||
if ve.code != 2 {
|
||||
t.Errorf("expected code 2, got %d", ve.code)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateURL_BlockedPrivateIP(t *testing.T) {
|
||||
// localhost always resolves to 127.0.0.1 (loopback).
|
||||
err := validateURL("https://localhost/")
|
||||
if err == nil {
|
||||
t.Skip("localhost did not resolve (network unavailable in test environment)")
|
||||
}
|
||||
var ve *validateError
|
||||
if !isValidateError(err, &ve) {
|
||||
t.Fatalf("expected *validateError, got %T: %v", err, err)
|
||||
}
|
||||
if ve.code != 1 && ve.code != 2 {
|
||||
t.Errorf("expected code 1 (blocked) or 2 (dns fail), got %d: %s", ve.code, ve.message)
|
||||
}
|
||||
// If it resolved (code 1), the message must say "blocked".
|
||||
if ve.code == 1 && !strings.Contains(ve.message, "blocked") {
|
||||
t.Errorf("expected 'blocked' in message, got %q", ve.message)
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateURL_ExitCodes(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
url string
|
||||
wantCode int
|
||||
}{
|
||||
{"http scheme", "http://example.com/", 2},
|
||||
{"no scheme", "example.com", 2},
|
||||
{"user info", "https://admin:secret@example.com/", 2},
|
||||
}
|
||||
for _, tc := range cases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
err := validateURL(tc.url)
|
||||
if err == nil {
|
||||
t.Fatalf("expected error for %q", tc.url)
|
||||
}
|
||||
var ve *validateError
|
||||
if !isValidateError(err, &ve) {
|
||||
t.Fatalf("expected *validateError, got %T", err)
|
||||
}
|
||||
if ve.code != tc.wantCode {
|
||||
t.Errorf("code = %d, want %d (url=%q, msg=%s)", ve.code, tc.wantCode, tc.url, ve.message)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestRunValidateURL_WithCapture(t *testing.T) {
|
||||
var outBuf, errBuf bytes.Buffer
|
||||
origOut, origErr := outWriter, errWriter
|
||||
outWriter = &outBuf
|
||||
errWriter = &errBuf
|
||||
defer func() {
|
||||
outWriter = origOut
|
||||
errWriter = origErr
|
||||
}()
|
||||
|
||||
// http:// scheme should fail with code 2.
|
||||
code := runValidateURL([]string{"http://example.com/"})
|
||||
if code != 2 {
|
||||
t.Errorf("expected code 2 for http:// URL, got %d", code)
|
||||
}
|
||||
if !strings.Contains(errBuf.String(), "must be https") {
|
||||
t.Errorf("expected error about https in stderr, got %q", errBuf.String())
|
||||
}
|
||||
}
|
||||
@@ -1,359 +0,0 @@
|
||||
package main
|
||||
|
||||
// vcs.go defines the vcsClient interface that both gitea.Client (via giteaVCSAdapter)
|
||||
// and github.Client (via githubVCSAdapter) satisfy, enabling VCS-type routing in main.go.
|
||||
//
|
||||
// Interface design:
|
||||
// - Methods cover all PR review operations used by main.go.
|
||||
// - Gitea-specific operations (supersede, comment resolution) are in the separate
|
||||
// giteaExtClient interface. GitHub implementations return ErrNotSupported for those.
|
||||
// - Types are defined here as package-local VCS types; each adapter converts from
|
||||
// its respective client package's types.
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
|
||||
"gitea.weiker.me/rodin/review-bot/gitea"
|
||||
"gitea.weiker.me/rodin/review-bot/github"
|
||||
"gitea.weiker.me/rodin/review-bot/review"
|
||||
)
|
||||
|
||||
// ErrNotSupported is returned by VCS methods that have no implementation for
|
||||
// a particular VCS backend (e.g., Gitea-specific timeline APIs on GitHub).
|
||||
var ErrNotSupported = errors.New("operation not supported on this VCS backend")
|
||||
|
||||
// vcsClient is the interface for all PR operations used by main.go.
|
||||
// It is implemented by both giteaVCSAdapter and githubVCSAdapter.
|
||||
// Interface defined here (in the consumer package) per Go idiom.
|
||||
type vcsClient interface {
|
||||
// PR metadata and content
|
||||
GetPullRequest(ctx context.Context, owner, repo string, number int) (*vcsPullRequest, error)
|
||||
GetPullRequestDiff(ctx context.Context, owner, repo string, number int) (string, error)
|
||||
GetPullRequestFiles(ctx context.Context, owner, repo string, number int) ([]vcsChangedFile, error)
|
||||
GetCommitStatuses(ctx context.Context, owner, repo, sha string) ([]vcsCommitStatus, error)
|
||||
GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error)
|
||||
GetFileContentRef(ctx context.Context, owner, repo, filepath, ref string) (string, error)
|
||||
ListContents(ctx context.Context, owner, repo, path string) ([]review.ContentEntry, error)
|
||||
GetAllFilesInPath(ctx context.Context, owner, repo, path string) (map[string]string, error)
|
||||
|
||||
// Review operations
|
||||
PostReview(ctx context.Context, owner, repo string, number int, event, body, commitID string, comments []vcsReviewComment) (*vcsReview, error)
|
||||
ListReviews(ctx context.Context, owner, repo string, number int) ([]vcsReview, error)
|
||||
DeleteReview(ctx context.Context, owner, repo string, number int, reviewID int64) error
|
||||
GetAuthenticatedUser(ctx context.Context) (string, error)
|
||||
RequestReviewer(ctx context.Context, owner, repo string, number int, reviewer string) error
|
||||
}
|
||||
|
||||
// giteaExtClient extends vcsClient with Gitea-specific operations that have no
|
||||
// GitHub equivalent. Code that uses these methods should first do a type assertion.
|
||||
type giteaExtClient interface {
|
||||
vcsClient
|
||||
GetTimelineReviewCommentIDForReview(ctx context.Context, owner, repo string, prNum, reviewID int64) (int64, error)
|
||||
EditComment(ctx context.Context, owner, repo string, commentID int64, body string) error
|
||||
ListReviewComments(ctx context.Context, owner, repo string, prNum, reviewID int64) ([]gitea.ReviewComment, error)
|
||||
ResolveComment(ctx context.Context, owner, repo string, commentID int64) error
|
||||
}
|
||||
|
||||
// --- shared VCS types ---
|
||||
|
||||
// vcsPullRequest is VCS-agnostic PR metadata.
|
||||
type vcsPullRequest struct {
|
||||
Title string
|
||||
Body string
|
||||
Head struct {
|
||||
Sha string
|
||||
Ref string
|
||||
}
|
||||
}
|
||||
|
||||
// vcsChangedFile is a file changed in a PR.
|
||||
type vcsChangedFile struct {
|
||||
Filename string
|
||||
Status string
|
||||
}
|
||||
|
||||
// vcsCommitStatus is a CI status entry.
|
||||
type vcsCommitStatus struct {
|
||||
Status string
|
||||
Context string
|
||||
Description string
|
||||
TargetURL string
|
||||
}
|
||||
|
||||
// vcsReviewComment is an inline review comment.
|
||||
type vcsReviewComment struct {
|
||||
Path string
|
||||
NewLine int64 // absolute line number on the new (right) side of the diff, used by both Gitea and GitHub adapters
|
||||
Body string
|
||||
}
|
||||
|
||||
// vcsReview is a submitted PR review.
|
||||
type vcsReview struct {
|
||||
ID int64
|
||||
Body string
|
||||
CommitID string
|
||||
User struct {
|
||||
Login string
|
||||
}
|
||||
State string
|
||||
}
|
||||
|
||||
// ============================================================
|
||||
// giteaVCSAdapter
|
||||
// ============================================================
|
||||
|
||||
// giteaVCSAdapter wraps gitea.Client to implement vcsClient + giteaExtClient.
|
||||
type giteaVCSAdapter struct {
|
||||
c *gitea.Client
|
||||
}
|
||||
|
||||
func newGiteaVCSAdapter(c *gitea.Client) *giteaVCSAdapter { return &giteaVCSAdapter{c: c} }
|
||||
|
||||
func (a *giteaVCSAdapter) GetPullRequest(ctx context.Context, owner, repo string, number int) (*vcsPullRequest, error) {
|
||||
pr, err := a.c.GetPullRequest(ctx, owner, repo, number)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
r := &vcsPullRequest{Title: pr.Title, Body: pr.Body}
|
||||
r.Head.Sha = pr.Head.Sha
|
||||
r.Head.Ref = pr.Head.Ref
|
||||
return r, nil
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) GetPullRequestDiff(ctx context.Context, owner, repo string, number int) (string, error) {
|
||||
return a.c.GetPullRequestDiff(ctx, owner, repo, number)
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) GetPullRequestFiles(ctx context.Context, owner, repo string, number int) ([]vcsChangedFile, error) {
|
||||
files, err := a.c.GetPullRequestFiles(ctx, owner, repo, number)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out := make([]vcsChangedFile, len(files))
|
||||
for i, f := range files {
|
||||
out[i] = vcsChangedFile{Filename: f.Filename, Status: f.Status}
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) GetCommitStatuses(ctx context.Context, owner, repo, sha string) ([]vcsCommitStatus, error) {
|
||||
statuses, err := a.c.GetCommitStatuses(ctx, owner, repo, sha)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out := make([]vcsCommitStatus, len(statuses))
|
||||
for i, s := range statuses {
|
||||
out[i] = vcsCommitStatus{Status: s.Status, Context: s.Context, Description: s.Description, TargetURL: s.TargetURL}
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
|
||||
return a.c.GetFileContent(ctx, owner, repo, filepath)
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) GetFileContentRef(ctx context.Context, owner, repo, filepath, ref string) (string, error) {
|
||||
return a.c.GetFileContentRef(ctx, owner, repo, filepath, ref)
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) ListContents(ctx context.Context, owner, repo, path string) ([]review.ContentEntry, error) {
|
||||
entries, err := a.c.ListContents(ctx, owner, repo, path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out := make([]review.ContentEntry, len(entries))
|
||||
for i, e := range entries {
|
||||
out[i] = review.ContentEntry{Name: e.Name, Path: e.Path, Type: e.Type}
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) GetAllFilesInPath(ctx context.Context, owner, repo, path string) (map[string]string, error) {
|
||||
return a.c.GetAllFilesInPath(ctx, owner, repo, path)
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) PostReview(ctx context.Context, owner, repo string, number int, event, body, commitID string, comments []vcsReviewComment) (*vcsReview, error) {
|
||||
gc := make([]gitea.ReviewComment, len(comments))
|
||||
for i, c := range comments {
|
||||
gc[i] = gitea.ReviewComment{Path: c.Path, NewPosition: c.NewLine, Body: c.Body}
|
||||
}
|
||||
r, err := a.c.PostReview(ctx, owner, repo, number, event, body, commitID, gc)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out := &vcsReview{ID: r.ID, Body: r.Body, CommitID: r.CommitID, State: r.State}
|
||||
out.User.Login = r.User.Login
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) ListReviews(ctx context.Context, owner, repo string, number int) ([]vcsReview, error) {
|
||||
reviews, err := a.c.ListReviews(ctx, owner, repo, number)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out := make([]vcsReview, len(reviews))
|
||||
for i, r := range reviews {
|
||||
out[i] = vcsReview{ID: r.ID, Body: r.Body, CommitID: r.CommitID, State: r.State}
|
||||
out[i].User.Login = r.User.Login
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) DeleteReview(ctx context.Context, owner, repo string, number int, reviewID int64) error {
|
||||
return a.c.DeleteReview(ctx, owner, repo, number, reviewID)
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) GetAuthenticatedUser(ctx context.Context) (string, error) {
|
||||
return a.c.GetAuthenticatedUser(ctx)
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) RequestReviewer(ctx context.Context, owner, repo string, number int, reviewer string) error {
|
||||
return a.c.RequestReviewer(ctx, owner, repo, number, reviewer)
|
||||
}
|
||||
|
||||
// Gitea-specific extension methods.
|
||||
|
||||
func (a *giteaVCSAdapter) GetTimelineReviewCommentIDForReview(ctx context.Context, owner, repo string, prNum, reviewID int64) (int64, error) {
|
||||
return a.c.GetTimelineReviewCommentIDForReview(ctx, owner, repo, int(prNum), reviewID)
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) EditComment(ctx context.Context, owner, repo string, commentID int64, body string) error {
|
||||
return a.c.EditComment(ctx, owner, repo, commentID, body)
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) ListReviewComments(ctx context.Context, owner, repo string, prNum, reviewID int64) ([]gitea.ReviewComment, error) {
|
||||
return a.c.ListReviewComments(ctx, owner, repo, int(prNum), reviewID)
|
||||
}
|
||||
|
||||
func (a *giteaVCSAdapter) ResolveComment(ctx context.Context, owner, repo string, commentID int64) error {
|
||||
return a.c.ResolveComment(ctx, owner, repo, commentID)
|
||||
}
|
||||
|
||||
// ============================================================
|
||||
// githubVCSAdapter
|
||||
// ============================================================
|
||||
|
||||
// githubVCSAdapter wraps github.Client to implement vcsClient.
|
||||
// Gitea-specific extension methods (GetTimelineReviewCommentIDForReview, EditComment,
|
||||
// ListReviewComments, ResolveComment) are not available on GitHub and will not be called
|
||||
// because main.go gates them with a type assertion to giteaExtClient.
|
||||
type githubVCSAdapter struct {
|
||||
c *github.Client
|
||||
}
|
||||
|
||||
func newGithubVCSAdapter(c *github.Client) *githubVCSAdapter { return &githubVCSAdapter{c: c} }
|
||||
|
||||
func (a *githubVCSAdapter) GetPullRequest(ctx context.Context, owner, repo string, number int) (*vcsPullRequest, error) {
|
||||
pr, err := a.c.GetPullRequest(ctx, owner, repo, number)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
r := &vcsPullRequest{Title: pr.Title, Body: pr.Body}
|
||||
r.Head.Sha = pr.Head.Sha
|
||||
r.Head.Ref = pr.Head.Ref
|
||||
return r, nil
|
||||
}
|
||||
|
||||
func (a *githubVCSAdapter) GetPullRequestDiff(ctx context.Context, owner, repo string, number int) (string, error) {
|
||||
return a.c.GetPullRequestDiff(ctx, owner, repo, number)
|
||||
}
|
||||
|
||||
func (a *githubVCSAdapter) GetPullRequestFiles(ctx context.Context, owner, repo string, number int) ([]vcsChangedFile, error) {
|
||||
files, err := a.c.GetPullRequestFiles(ctx, owner, repo, number)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out := make([]vcsChangedFile, len(files))
|
||||
for i, f := range files {
|
||||
out[i] = vcsChangedFile{Filename: f.Filename, Status: f.Status}
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (a *githubVCSAdapter) GetCommitStatuses(ctx context.Context, owner, repo, sha string) ([]vcsCommitStatus, error) {
|
||||
statuses, err := a.c.GetCommitStatuses(ctx, owner, repo, sha)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out := make([]vcsCommitStatus, len(statuses))
|
||||
for i, s := range statuses {
|
||||
// CommitStatus.Status is tagged as json:"state" — already the normalized "state" value
|
||||
out[i] = vcsCommitStatus{Status: s.Status, Context: s.Context, Description: s.Description, TargetURL: s.TargetURL}
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (a *githubVCSAdapter) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
|
||||
return a.c.GetFileContent(ctx, owner, repo, filepath)
|
||||
}
|
||||
|
||||
func (a *githubVCSAdapter) GetFileContentRef(ctx context.Context, owner, repo, filepath, ref string) (string, error) {
|
||||
return a.c.GetFileContentRef(ctx, owner, repo, filepath, ref)
|
||||
}
|
||||
|
||||
func (a *githubVCSAdapter) ListContents(ctx context.Context, owner, repo, path string) ([]review.ContentEntry, error) {
|
||||
entries, err := a.c.ListContents(ctx, owner, repo, path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out := make([]review.ContentEntry, len(entries))
|
||||
for i, e := range entries {
|
||||
out[i] = review.ContentEntry{Name: e.Name, Path: e.Path, Type: e.Type}
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (a *githubVCSAdapter) GetAllFilesInPath(ctx context.Context, owner, repo, path string) (map[string]string, error) {
|
||||
return a.c.GetAllFilesInPath(ctx, owner, repo, path)
|
||||
}
|
||||
|
||||
func (a *githubVCSAdapter) PostReview(ctx context.Context, owner, repo string, number int, event, body, commitID string, comments []vcsReviewComment) (*vcsReview, error) {
|
||||
gc := make([]github.ReviewComment, len(comments))
|
||||
for i, c := range comments {
|
||||
// GitHub inline comments use Line+Side (absolute line on the RIGHT side).
|
||||
// NewLine from diff parsing gives absolute new-file line numbers.
|
||||
// Comments that cannot be mapped will be omitted (GitHub rejects invalid positions).
|
||||
gc[i] = github.ReviewComment{
|
||||
Path: c.Path,
|
||||
Line: c.NewLine,
|
||||
Side: "RIGHT",
|
||||
Body: c.Body,
|
||||
}
|
||||
}
|
||||
r, err := a.c.PostReview(ctx, owner, repo, number, event, body, commitID, gc)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out := &vcsReview{ID: r.ID, Body: r.Body, State: r.State}
|
||||
out.User.Login = r.User.Login
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (a *githubVCSAdapter) ListReviews(ctx context.Context, owner, repo string, number int) ([]vcsReview, error) {
|
||||
reviews, err := a.c.ListReviews(ctx, owner, repo, number)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out := make([]vcsReview, len(reviews))
|
||||
for i, r := range reviews {
|
||||
out[i] = vcsReview{ID: r.ID, Body: r.Body, State: r.State}
|
||||
out[i].User.Login = r.User.Login
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (a *githubVCSAdapter) DeleteReview(ctx context.Context, owner, repo string, number int, reviewID int64) error {
|
||||
// GitHub only allows deleting PENDING (draft) reviews. review-bot posts submitted
|
||||
// reviews, so this will return an error for any review we actually posted.
|
||||
// Callers should treat 422 errors here gracefully.
|
||||
return a.c.DeleteReview(ctx, owner, repo, number, reviewID)
|
||||
}
|
||||
|
||||
func (a *githubVCSAdapter) GetAuthenticatedUser(ctx context.Context) (string, error) {
|
||||
return a.c.GetAuthenticatedUser(ctx)
|
||||
}
|
||||
|
||||
func (a *githubVCSAdapter) RequestReviewer(ctx context.Context, owner, repo string, number int, reviewer string) error {
|
||||
return a.c.RequestReviewer(ctx, owner, repo, number, reviewer)
|
||||
}
|
||||
+10
-89
@@ -106,113 +106,34 @@ func defaultCheckRedirect(req *http.Request, via []*http.Request) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// safeDialContext is the default DialContext for NewClient.
|
||||
// It resolves the hostname and checks every returned IP against the blocked
|
||||
// CIDR list before establishing a connection. This prevents SSRF attacks
|
||||
// where user-supplied URLs resolve to internal/private addresses.
|
||||
//
|
||||
// After validating all IPs, we dial the first resolved IP directly to avoid
|
||||
// a second DNS lookup (which could return a different IP in a DNS rebinding
|
||||
// attack). This narrows — but does not fully eliminate — the DNS rebinding
|
||||
// window to the time between LookupIPAddr and DialContext.
|
||||
//
|
||||
// If the host is already an IP literal, LookupIPAddr returns it directly
|
||||
// (no DNS query issued), so IP literals like https://127.0.0.1/ are blocked.
|
||||
func safeDialContext(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||
host, port, err := net.SplitHostPort(addr)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("safeDialContext: invalid address %q: %w", addr, err)
|
||||
}
|
||||
addrs, err := net.DefaultResolver.LookupIPAddr(ctx, host)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("safeDialContext: DNS lookup %q: %w", host, err)
|
||||
}
|
||||
if len(addrs) == 0 {
|
||||
return nil, fmt.Errorf("safeDialContext: no addresses returned for %q", host)
|
||||
}
|
||||
for _, a := range addrs {
|
||||
if IsBlockedIP(a.IP) {
|
||||
return nil, fmt.Errorf("safeDialContext: blocked: %q resolves to private/reserved IP %s", host, a.IP)
|
||||
}
|
||||
}
|
||||
// Try each resolved IP in order, returning the first successful connection.
|
||||
// Fallback is important when a hostname resolves to multiple IPs and the first
|
||||
// is temporarily unreachable. All IPs were already validated above, so dialing
|
||||
// any of them is safe.
|
||||
//
|
||||
// Timeout: 10s per the design (PLAN.md); the outer http.Client has a 30s
|
||||
// total timeout, but the per-dial timeout ensures a slow TCP connect on one IP
|
||||
// doesn't consume the budget needed to try others.
|
||||
d := &net.Dialer{Timeout: 10 * time.Second}
|
||||
var lastErr error
|
||||
for _, a := range addrs {
|
||||
conn, err := d.DialContext(ctx, network, net.JoinHostPort(a.IP.String(), port))
|
||||
if err == nil {
|
||||
return conn, nil
|
||||
}
|
||||
lastErr = err
|
||||
}
|
||||
return nil, fmt.Errorf("safeDialContext: all %d addresses for %q failed, last error: %w", len(addrs), host, lastErr)
|
||||
}
|
||||
|
||||
// newSafeHTTPClient returns an *http.Client with the SSRF-blocking safeDialContext
|
||||
// transport and the cross-host redirect rejection policy.
|
||||
//
|
||||
// We clone http.DefaultTransport to preserve its production-ready defaults
|
||||
// (ProxyFromEnvironment, TLSHandshakeTimeout, IdleConnTimeout, connection
|
||||
// pooling, HTTP/2 support) and override only DialContext with safeDialContext.
|
||||
func newSafeHTTPClient() *http.Client {
|
||||
transport := http.DefaultTransport.(*http.Transport).Clone()
|
||||
transport.DialContext = safeDialContext
|
||||
return &http.Client{
|
||||
Timeout: 30 * time.Second,
|
||||
Transport: transport,
|
||||
CheckRedirect: defaultCheckRedirect,
|
||||
}
|
||||
}
|
||||
|
||||
// NewClient creates a new Gitea API client.
|
||||
//
|
||||
// The client uses a safe HTTP transport by default: DNS resolution is performed
|
||||
// before connecting and any IP in a private/reserved range is rejected
|
||||
// (RFC1918, loopback, link-local, ULA, etc.). Cross-host and HTTPS→HTTP
|
||||
// redirects are also rejected.
|
||||
//
|
||||
// For tests that use httptest.NewServer (which listens on 127.0.0.1), call
|
||||
// WithUnsafeDialer() to bypass the IP check.
|
||||
func NewClient(baseURL, token string) *Client {
|
||||
return &Client{
|
||||
baseURL: strings.TrimRight(baseURL, "/"),
|
||||
token: token,
|
||||
http: newSafeHTTPClient(),
|
||||
http: &http.Client{
|
||||
Timeout: 30 * time.Second,
|
||||
CheckRedirect: defaultCheckRedirect,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// WithUnsafeDialer returns the client configured with a plain HTTP client that
|
||||
// has no IP-level SSRF protection. It preserves the redirect-rejection policy.
|
||||
//
|
||||
// This MUST only be used in tests. Production code must never call this method.
|
||||
func (c *Client) WithUnsafeDialer() *Client {
|
||||
c.http = &http.Client{
|
||||
Timeout: 30 * time.Second,
|
||||
CheckRedirect: defaultCheckRedirect,
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
// SetHTTPClient sets the underlying HTTP client used for requests.
|
||||
// This is intended for test setup only to inject mock transports; it must be
|
||||
// called before any goroutines issue requests.
|
||||
//
|
||||
// Passing nil restores the default safe client (30s timeout, IP-blocking
|
||||
// safeDialContext, and redirect-rejecting CheckRedirect policy matching NewClient).
|
||||
// Passing nil restores the default client (30s timeout + redirect-rejecting
|
||||
// CheckRedirect policy matching NewClient).
|
||||
//
|
||||
// Callers providing a non-nil client are responsible for configuring a safe
|
||||
// CheckRedirect policy. Without one, the default net/http behavior will follow
|
||||
// redirects and may forward the Authorization header to untrusted hosts.
|
||||
func (c *Client) SetHTTPClient(hc *http.Client) {
|
||||
if hc == nil {
|
||||
hc = newSafeHTTPClient()
|
||||
hc = &http.Client{
|
||||
Timeout: 30 * time.Second,
|
||||
CheckRedirect: defaultCheckRedirect,
|
||||
}
|
||||
}
|
||||
c.http = hc
|
||||
}
|
||||
|
||||
+37
-171
@@ -36,7 +36,7 @@ func TestGetPullRequest(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
got, err := client.GetPullRequest(context.Background(), "owner", "repo", 1)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -63,7 +63,7 @@ func TestGetPullRequestDiff(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
got, err := client.GetPullRequestDiff(context.Background(), "owner", "repo", 5)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -88,7 +88,7 @@ func TestGetCommitStatuses(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
got, err := client.GetCommitStatuses(context.Background(), "owner", "repo", "abc123")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -138,7 +138,7 @@ func TestPostReview(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
review, err := client.PostReview(context.Background(), "owner", "repo", 3, "APPROVED", "LGTM", "abc123def", nil)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -158,7 +158,7 @@ func TestGetPullRequest_Non200(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
_, err := client.GetPullRequest(context.Background(), "owner", "repo", 999)
|
||||
if err == nil {
|
||||
t.Fatal("expected error for 404, got nil")
|
||||
@@ -171,7 +171,7 @@ func TestGetPullRequest_BadJSON(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
_, err := client.GetPullRequest(context.Background(), "owner", "repo", 1)
|
||||
if err == nil {
|
||||
t.Fatal("expected error for bad JSON, got nil")
|
||||
@@ -185,7 +185,7 @@ func TestPostReview_Non200(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
_, err := client.PostReview(context.Background(), "owner", "repo", 1, "APPROVED", "test", "", nil)
|
||||
if err == nil {
|
||||
t.Fatal("expected error for 403, got nil")
|
||||
@@ -208,7 +208,7 @@ func TestPostReview_EmptyCommitID_OmittedFromPayload(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
_, err := client.PostReview(context.Background(), "owner", "repo", 1, "APPROVED", "ok", "", nil)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -226,7 +226,7 @@ func TestGetFileContent(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
got, err := client.GetFileContent(context.Background(), "owner", "repo", "CONVENTIONS.md")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -246,7 +246,7 @@ func TestGetPullRequestFiles(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
files, err := client.GetPullRequestFiles(context.Background(), "owner", "repo", 1)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -271,7 +271,7 @@ func TestGetFileContentRef(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
content, err := client.GetFileContentRef(context.Background(), "owner", "repo", "main.go", "feature-branch")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -291,7 +291,7 @@ func TestListContents(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
entries, err := client.ListContents(context.Background(), "owner", "repo", "docs")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -318,7 +318,7 @@ func TestListContents_DotPath(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
entries, err := client.ListContents(context.Background(), "owner", "repo", ".")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -343,7 +343,7 @@ func TestListContents_FilePath(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
entries, err := client.ListContents(context.Background(), "owner", "repo", "README.md")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -375,7 +375,7 @@ func TestGetAllFilesInPath_File(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
files, err := client.GetAllFilesInPath(context.Background(), "owner", "repo", "README.md")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -428,7 +428,7 @@ func TestListReviews(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
reviews, err := client.ListReviews(context.Background(), "owner", "repo", 5)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -468,7 +468,7 @@ func TestListReviews_Pagination(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
reviews, err := client.ListReviews(context.Background(), "owner", "repo", 5)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -493,7 +493,7 @@ func TestDeleteReview(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
err := client.DeleteReview(context.Background(), "owner", "repo", 5, 10)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
@@ -507,7 +507,7 @@ func TestDeleteReview_Forbidden(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
err := client.DeleteReview(context.Background(), "owner", "repo", 5, 10)
|
||||
if err == nil {
|
||||
t.Fatal("expected error for 403, got nil")
|
||||
@@ -536,7 +536,7 @@ func TestEditComment(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
err := client.EditComment(context.Background(), "owner", "repo", 42, "updated body")
|
||||
if err != nil {
|
||||
t.Fatalf("EditComment() error = %v", err)
|
||||
@@ -550,7 +550,7 @@ func TestEditComment_Forbidden(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
err := client.EditComment(context.Background(), "owner", "repo", 42, "new body")
|
||||
if err == nil {
|
||||
t.Fatal("expected error for 403 response")
|
||||
@@ -570,7 +570,7 @@ func TestGetTimelineReviewCommentID(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
id, err := client.GetTimelineReviewCommentID(context.Background(), "owner", "repo", 5, "<!-- review-bot:sonnet -->")
|
||||
if err != nil {
|
||||
t.Fatalf("GetTimelineReviewCommentID() error = %v", err)
|
||||
@@ -586,7 +586,7 @@ func TestGetTimelineReviewCommentID_NotFound(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
_, err := client.GetTimelineReviewCommentID(context.Background(), "owner", "repo", 5, "<!-- review-bot:sonnet -->")
|
||||
if err == nil {
|
||||
t.Fatal("expected error when sentinel not found")
|
||||
@@ -609,7 +609,7 @@ func TestGetAllFilesInPath_404FallsBackToFile(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
files, err := client.GetAllFilesInPath(context.Background(), "owner", "repo", "README.md")
|
||||
if err != nil {
|
||||
t.Fatalf("expected fallback to file on 404, got error: %v", err)
|
||||
@@ -630,7 +630,7 @@ func TestGetAllFilesInPath_500Propagates(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
_, err := client.GetAllFilesInPath(context.Background(), "owner", "repo", "somepath")
|
||||
if err == nil {
|
||||
t.Fatal("expected error to propagate for 500, got nil")
|
||||
@@ -652,7 +652,7 @@ func TestGetAllFilesInPath_403Propagates(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
_, err := client.GetAllFilesInPath(context.Background(), "owner", "repo", "private/stuff")
|
||||
if err == nil {
|
||||
t.Fatal("expected error to propagate for 403, got nil")
|
||||
@@ -704,7 +704,7 @@ func TestGetAuthenticatedUser(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
login, err := client.GetAuthenticatedUser(context.Background())
|
||||
if err != nil {
|
||||
t.Fatalf("GetAuthenticatedUser() error = %v", err)
|
||||
@@ -729,7 +729,7 @@ func TestRequestReviewer(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
err := client.RequestReviewer(context.Background(), "owner", "repo", 7, "bot-user")
|
||||
if err != nil {
|
||||
t.Fatalf("RequestReviewer() error = %v", err)
|
||||
@@ -745,7 +745,7 @@ func TestRequestReviewer_204(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
err := client.RequestReviewer(context.Background(), "owner", "repo", 1, "user")
|
||||
if err != nil {
|
||||
t.Fatalf("RequestReviewer() should accept 204, got error = %v", err)
|
||||
@@ -759,7 +759,7 @@ func TestRequestReviewer_Error(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
err := client.RequestReviewer(context.Background(), "owner", "repo", 1, "user")
|
||||
if err == nil {
|
||||
t.Fatal("expected error for 403 response")
|
||||
@@ -779,7 +779,7 @@ func TestListReviewComments(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
comments, err := client.ListReviewComments(context.Background(), "owner", "repo", 1, 42)
|
||||
if err != nil {
|
||||
t.Fatalf("ListReviewComments() error = %v", err)
|
||||
@@ -807,7 +807,7 @@ func TestResolveComment(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
err := client.ResolveComment(context.Background(), "owner", "repo", 99)
|
||||
if err != nil {
|
||||
t.Fatalf("ResolveComment() error = %v", err)
|
||||
@@ -821,7 +821,7 @@ func TestResolveComment_Error(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
err := client.ResolveComment(context.Background(), "owner", "repo", 99)
|
||||
if err == nil {
|
||||
t.Fatal("expected error for 404 response")
|
||||
@@ -870,7 +870,7 @@ func TestDoGet_RetriesOn500(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
// Use short backoff for fast tests
|
||||
client.RetryBackoff = []time.Duration{1 * time.Millisecond, 1 * time.Millisecond}
|
||||
|
||||
@@ -895,7 +895,7 @@ func TestDoGet_FailsAfterMaxRetries(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
// Use short backoff for fast tests
|
||||
client.RetryBackoff = []time.Duration{1 * time.Millisecond, 1 * time.Millisecond}
|
||||
|
||||
@@ -924,7 +924,7 @@ func TestDoGet_NoRetryOn4xx(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
_, err := client.doGet(context.Background(), server.URL+"/test")
|
||||
if err == nil {
|
||||
t.Fatal("expected error for 403")
|
||||
@@ -952,7 +952,7 @@ func TestDoGet_RespectsContextCancellation(t *testing.T) {
|
||||
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
// Use longer backoff to give us time to cancel during the wait
|
||||
client.RetryBackoff = []time.Duration{100 * time.Millisecond, 100 * time.Millisecond}
|
||||
|
||||
@@ -1285,137 +1285,3 @@ func TestSetHTTPClient_NilRestoresDefault(t *testing.T) {
|
||||
t.Fatal("expected CheckRedirect policy after SetHTTPClient(nil)")
|
||||
}
|
||||
}
|
||||
|
||||
// TestSafeDialContextBlocksPrivateIPs verifies that NewClient (which uses
|
||||
// safeDialContext by default) refuses to connect to private/reserved IPs.
|
||||
func TestSafeDialContextBlocksPrivateIPs(t *testing.T) {
|
||||
// These servers listen on 127.0.0.1, so the safe dialer will block them.
|
||||
// We use NewClient (NOT NewTestClient) to exercise the real safe dialer.
|
||||
privateURLs := []struct {
|
||||
name string
|
||||
url string
|
||||
}{
|
||||
{"loopback localhost", "http://localhost/"},
|
||||
{"loopback 127.0.0.1", "http://127.0.0.1/"},
|
||||
}
|
||||
|
||||
for _, tc := range privateURLs {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
c := NewClient(tc.url, "token")
|
||||
_, err := c.GetPullRequest(context.Background(), "owner", "repo", 1)
|
||||
if err == nil {
|
||||
t.Errorf("expected error connecting to %s, got nil", tc.url)
|
||||
}
|
||||
// Error must mention SSRF/blocked, not a random network error.
|
||||
if !strings.Contains(err.Error(), "blocked") &&
|
||||
!strings.Contains(err.Error(), "private") &&
|
||||
!strings.Contains(err.Error(), "loopback") &&
|
||||
!strings.Contains(err.Error(), "reserved") {
|
||||
t.Logf("error: %v", err)
|
||||
// Allow other errors (connection refused, DNS) since the point
|
||||
// is that we don't silently succeed — but prefer the explicit block message.
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// TestWithUnsafeDialerAllowsLocalhost verifies that WithUnsafeDialer bypasses
|
||||
// the IP check, allowing tests to connect to httptest.Server (127.0.0.1).
|
||||
func TestWithUnsafeDialerAllowsLocalhost(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.Write([]byte(`{"title":"test","body":"","head":{"sha":"abc","ref":"main"}}`))
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
// WithUnsafeDialer should allow connecting to 127.0.0.1.
|
||||
c := NewClient(server.URL, "token").WithUnsafeDialer()
|
||||
pr, err := c.GetPullRequest(context.Background(), "owner", "repo", 1)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error with unsafe dialer: %v", err)
|
||||
}
|
||||
if pr.Title != "test" {
|
||||
t.Errorf("expected title 'test', got %q", pr.Title)
|
||||
}
|
||||
}
|
||||
|
||||
// TestNewClient_HasSafeTransport verifies that NewClient installs the
|
||||
// SSRF-blocking transport (i.e. Transport is not nil and DialContext is set).
|
||||
func TestNewClient_HasSafeTransport(t *testing.T) {
|
||||
c := NewClient("https://gitea.example.com", "token")
|
||||
if c.http.Transport == nil {
|
||||
t.Fatal("expected Transport to be set on NewClient (safe dialer)")
|
||||
}
|
||||
transport, ok := c.http.Transport.(*http.Transport)
|
||||
if !ok {
|
||||
t.Fatalf("expected *http.Transport, got %T", c.http.Transport)
|
||||
}
|
||||
if transport.DialContext == nil {
|
||||
t.Fatal("expected DialContext to be set on transport (safe dialer)")
|
||||
}
|
||||
}
|
||||
|
||||
// TestSetHTTPClient_NilRestoresSafeTransport verifies that SetHTTPClient(nil)
|
||||
// restores the safe transport (not just any client).
|
||||
func TestSetHTTPClient_NilRestoresSafeTransport(t *testing.T) {
|
||||
c := NewClient("https://gitea.example.com", "token")
|
||||
c.SetHTTPClient(&http.Client{}) // replace with plain client
|
||||
c.SetHTTPClient(nil) // restore
|
||||
transport, ok := c.http.Transport.(*http.Transport)
|
||||
if !ok {
|
||||
t.Fatalf("expected *http.Transport after SetHTTPClient(nil), got %T", c.http.Transport)
|
||||
}
|
||||
if transport.DialContext == nil {
|
||||
t.Fatal("expected DialContext to be restored after SetHTTPClient(nil)")
|
||||
}
|
||||
}
|
||||
|
||||
// TestNewSafeHTTPClient_PreservesDefaultTransportSettings verifies that
|
||||
// newSafeHTTPClient clones http.DefaultTransport to retain proxy support,
|
||||
// TLS handshake timeout, idle connection limits, and HTTP/2.
|
||||
func TestNewSafeHTTPClient_PreservesDefaultTransportSettings(t *testing.T) {
|
||||
c := NewClient("https://gitea.example.com", "token")
|
||||
transport, ok := c.http.Transport.(*http.Transport)
|
||||
if !ok {
|
||||
t.Fatalf("expected *http.Transport, got %T", c.http.Transport)
|
||||
}
|
||||
|
||||
defaults := http.DefaultTransport.(*http.Transport)
|
||||
|
||||
// TLSHandshakeTimeout must be inherited (non-zero), not the zero value
|
||||
// that a bare &http.Transport{} would have.
|
||||
if transport.TLSHandshakeTimeout == 0 {
|
||||
t.Error("TLSHandshakeTimeout is 0; expected inherited value from DefaultTransport")
|
||||
}
|
||||
if transport.TLSHandshakeTimeout != defaults.TLSHandshakeTimeout {
|
||||
t.Errorf("TLSHandshakeTimeout = %v, want %v", transport.TLSHandshakeTimeout, defaults.TLSHandshakeTimeout)
|
||||
}
|
||||
|
||||
// IdleConnTimeout must be inherited.
|
||||
if transport.IdleConnTimeout == 0 {
|
||||
t.Error("IdleConnTimeout is 0; expected inherited value from DefaultTransport")
|
||||
}
|
||||
if transport.IdleConnTimeout != defaults.IdleConnTimeout {
|
||||
t.Errorf("IdleConnTimeout = %v, want %v", transport.IdleConnTimeout, defaults.IdleConnTimeout)
|
||||
}
|
||||
|
||||
// MaxIdleConns must be inherited.
|
||||
if transport.MaxIdleConns == 0 {
|
||||
t.Error("MaxIdleConns is 0; expected inherited value from DefaultTransport")
|
||||
}
|
||||
|
||||
// ForceAttemptHTTP2 must be inherited.
|
||||
if !transport.ForceAttemptHTTP2 {
|
||||
t.Error("ForceAttemptHTTP2 is false; expected true from DefaultTransport")
|
||||
}
|
||||
|
||||
// Proxy must be set (ProxyFromEnvironment).
|
||||
if transport.Proxy == nil {
|
||||
t.Error("Proxy is nil; expected ProxyFromEnvironment from DefaultTransport")
|
||||
}
|
||||
|
||||
// DialContext must be our safe dialer, not the default.
|
||||
if transport.DialContext == nil {
|
||||
t.Error("DialContext is nil; expected safeDialContext")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -70,7 +70,7 @@ func TestGetPullRequestDiff_SizeLimits(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
client.MaxDiffSize = tt.maxDiffSize
|
||||
client.RetryBackoff = []time.Duration{}
|
||||
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
// Package gitea — export_test.go exposes test helpers to test files in this
|
||||
// package. It uses `package gitea` (not `package gitea_test`) so it can access
|
||||
// unexported identifiers; Go only compiles it into the test binary, never into
|
||||
// the production binary. This is the idiomatic pattern for white-box testing
|
||||
// in Go (see net/http/export_test.go in the stdlib for the same approach).
|
||||
package gitea
|
||||
|
||||
// NewTestClient creates a Gitea client configured for use in unit tests.
|
||||
// It bypasses the IP-level SSRF protection so that tests can connect to
|
||||
// httptest.Server instances (which listen on 127.0.0.1).
|
||||
//
|
||||
// Using the internal package gitea declaration (not gitea_test) means this
|
||||
// symbol is available to all _test.go files in this package. It is ONLY
|
||||
// compiled into the test binary; production binaries never include it.
|
||||
// Production code must use NewClient, which enables the safe dialer.
|
||||
func NewTestClient(baseURL, token string) *Client {
|
||||
return NewClient(baseURL, token).WithUnsafeDialer()
|
||||
}
|
||||
@@ -1,22 +0,0 @@
|
||||
// Package gitea provides a client for the Gitea API.
|
||||
// ipcheck.go re-exports the IsBlockedIP function from internal/netutil for use
|
||||
// by this package's safe dialer (client.go) and for backward compatibility with
|
||||
// any callers that previously imported it from here.
|
||||
//
|
||||
// The implementation has moved to internal/netutil so it can be shared with the
|
||||
// validate-url subcommand (cmd/review-bot/validateurl.go) without creating a
|
||||
// dependency from VCS-generic code on the Gitea-specific package.
|
||||
package gitea
|
||||
|
||||
import (
|
||||
"net"
|
||||
|
||||
"gitea.weiker.me/rodin/review-bot/internal/netutil"
|
||||
)
|
||||
|
||||
// IsBlockedIP reports whether ip is in a blocked address range.
|
||||
// It delegates to internal/netutil.IsBlockedIP; see that function for the full
|
||||
// list of blocked ranges and IPv6-mapped IPv4 normalization behavior.
|
||||
func IsBlockedIP(ip net.IP) bool {
|
||||
return netutil.IsBlockedIP(ip)
|
||||
}
|
||||
@@ -1,37 +0,0 @@
|
||||
package gitea
|
||||
|
||||
import (
|
||||
"net"
|
||||
"testing"
|
||||
|
||||
"gitea.weiker.me/rodin/review-bot/internal/netutil"
|
||||
)
|
||||
|
||||
// TestIsBlockedIPForwarding verifies that gitea.IsBlockedIP correctly forwards
|
||||
// to internal/netutil.IsBlockedIP. Full coverage of the blocking logic lives in
|
||||
// internal/netutil/ipcheck_test.go.
|
||||
func TestIsBlockedIPForwarding(t *testing.T) {
|
||||
cases := []struct {
|
||||
ip string
|
||||
blocked bool
|
||||
}{
|
||||
{"127.0.0.1", true}, // loopback — must be blocked
|
||||
{"192.168.1.1", true}, // RFC1918 — must be blocked
|
||||
{"8.8.8.8", false}, // public — must not be blocked
|
||||
{"2001:4860:4860::8888", false}, // public IPv6 — must not be blocked
|
||||
}
|
||||
for _, tc := range cases {
|
||||
ip := net.ParseIP(tc.ip)
|
||||
if ip == nil {
|
||||
t.Fatalf("failed to parse IP %q", tc.ip)
|
||||
}
|
||||
got := IsBlockedIP(ip)
|
||||
want := netutil.IsBlockedIP(ip)
|
||||
if got != want {
|
||||
t.Errorf("gitea.IsBlockedIP(%q) = %v, netutil.IsBlockedIP = %v: forwarding mismatch", tc.ip, got, want)
|
||||
}
|
||||
if got != tc.blocked {
|
||||
t.Errorf("gitea.IsBlockedIP(%q) = %v, want %v", tc.ip, got, tc.blocked)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -31,7 +31,7 @@ func TestPostReview_WithComments(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
comments := []ReviewComment{
|
||||
{Path: "main.go", NewPosition: 42, Body: "[MAJOR] Something bad"},
|
||||
{Path: "util.go", NewPosition: 10, Body: "[MINOR] Style issue"},
|
||||
@@ -71,7 +71,7 @@ func TestPostReview_NilComments(t *testing.T) {
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := NewTestClient(server.URL, "test-token")
|
||||
client := NewClient(server.URL, "test-token")
|
||||
_, err := client.PostReview(context.Background(), "owner", "repo", 1, "APPROVED", "all good", "", nil)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
|
||||
+4
-457
@@ -4,10 +4,7 @@
|
||||
package github
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
@@ -95,6 +92,10 @@ func asAPIError(err error) (*APIError, bool) {
|
||||
// SetHTTPClient and SetRetryBackoff are intended for test setup only and must
|
||||
// be called before any goroutines issue requests; they have no synchronization.
|
||||
type Client struct {
|
||||
// TODO: baseURL is populated by NewClient but not yet consumed by doRequest/doGet.
|
||||
// Higher-level exported methods (GetPullRequest, etc.) will use it to
|
||||
// construct request URLs; remove this field if those methods end up
|
||||
// accepting full URLs instead.
|
||||
baseURL string
|
||||
token string
|
||||
httpClient *http.Client
|
||||
@@ -375,457 +376,3 @@ func (c *Client) doRequest(ctx context.Context, method, reqURL string, accept st
|
||||
func (c *Client) doGet(ctx context.Context, url string) ([]byte, error) {
|
||||
return c.doRequest(ctx, http.MethodGet, url, "")
|
||||
}
|
||||
|
||||
// doRequestWithBody performs an HTTP request with an optional body, applying the
|
||||
// same HTTPS enforcement as doRequest. It is used by write methods (POST, PUT,
|
||||
// DELETE) that bypass the retry loop in doRequest because write operations are
|
||||
// not idempotent.
|
||||
//
|
||||
// body may be nil for requests that carry no payload (e.g. DELETE).
|
||||
// When body is non-nil, Content-Type is set to application/json.
|
||||
func (c *Client) doRequestWithBody(ctx context.Context, method, reqURL string, body []byte) ([]byte, error) {
|
||||
if !c.allowInsecureHTTP {
|
||||
parsed, err := url.Parse(reqURL)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parse request URL: %w", err)
|
||||
}
|
||||
if strings.EqualFold(parsed.Scheme, "http") {
|
||||
return nil, fmt.Errorf("refusing HTTP request to %s: use HTTPS or set AllowInsecureHTTP option", redactURL(reqURL))
|
||||
}
|
||||
}
|
||||
|
||||
var reqBody io.Reader
|
||||
if body != nil {
|
||||
reqBody = bytes.NewReader(body)
|
||||
}
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, method, reqURL, reqBody)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("create request: %w", err)
|
||||
}
|
||||
req.Header.Set("Authorization", "Bearer "+c.token)
|
||||
req.Header.Set("Accept", "application/vnd.github+json")
|
||||
if body != nil {
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
}
|
||||
|
||||
resp, err := c.httpClient.Do(req)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("do request: %w", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode >= 200 && resp.StatusCode < 300 {
|
||||
respBody, err := io.ReadAll(io.LimitReader(resp.Body, maxResponseBodyBytes))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("read response body: %w", err)
|
||||
}
|
||||
return respBody, nil
|
||||
}
|
||||
|
||||
errBody, _ := io.ReadAll(io.LimitReader(resp.Body, maxErrorBodyBytes))
|
||||
return nil, &APIError{StatusCode: resp.StatusCode, Body: string(errBody)}
|
||||
}
|
||||
|
||||
// --- API types ---
|
||||
|
||||
// PullRequest holds relevant PR metadata.
|
||||
type PullRequest struct {
|
||||
Title string `json:"title"`
|
||||
Body string `json:"body"`
|
||||
Head struct {
|
||||
Sha string `json:"sha"`
|
||||
Ref string `json:"ref"`
|
||||
} `json:"head"`
|
||||
Draft bool `json:"draft"`
|
||||
}
|
||||
|
||||
// CommitStatus represents a single CI status entry.
|
||||
// GitHub returns "state" not "status"; this type uses Status for consistency
|
||||
// with the gitea package (both are normalized before use).
|
||||
type CommitStatus struct {
|
||||
Status string `json:"state"` // GitHub field is "state"
|
||||
Context string `json:"context"`
|
||||
Description string `json:"description"`
|
||||
TargetURL string `json:"target_url"`
|
||||
}
|
||||
|
||||
// ChangedFile represents a file modified in a PR.
|
||||
type ChangedFile struct {
|
||||
Filename string `json:"filename"`
|
||||
Status string `json:"status"`
|
||||
}
|
||||
|
||||
// ReviewComment represents an inline comment to attach to a review.
|
||||
// GitHub uses "position" (diff hunk position), whereas Gitea uses "new_position" (line number).
|
||||
// When posting inline comments on GitHub, position is required; line numbers
|
||||
// from the diff cannot be used directly.
|
||||
type ReviewComment struct {
|
||||
ID int64 `json:"id,omitempty"`
|
||||
Path string `json:"path"`
|
||||
Position int64 `json:"position,omitempty"` // GitHub diff hunk position
|
||||
Line int64 `json:"line,omitempty"` // GitHub absolute line number (alternative to position)
|
||||
Side string `json:"side,omitempty"` // "RIGHT" or "LEFT"
|
||||
Body string `json:"body"`
|
||||
}
|
||||
|
||||
// Review represents a pull request review from the GitHub API.
|
||||
type Review struct {
|
||||
ID int64 `json:"id"`
|
||||
Body string `json:"body"`
|
||||
User struct {
|
||||
Login string `json:"login"`
|
||||
} `json:"user"`
|
||||
State string `json:"state"`
|
||||
}
|
||||
|
||||
// contentResponse is the GitHub contents API response for a single file.
|
||||
type contentResponse struct {
|
||||
Name string `json:"name"`
|
||||
Path string `json:"path"`
|
||||
Type string `json:"type"` // "file" or "dir" or "symlink" or "submodule"
|
||||
Content string `json:"content"` // Base64-encoded file content (with embedded newlines)
|
||||
Encoding string `json:"encoding"` // "base64" or ""
|
||||
}
|
||||
|
||||
// ContentEntry represents a file or directory entry from the contents API.
|
||||
type ContentEntry struct {
|
||||
Name string `json:"name"`
|
||||
Path string `json:"path"`
|
||||
Type string `json:"type"` // "file" or "dir"
|
||||
}
|
||||
|
||||
// --- PR methods ---
|
||||
|
||||
// GetPullRequest fetches PR metadata.
|
||||
func (c *Client) GetPullRequest(ctx context.Context, owner, repo string, number int) (*PullRequest, error) {
|
||||
reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d",
|
||||
c.baseURL, url.PathEscape(owner), url.PathEscape(repo), number)
|
||||
body, err := c.doGet(ctx, reqURL)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("fetch PR: %w", err)
|
||||
}
|
||||
var pr PullRequest
|
||||
if err := json.Unmarshal(body, &pr); err != nil {
|
||||
return nil, fmt.Errorf("parse PR JSON: %w", err)
|
||||
}
|
||||
return &pr, nil
|
||||
}
|
||||
|
||||
// GetPullRequestDiff fetches the unified diff for a PR.
|
||||
func (c *Client) GetPullRequestDiff(ctx context.Context, owner, repo string, number int) (string, error) {
|
||||
reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d",
|
||||
c.baseURL, url.PathEscape(owner), url.PathEscape(repo), number)
|
||||
body, err := c.doRequest(ctx, http.MethodGet, reqURL, "application/vnd.github.diff")
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("fetch diff: %w", err)
|
||||
}
|
||||
return string(body), nil
|
||||
}
|
||||
|
||||
// GetPullRequestFiles fetches the list of files changed in a PR.
|
||||
// GitHub paginates this endpoint (100 per page max).
|
||||
func (c *Client) GetPullRequestFiles(ctx context.Context, owner, repo string, number int) ([]ChangedFile, error) {
|
||||
const perPage = 100
|
||||
var all []ChangedFile
|
||||
for page := 1; ; page++ {
|
||||
reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/files?per_page=%d&page=%d",
|
||||
c.baseURL, url.PathEscape(owner), url.PathEscape(repo), number, perPage, page)
|
||||
body, err := c.doGet(ctx, reqURL)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("fetch PR files (page %d): %w", page, err)
|
||||
}
|
||||
var batch []ChangedFile
|
||||
if err := json.Unmarshal(body, &batch); err != nil {
|
||||
return nil, fmt.Errorf("parse PR files JSON (page %d): %w", page, err)
|
||||
}
|
||||
all = append(all, batch...)
|
||||
if len(batch) < perPage {
|
||||
break
|
||||
}
|
||||
}
|
||||
return all, nil
|
||||
}
|
||||
|
||||
// GetCommitStatuses fetches CI statuses for a commit SHA.
|
||||
// GitHub has two status systems: legacy "commit statuses" and newer "check runs".
|
||||
// This method returns commit statuses only; check runs are a separate API.
|
||||
// Note: GitHub returns "state" in the JSON; CommitStatus.Status is tagged accordingly.
|
||||
func (c *Client) GetCommitStatuses(ctx context.Context, owner, repo, sha string) ([]CommitStatus, error) {
|
||||
const perPage = 100
|
||||
var all []CommitStatus
|
||||
for page := 1; ; page++ {
|
||||
reqURL := fmt.Sprintf("%s/repos/%s/%s/commits/%s/statuses?per_page=%d&page=%d",
|
||||
c.baseURL, url.PathEscape(owner), url.PathEscape(repo), url.PathEscape(sha), perPage, page)
|
||||
body, err := c.doGet(ctx, reqURL)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("fetch commit statuses (page %d): %w", page, err)
|
||||
}
|
||||
var batch []CommitStatus
|
||||
if err := json.Unmarshal(body, &batch); err != nil {
|
||||
return nil, fmt.Errorf("parse statuses JSON (page %d): %w", page, err)
|
||||
}
|
||||
all = append(all, batch...)
|
||||
if len(batch) < perPage {
|
||||
break
|
||||
}
|
||||
}
|
||||
return all, nil
|
||||
}
|
||||
|
||||
// --- File content methods ---
|
||||
|
||||
// GetFileContent fetches a file from the default branch of a repo.
|
||||
// GitHub returns base64-encoded content; this method decodes it.
|
||||
func (c *Client) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
|
||||
return c.getFileContentAtRef(ctx, owner, repo, filepath, "")
|
||||
}
|
||||
|
||||
// GetFileContentRef fetches a file from a specific ref (branch/tag/sha).
|
||||
func (c *Client) GetFileContentRef(ctx context.Context, owner, repo, filepath, ref string) (string, error) {
|
||||
return c.getFileContentAtRef(ctx, owner, repo, filepath, ref)
|
||||
}
|
||||
|
||||
// getFileContentAtRef fetches a file at the given ref (empty = default branch).
|
||||
// GitHub's contents API returns base64-encoded file content.
|
||||
func (c *Client) getFileContentAtRef(ctx context.Context, owner, repo, filepath, ref string) (string, error) {
|
||||
reqURL := fmt.Sprintf("%s/repos/%s/%s/contents/%s",
|
||||
c.baseURL, url.PathEscape(owner), url.PathEscape(repo), escapePath(filepath))
|
||||
if ref != "" {
|
||||
reqURL += "?ref=" + url.QueryEscape(ref)
|
||||
}
|
||||
body, err := c.doGet(ctx, reqURL)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("fetch file %s: %w", filepath, err)
|
||||
}
|
||||
var resp contentResponse
|
||||
if err := json.Unmarshal(body, &resp); err != nil {
|
||||
return "", fmt.Errorf("parse file content JSON for %s: %w", filepath, err)
|
||||
}
|
||||
if resp.Type != "file" {
|
||||
return "", fmt.Errorf("path %s is a %s, not a file", filepath, resp.Type)
|
||||
}
|
||||
if resp.Encoding == "base64" {
|
||||
// GitHub embeds newlines in the base64 content for readability.
|
||||
// Strip them before decoding.
|
||||
cleaned := strings.ReplaceAll(resp.Content, "\n", "")
|
||||
decoded, err := base64.StdEncoding.DecodeString(cleaned)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("decode base64 content for %s: %w", filepath, err)
|
||||
}
|
||||
return string(decoded), nil
|
||||
}
|
||||
// Non-base64 encoding (shouldn't happen normally, but handle gracefully).
|
||||
return resp.Content, nil
|
||||
}
|
||||
|
||||
// ListContents lists files and directories at a given path.
|
||||
// Pass an empty path to list the repository root.
|
||||
// GitHub returns a single object (not array) when path is a file — this
|
||||
// method normalizes both cases to a slice, matching Gitea's behavior.
|
||||
func (c *Client) ListContents(ctx context.Context, owner, repo, path string) ([]ContentEntry, error) {
|
||||
var reqURL string
|
||||
if path == "" || path == "." {
|
||||
reqURL = fmt.Sprintf("%s/repos/%s/%s/contents",
|
||||
c.baseURL, url.PathEscape(owner), url.PathEscape(repo))
|
||||
} else {
|
||||
reqURL = fmt.Sprintf("%s/repos/%s/%s/contents/%s",
|
||||
c.baseURL, url.PathEscape(owner), url.PathEscape(repo), escapePath(path))
|
||||
}
|
||||
body, err := c.doGet(ctx, reqURL)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("list contents %s: %w", path, err)
|
||||
}
|
||||
|
||||
var entries []ContentEntry
|
||||
if err := json.Unmarshal(body, &entries); err != nil {
|
||||
// GitHub returns a single object when path is a file (not an array).
|
||||
var single contentResponse
|
||||
if err2 := json.Unmarshal(body, &single); err2 != nil {
|
||||
return nil, fmt.Errorf("parse contents JSON: %w", err)
|
||||
}
|
||||
if single.Name == "" && single.Path == "" {
|
||||
return nil, fmt.Errorf("parse contents JSON: empty response for path %q", path)
|
||||
}
|
||||
entries = []ContentEntry{{
|
||||
Name: single.Name,
|
||||
Path: single.Path,
|
||||
Type: single.Type,
|
||||
}}
|
||||
}
|
||||
return entries, nil
|
||||
}
|
||||
|
||||
// GetAllFilesInPath recursively fetches all file contents under a path.
|
||||
// If the path is a file, returns just that file's content.
|
||||
// If the path is a directory, recursively fetches all files within it.
|
||||
func (c *Client) GetAllFilesInPath(ctx context.Context, owner, repo, path string) (map[string]string, error) {
|
||||
results := make(map[string]string)
|
||||
|
||||
entries, err := c.ListContents(ctx, owner, repo, path)
|
||||
if err != nil {
|
||||
if !IsNotFound(err) {
|
||||
return nil, fmt.Errorf("list contents %q: %w", path, err)
|
||||
}
|
||||
// 404 means path may be a file — try fetching directly.
|
||||
content, fileErr := c.GetFileContent(ctx, owner, repo, path)
|
||||
if fileErr != nil {
|
||||
return nil, fmt.Errorf("path %q is neither a file nor directory: %w", path, fileErr)
|
||||
}
|
||||
results[path] = content
|
||||
return results, nil
|
||||
}
|
||||
|
||||
for _, entry := range entries {
|
||||
switch entry.Type {
|
||||
case "file":
|
||||
content, err := c.GetFileContent(ctx, owner, repo, entry.Path)
|
||||
if err != nil {
|
||||
slog.Warn("could not fetch file from patterns repo", "file", entry.Path, "error", err)
|
||||
continue
|
||||
}
|
||||
results[entry.Path] = content
|
||||
case "dir":
|
||||
subResults, err := c.GetAllFilesInPath(ctx, owner, repo, entry.Path)
|
||||
if err != nil {
|
||||
slog.Warn("could not recurse into directory", "dir", entry.Path, "error", err)
|
||||
continue
|
||||
}
|
||||
for k, v := range subResults {
|
||||
results[k] = v
|
||||
}
|
||||
}
|
||||
}
|
||||
return results, nil
|
||||
}
|
||||
|
||||
// --- Review methods ---
|
||||
|
||||
// PostReview submits a review to a PR.
|
||||
// event should be one of "APPROVE", "REQUEST_CHANGES", or "COMMENT".
|
||||
// commitID anchors the review to a specific commit SHA. If empty, defaults to current HEAD.
|
||||
// comments are optional inline comments; GitHub uses diff hunk position (not line numbers).
|
||||
// Note: unlike Gitea, GitHub does not support deleting submitted reviews.
|
||||
// Use COMMENT event to supersede old reviews.
|
||||
func (c *Client) PostReview(ctx context.Context, owner, repo string, number int, event, body, commitID string, comments []ReviewComment) (*Review, error) {
|
||||
reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/reviews",
|
||||
c.baseURL, url.PathEscape(owner), url.PathEscape(repo), number)
|
||||
|
||||
payload := struct {
|
||||
Body string `json:"body"`
|
||||
Event string `json:"event"`
|
||||
CommitID string `json:"commit_id,omitempty"`
|
||||
Comments []ReviewComment `json:"comments,omitempty"`
|
||||
}{
|
||||
Body: body,
|
||||
Event: event,
|
||||
CommitID: commitID,
|
||||
Comments: comments,
|
||||
}
|
||||
|
||||
data, err := json.Marshal(payload)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("marshal review payload: %w", err)
|
||||
}
|
||||
|
||||
respBody, err := c.doRequestWithBody(ctx, http.MethodPost, reqURL, data)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("post review: %w", err)
|
||||
}
|
||||
|
||||
var review Review
|
||||
if err := json.Unmarshal(respBody, &review); err != nil {
|
||||
return nil, fmt.Errorf("parse review response: %w", err)
|
||||
}
|
||||
return &review, nil
|
||||
}
|
||||
|
||||
// ListReviews returns all reviews on a pull request.
|
||||
// GitHub paginates via Link header; this method uses per_page=100.
|
||||
func (c *Client) ListReviews(ctx context.Context, owner, repo string, number int) ([]Review, error) {
|
||||
const perPage = 100
|
||||
var all []Review
|
||||
for page := 1; ; page++ {
|
||||
reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/reviews?per_page=%d&page=%d",
|
||||
c.baseURL, url.PathEscape(owner), url.PathEscape(repo), number, perPage, page)
|
||||
body, err := c.doGet(ctx, reqURL)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("list reviews (page %d): %w", page, err)
|
||||
}
|
||||
var batch []Review
|
||||
if err := json.Unmarshal(body, &batch); err != nil {
|
||||
return nil, fmt.Errorf("parse reviews (page %d): %w", page, err)
|
||||
}
|
||||
all = append(all, batch...)
|
||||
if len(batch) < perPage {
|
||||
break
|
||||
}
|
||||
}
|
||||
return all, nil
|
||||
}
|
||||
|
||||
// DeleteReview attempts to delete a pull request review.
|
||||
// GitHub only allows deleting PENDING (draft) reviews. Submitted reviews cannot
|
||||
// be deleted via the API; this method returns a descriptive error in that case.
|
||||
// review-bot callers should handle this error gracefully (e.g., by not attempting
|
||||
// supersede and instead posting a new review alongside the old one).
|
||||
func (c *Client) DeleteReview(ctx context.Context, owner, repo string, number int, reviewID int64) error {
|
||||
reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/reviews/%d",
|
||||
c.baseURL, url.PathEscape(owner), url.PathEscape(repo), number, reviewID)
|
||||
|
||||
// nil body: the GitHub DELETE endpoint for reviews requires no request body.
|
||||
_, err := c.doRequestWithBody(ctx, http.MethodDelete, reqURL, nil)
|
||||
if err != nil {
|
||||
return fmt.Errorf("delete review: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetAuthenticatedUser returns the login of the authenticated user.
|
||||
func (c *Client) GetAuthenticatedUser(ctx context.Context) (string, error) {
|
||||
reqURL := c.baseURL + "/user"
|
||||
body, err := c.doGet(ctx, reqURL)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("get authenticated user: %w", err)
|
||||
}
|
||||
var result struct {
|
||||
Login string `json:"login"`
|
||||
}
|
||||
if err := json.Unmarshal(body, &result); err != nil {
|
||||
return "", fmt.Errorf("parse user response: %w", err)
|
||||
}
|
||||
return result.Login, nil
|
||||
}
|
||||
|
||||
// RequestReviewer adds a user as a requested reviewer on a pull request.
|
||||
// This is idempotent — requesting an already-requested reviewer is a no-op.
|
||||
func (c *Client) RequestReviewer(ctx context.Context, owner, repo string, number int, reviewer string) error {
|
||||
reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/requested_reviewers",
|
||||
c.baseURL, url.PathEscape(owner), url.PathEscape(repo), number)
|
||||
|
||||
payload := struct {
|
||||
Reviewers []string `json:"reviewers"`
|
||||
}{Reviewers: []string{reviewer}}
|
||||
data, err := json.Marshal(payload)
|
||||
if err != nil {
|
||||
return fmt.Errorf("marshal reviewer request: %w", err)
|
||||
}
|
||||
|
||||
_, err = c.doRequestWithBody(ctx, http.MethodPost, reqURL, data)
|
||||
if err != nil {
|
||||
return fmt.Errorf("request reviewer: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// --- helpers ---
|
||||
|
||||
// escapePath escapes each segment of a relative file path for use in URLs.
|
||||
// Slashes are preserved as path separators; other special characters are escaped.
|
||||
func escapePath(p string) string {
|
||||
parts := strings.Split(p, "/")
|
||||
for i, part := range parts {
|
||||
parts[i] = url.PathEscape(part)
|
||||
}
|
||||
return strings.Join(parts, "/")
|
||||
}
|
||||
|
||||
@@ -2,9 +2,7 @@ package github
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
@@ -658,475 +656,3 @@ func TestRedactURL_UserinfoWithQuery(t *testing.T) {
|
||||
t.Errorf("redactURL = %q, want %q", got, want)
|
||||
}
|
||||
}
|
||||
|
||||
// --- Tests for API methods ---
|
||||
|
||||
func TestGetPullRequest_Success(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path != "/repos/owner/repo/pulls/42" {
|
||||
t.Errorf("unexpected path: %s", r.URL.Path)
|
||||
}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`{"title":"Test PR","body":"description","head":{"sha":"abc123","ref":"feature"},"draft":false}`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
pr, err := c.GetPullRequest(context.Background(), "owner", "repo", 42)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if pr.Title != "Test PR" {
|
||||
t.Errorf("Title = %q, want %q", pr.Title, "Test PR")
|
||||
}
|
||||
if pr.Head.Sha != "abc123" {
|
||||
t.Errorf("Head.Sha = %q, want %q", pr.Head.Sha, "abc123")
|
||||
}
|
||||
if pr.Head.Ref != "feature" {
|
||||
t.Errorf("Head.Ref = %q, want %q", pr.Head.Ref, "feature")
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetPullRequest_NotFound(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusNotFound)
|
||||
w.Write([]byte(`{"message":"Not Found"}`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
_, err := c.GetPullRequest(context.Background(), "owner", "repo", 99)
|
||||
if err == nil {
|
||||
t.Fatal("expected error, got nil")
|
||||
}
|
||||
if !IsNotFound(err) {
|
||||
t.Errorf("expected IsNotFound=true, got false for error: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetPullRequestDiff_Success(t *testing.T) {
|
||||
const wantDiff = "diff --git a/foo.go b/foo.go\n--- a/foo.go\n+++ b/foo.go\n"
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Header.Get("Accept") != "application/vnd.github.diff" {
|
||||
t.Errorf("Accept = %q, want application/vnd.github.diff", r.Header.Get("Accept"))
|
||||
}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(wantDiff))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
diff, err := c.GetPullRequestDiff(context.Background(), "owner", "repo", 1)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if diff != wantDiff {
|
||||
t.Errorf("diff = %q, want %q", diff, wantDiff)
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetPullRequestFiles_Success(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`[{"filename":"foo.go","status":"modified"},{"filename":"bar.go","status":"added"}]`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
files, err := c.GetPullRequestFiles(context.Background(), "owner", "repo", 1)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if len(files) != 2 {
|
||||
t.Fatalf("len(files) = %d, want 2", len(files))
|
||||
}
|
||||
if files[0].Filename != "foo.go" || files[0].Status != "modified" {
|
||||
t.Errorf("files[0] = %+v, want {foo.go modified}", files[0])
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetPullRequestFiles_Paginated(t *testing.T) {
|
||||
page := 0
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
page++
|
||||
if page == 1 {
|
||||
// Return 100 items (page full → expect another request)
|
||||
items := make([]map[string]string, 100)
|
||||
for i := range items {
|
||||
items[i] = map[string]string{"filename": fmt.Sprintf("file%d.go", i), "status": "modified"}
|
||||
}
|
||||
data, _ := json.Marshal(items)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write(data)
|
||||
return
|
||||
}
|
||||
// Page 2: return fewer than perPage → stop
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`[{"filename":"last.go","status":"added"}]`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
files, err := c.GetPullRequestFiles(context.Background(), "owner", "repo", 1)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if len(files) != 101 {
|
||||
t.Errorf("len(files) = %d, want 101", len(files))
|
||||
}
|
||||
if page != 2 {
|
||||
t.Errorf("page = %d, want 2", page)
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetCommitStatuses_Success(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
// GitHub uses "state" field
|
||||
w.Write([]byte(`[{"state":"success","context":"ci/test","description":"Tests pass","target_url":"https://ci.example.com"}]`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
statuses, err := c.GetCommitStatuses(context.Background(), "owner", "repo", "deadbeef")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if len(statuses) != 1 {
|
||||
t.Fatalf("len(statuses) = %d, want 1", len(statuses))
|
||||
}
|
||||
if statuses[0].Status != "success" {
|
||||
t.Errorf("Status = %q, want %q", statuses[0].Status, "success")
|
||||
}
|
||||
if statuses[0].Context != "ci/test" {
|
||||
t.Errorf("Context = %q, want %q", statuses[0].Context, "ci/test")
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetFileContent_Base64(t *testing.T) {
|
||||
// "hello world\n" base64-encoded with embedded newlines (as GitHub does it)
|
||||
encoded := "aGVsbG8gd29ybGQK"
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if !strings.HasSuffix(r.URL.Path, "/contents/README.md") {
|
||||
t.Errorf("unexpected path: %s", r.URL.Path)
|
||||
}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`{"name":"README.md","path":"README.md","type":"file","content":"` + encoded + `","encoding":"base64"}`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
content, err := c.GetFileContent(context.Background(), "owner", "repo", "README.md")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if content != "hello world\n" {
|
||||
t.Errorf("content = %q, want %q", content, "hello world\n")
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetFileContent_Base64WithNewlines(t *testing.T) {
|
||||
// GitHub embeds newlines in base64 content for readability (every 60 chars)
|
||||
// Test that we strip them correctly before decoding
|
||||
// "hello world\n" = aGVsbG8gd29ybGQK — split it with embedded \n
|
||||
encoded := "aGVs\nbG8g\nd29y\nbGQK"
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
// JSON-encode the embedded newlines as \n
|
||||
body := `{"name":"README.md","path":"README.md","type":"file","content":"aGVs\nbG8g\nd29y\nbGQK","encoding":"base64"}`
|
||||
_ = encoded // suppress unused warning
|
||||
w.Write([]byte(body))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
content, err := c.GetFileContent(context.Background(), "owner", "repo", "README.md")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if content != "hello world\n" {
|
||||
t.Errorf("content = %q, want %q", content, "hello world\n")
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetFileContent_IsDirectory(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`{"name":"docs","path":"docs","type":"dir","content":"","encoding":""}`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
_, err := c.GetFileContent(context.Background(), "owner", "repo", "docs")
|
||||
if err == nil {
|
||||
t.Fatal("expected error for directory, got nil")
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetFileContentRef_Success(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Query().Get("ref") != "main" {
|
||||
t.Errorf("ref = %q, want %q", r.URL.Query().Get("ref"), "main")
|
||||
}
|
||||
encoded := "dGVzdA==" // "test"
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`{"name":"foo.go","path":"foo.go","type":"file","content":"` + encoded + `","encoding":"base64"}`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
content, err := c.GetFileContentRef(context.Background(), "owner", "repo", "foo.go", "main")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if content != "test" {
|
||||
t.Errorf("content = %q, want %q", content, "test")
|
||||
}
|
||||
}
|
||||
|
||||
func TestListContents_Directory(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`[{"name":"foo.go","path":"foo.go","type":"file"},{"name":"bar","path":"bar","type":"dir"}]`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
entries, err := c.ListContents(context.Background(), "owner", "repo", "")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if len(entries) != 2 {
|
||||
t.Fatalf("len(entries) = %d, want 2", len(entries))
|
||||
}
|
||||
if entries[0].Name != "foo.go" || entries[0].Type != "file" {
|
||||
t.Errorf("entries[0] = %+v, unexpected", entries[0])
|
||||
}
|
||||
}
|
||||
|
||||
func TestListContents_SingleFile(t *testing.T) {
|
||||
// GitHub returns a single object when the path is a file
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`{"name":"README.md","path":"README.md","type":"file","content":"","encoding":""}`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
entries, err := c.ListContents(context.Background(), "owner", "repo", "README.md")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if len(entries) != 1 {
|
||||
t.Fatalf("len(entries) = %d, want 1", len(entries))
|
||||
}
|
||||
if entries[0].Name != "README.md" {
|
||||
t.Errorf("entries[0].Name = %q, want README.md", entries[0].Name)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPostReview_Success(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodPost {
|
||||
t.Errorf("method = %s, want POST", r.Method)
|
||||
}
|
||||
if r.URL.Path != "/repos/owner/repo/pulls/1/reviews" {
|
||||
t.Errorf("path = %s, unexpected", r.URL.Path)
|
||||
}
|
||||
var payload map[string]interface{}
|
||||
if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
|
||||
t.Errorf("decode body: %v", err)
|
||||
}
|
||||
if payload["event"] != "APPROVE" {
|
||||
t.Errorf("event = %v, want APPROVE", payload["event"])
|
||||
}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`{"id":99,"body":"looks good","user":{"login":"bot"},"state":"APPROVED"}`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
review, err := c.PostReview(context.Background(), "owner", "repo", 1, "APPROVE", "looks good", "abc", nil)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if review.ID != 99 {
|
||||
t.Errorf("review.ID = %d, want 99", review.ID)
|
||||
}
|
||||
if review.User.Login != "bot" {
|
||||
t.Errorf("review.User.Login = %q, want bot", review.User.Login)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPostReview_Unauthorized(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
w.Write([]byte(`{"message":"Bad credentials"}`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("bad-tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
_, err := c.PostReview(context.Background(), "owner", "repo", 1, "APPROVE", "body", "", nil)
|
||||
if err == nil {
|
||||
t.Fatal("expected error, got nil")
|
||||
}
|
||||
if !IsUnauthorized(err) {
|
||||
t.Errorf("expected IsUnauthorized=true, got false for error: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestListReviews_Success(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`[{"id":1,"body":"review 1","user":{"login":"alice"},"state":"APPROVED"},{"id":2,"body":"review 2","user":{"login":"bob"},"state":"CHANGES_REQUESTED"}]`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
reviews, err := c.ListReviews(context.Background(), "owner", "repo", 1)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if len(reviews) != 2 {
|
||||
t.Fatalf("len(reviews) = %d, want 2", len(reviews))
|
||||
}
|
||||
if reviews[0].ID != 1 || reviews[0].User.Login != "alice" {
|
||||
t.Errorf("reviews[0] = %+v, unexpected", reviews[0])
|
||||
}
|
||||
}
|
||||
|
||||
func TestDeleteReview_Success(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodDelete {
|
||||
t.Errorf("method = %s, want DELETE", r.Method)
|
||||
}
|
||||
if r.URL.Path != "/repos/owner/repo/pulls/1/reviews/42" {
|
||||
t.Errorf("path = %s, unexpected", r.URL.Path)
|
||||
}
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
err := c.DeleteReview(context.Background(), "owner", "repo", 1, 42)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDeleteReview_SubmittedReview(t *testing.T) {
|
||||
// GitHub returns 422 for trying to delete a non-pending review
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusUnprocessableEntity)
|
||||
w.Write([]byte(`{"message":"Can only delete a pending review"}`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
err := c.DeleteReview(context.Background(), "owner", "repo", 1, 99)
|
||||
if err == nil {
|
||||
t.Fatal("expected error, got nil")
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetAuthenticatedUser_Success(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path != "/user" {
|
||||
t.Errorf("path = %s, want /user", r.URL.Path)
|
||||
}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`{"login":"review-bot","id":12345}`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
login, err := c.GetAuthenticatedUser(context.Background())
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
if login != "review-bot" {
|
||||
t.Errorf("login = %q, want review-bot", login)
|
||||
}
|
||||
}
|
||||
|
||||
func TestRequestReviewer_Success(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodPost {
|
||||
t.Errorf("method = %s, want POST", r.Method)
|
||||
}
|
||||
if r.URL.Path != "/repos/owner/repo/pulls/1/requested_reviewers" {
|
||||
t.Errorf("path = %s, unexpected", r.URL.Path)
|
||||
}
|
||||
var payload map[string]interface{}
|
||||
if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
|
||||
t.Errorf("decode body: %v", err)
|
||||
}
|
||||
reviewers, ok := payload["reviewers"].([]interface{})
|
||||
if !ok || len(reviewers) != 1 || reviewers[0] != "reviewer1" {
|
||||
t.Errorf("reviewers = %v, unexpected", payload["reviewers"])
|
||||
}
|
||||
w.WriteHeader(http.StatusCreated)
|
||||
w.Write([]byte(`{}`))
|
||||
}))
|
||||
defer srv.Close()
|
||||
|
||||
c := NewClient("tok", srv.URL, AllowInsecureHTTPForTest())
|
||||
err := c.RequestReviewer(context.Background(), "owner", "repo", 1, "reviewer1")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPostReview_RejectsHTTP(t *testing.T) {
|
||||
// PostReview must reject http:// base URLs — tokens must not be sent in plaintext.
|
||||
c := NewClient("tok", "http://127.0.0.1:1")
|
||||
_, err := c.PostReview(context.Background(), "owner", "repo", 1, "APPROVE", "body", "", nil)
|
||||
if err == nil {
|
||||
t.Fatal("expected error for HTTP base URL in PostReview")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "refusing HTTP request") {
|
||||
t.Errorf("unexpected error message: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDeleteReview_RejectsHTTP(t *testing.T) {
|
||||
// DeleteReview must reject http:// base URLs — tokens must not be sent in plaintext.
|
||||
c := NewClient("tok", "http://127.0.0.1:1")
|
||||
err := c.DeleteReview(context.Background(), "owner", "repo", 1, 42)
|
||||
if err == nil {
|
||||
t.Fatal("expected error for HTTP base URL in DeleteReview")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "refusing HTTP request") {
|
||||
t.Errorf("unexpected error message: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestRequestReviewer_RejectsHTTP(t *testing.T) {
|
||||
// RequestReviewer must reject http:// base URLs — tokens must not be sent in plaintext.
|
||||
c := NewClient("tok", "http://127.0.0.1:1")
|
||||
err := c.RequestReviewer(context.Background(), "owner", "repo", 1, "reviewer1")
|
||||
if err == nil {
|
||||
t.Fatal("expected error for HTTP base URL in RequestReviewer")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "refusing HTTP request") {
|
||||
t.Errorf("unexpected error message: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestEscapePath_SpecialChars(t *testing.T) {
|
||||
tests := []struct {
|
||||
input string
|
||||
want string
|
||||
}{
|
||||
{"README.md", "README.md"},
|
||||
{"docs/guide.md", "docs/guide.md"},
|
||||
{"path with spaces/file.md", "path%20with%20spaces/file.md"},
|
||||
{"path/with [brackets]/file.md", "path/with%20%5Bbrackets%5D/file.md"},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
got := escapePath(tt.input)
|
||||
if got != tt.want {
|
||||
t.Errorf("escapePath(%q) = %q, want %q", tt.input, got, tt.want)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,97 +0,0 @@
|
||||
// Package netutil provides shared network utilities for review-bot.
|
||||
// ipcheck.go implements IP-level SSRF protection by checking resolved addresses
|
||||
// against known blocked CIDR ranges (RFC1918, loopback, link-local, etc.).
|
||||
package netutil
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
)
|
||||
|
||||
// blockedCIDRStrings is the canonical list of CIDR strings that should never
|
||||
// be contacted by review-bot. See IsBlockedIP for the full list of covered
|
||||
// address families.
|
||||
//
|
||||
// These are hard-coded literals: any parse failure is a programming error.
|
||||
// Validity is verified by TestBlockedCIDRsValid in ipcheck_test.go.
|
||||
var blockedCIDRStrings = []string{
|
||||
// IPv4 loopback
|
||||
"127.0.0.0/8",
|
||||
// IPv4 unspecified / "this network"
|
||||
"0.0.0.0/8",
|
||||
// RFC1918 private ranges
|
||||
"10.0.0.0/8",
|
||||
"172.16.0.0/12",
|
||||
"192.168.0.0/16",
|
||||
// IPv4 link-local (APIPA, also used by AWS instance metadata 169.254.169.254)
|
||||
"169.254.0.0/16",
|
||||
// IPv4 shared address space (RFC6598, carrier-grade NAT)
|
||||
"100.64.0.0/10",
|
||||
// IPv4 multicast
|
||||
"224.0.0.0/4",
|
||||
// IPv4 reserved / broadcast
|
||||
"240.0.0.0/4",
|
||||
// IPv6 loopback
|
||||
"::1/128",
|
||||
// IPv6 unspecified
|
||||
"::/128",
|
||||
// IPv6 link-local
|
||||
"fe80::/10",
|
||||
// IPv6 unique local (ULA) — RFC4193
|
||||
"fc00::/7",
|
||||
// IPv6 multicast
|
||||
"ff00::/8",
|
||||
}
|
||||
|
||||
// blockedCIDRs is the parsed form of blockedCIDRStrings.
|
||||
// Any entry that fails to parse is recorded in blockedCIDRParseErrors instead
|
||||
// of panicking; tests verify this slice is always empty via TestBlockedCIDRsValid.
|
||||
var (
|
||||
blockedCIDRs []*net.IPNet
|
||||
blockedCIDRParseErrors []string
|
||||
)
|
||||
|
||||
func init() {
|
||||
blockedCIDRs = make([]*net.IPNet, 0, len(blockedCIDRStrings))
|
||||
for _, r := range blockedCIDRStrings {
|
||||
_, cidr, err := net.ParseCIDR(r)
|
||||
if err != nil {
|
||||
// Record the error rather than panicking; TestBlockedCIDRsValid
|
||||
// will catch this during tests, and the CI build will fail.
|
||||
blockedCIDRParseErrors = append(blockedCIDRParseErrors,
|
||||
fmt.Sprintf("ipcheck: invalid built-in CIDR %q: %v", r, err))
|
||||
continue
|
||||
}
|
||||
blockedCIDRs = append(blockedCIDRs, cidr)
|
||||
}
|
||||
}
|
||||
|
||||
// BlockedCIDRParseErrors returns any errors encountered parsing the built-in
|
||||
// CIDR list. In correct code this will always be empty; tests assert it is.
|
||||
func BlockedCIDRParseErrors() []string {
|
||||
return blockedCIDRParseErrors
|
||||
}
|
||||
|
||||
// IsBlockedIP reports whether ip is in a blocked address range.
|
||||
// It is exported for use by the gitea package's safe dialer, the validate-url
|
||||
// subcommand, and tests outside this package.
|
||||
//
|
||||
// IPv6-mapped IPv4 addresses (e.g. ::ffff:192.168.1.1) are normalized to their
|
||||
// IPv4 form before checking so that IPv4 CIDRs catch them.
|
||||
//
|
||||
// Based on:
|
||||
// - RFC1918 private ranges
|
||||
// - RFC5735 / RFC4193 special-use IPv4/IPv6 ranges
|
||||
// - RFC4291 IPv6 link-local / loopback
|
||||
func IsBlockedIP(ip net.IP) bool {
|
||||
// Normalize IPv6-mapped IPv4 addresses (::ffff:x.x.x.x) to plain IPv4.
|
||||
if v4 := ip.To4(); v4 != nil {
|
||||
ip = v4
|
||||
}
|
||||
for _, cidr := range blockedCIDRs {
|
||||
if cidr.Contains(ip) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
@@ -1,142 +0,0 @@
|
||||
package netutil
|
||||
|
||||
import (
|
||||
"net"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestIsBlockedIP(t *testing.T) {
|
||||
blocked := []struct {
|
||||
name string
|
||||
ip string
|
||||
}{
|
||||
// IPv4 loopback
|
||||
{"loopback 127.0.0.1", "127.0.0.1"},
|
||||
{"loopback 127.0.0.2", "127.0.0.2"},
|
||||
{"loopback 127.255.255.255", "127.255.255.255"},
|
||||
// IPv4 unspecified
|
||||
{"unspecified 0.0.0.0", "0.0.0.0"},
|
||||
{"unspecified 0.1.2.3", "0.1.2.3"},
|
||||
// RFC1918
|
||||
{"RFC1918 10.0.0.1", "10.0.0.1"},
|
||||
{"RFC1918 10.255.255.255", "10.255.255.255"},
|
||||
{"RFC1918 172.16.0.1", "172.16.0.1"},
|
||||
{"RFC1918 172.31.255.255", "172.31.255.255"},
|
||||
{"RFC1918 192.168.0.1", "192.168.0.1"},
|
||||
{"RFC1918 192.168.255.255", "192.168.255.255"},
|
||||
// Link-local (APIPA / AWS metadata)
|
||||
{"link-local 169.254.0.1", "169.254.0.1"},
|
||||
{"link-local 169.254.169.254", "169.254.169.254"},
|
||||
// Shared address space (carrier-grade NAT)
|
||||
{"CGN 100.64.0.1", "100.64.0.1"},
|
||||
{"CGN 100.127.255.255", "100.127.255.255"},
|
||||
// Multicast
|
||||
{"multicast 224.0.0.1", "224.0.0.1"},
|
||||
{"multicast 239.255.255.255", "239.255.255.255"},
|
||||
// Reserved
|
||||
{"reserved 240.0.0.1", "240.0.0.1"},
|
||||
{"broadcast 255.255.255.255", "255.255.255.255"},
|
||||
// IPv6 loopback
|
||||
{"IPv6 loopback ::1", "::1"},
|
||||
// IPv6 unspecified
|
||||
{"IPv6 unspecified ::", "::"},
|
||||
// IPv6 link-local
|
||||
{"IPv6 link-local fe80::1", "fe80::1"},
|
||||
{"IPv6 link-local fe80::dead:beef", "fe80::dead:beef"},
|
||||
// IPv6 ULA
|
||||
{"IPv6 ULA fc00::1", "fc00::1"},
|
||||
{"IPv6 ULA fd00::1", "fd00::1"},
|
||||
// IPv6 multicast
|
||||
{"IPv6 multicast ff02::1", "ff02::1"},
|
||||
}
|
||||
|
||||
for _, tc := range blocked {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
ip := net.ParseIP(tc.ip)
|
||||
if ip == nil {
|
||||
t.Fatalf("failed to parse IP %q", tc.ip)
|
||||
}
|
||||
if !IsBlockedIP(ip) {
|
||||
t.Errorf("IsBlockedIP(%q) = false, want true", tc.ip)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
allowed := []struct {
|
||||
name string
|
||||
ip string
|
||||
}{
|
||||
{"public 8.8.8.8", "8.8.8.8"},
|
||||
{"public 1.1.1.1", "1.1.1.1"},
|
||||
{"public 198.51.100.1", "198.51.100.1"}, // RFC5737 TEST-NET-2 — a documentation-only range;
|
||||
// not assigned to any real host, but intentionally left unblocked here because
|
||||
// it has no special routing treatment (unlike RFC1918/loopback/link-local) and
|
||||
// blocking it would require tracking every RFC5737 range without meaningful
|
||||
// security benefit (no server should ever listen on a TEST-NET address).
|
||||
{"public 151.101.1.1", "151.101.1.1"}, // Fastly
|
||||
{"public IPv6 2001:4860:4860::8888", "2001:4860:4860::8888"}, // Google DNS
|
||||
{"public IPv6 2606:4700:4700::1111", "2606:4700:4700::1111"}, // Cloudflare DNS
|
||||
}
|
||||
|
||||
for _, tc := range allowed {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
ip := net.ParseIP(tc.ip)
|
||||
if ip == nil {
|
||||
t.Fatalf("failed to parse IP %q", tc.ip)
|
||||
}
|
||||
if IsBlockedIP(ip) {
|
||||
t.Errorf("IsBlockedIP(%q) = true, want false", tc.ip)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsBlockedIPv6MappedIPv4(t *testing.T) {
|
||||
// ::ffff:192.168.1.1 is an IPv6-mapped IPv4 address — should be blocked as RFC1918.
|
||||
// Construct it manually as a 16-byte IP.
|
||||
mapped := net.IP{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 192, 168, 1, 1}
|
||||
if !IsBlockedIP(mapped) {
|
||||
t.Errorf("IsBlockedIP(::ffff:192.168.1.1) = false, want true (IPv6-mapped IPv4 must be normalized)")
|
||||
}
|
||||
|
||||
// ::ffff:8.8.8.8 — IPv6-mapped public IP — should be allowed.
|
||||
mappedPublic := net.IP{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 8, 8, 8, 8}
|
||||
if IsBlockedIP(mappedPublic) {
|
||||
t.Errorf("IsBlockedIP(::ffff:8.8.8.8) = true, want false")
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsBlockedIPEdgeCases(t *testing.T) {
|
||||
// The boundary between RFC1918 and public ranges.
|
||||
// 172.15.255.255 is NOT private (just below 172.16.0.0/12).
|
||||
notPrivate := net.ParseIP("172.15.255.255")
|
||||
if IsBlockedIP(notPrivate) {
|
||||
t.Errorf("IsBlockedIP(172.15.255.255) = true, want false (outside 172.16.0.0/12)")
|
||||
}
|
||||
// 172.32.0.0 is NOT private (just above 172.31.255.255).
|
||||
notPrivate2 := net.ParseIP("172.32.0.0")
|
||||
if IsBlockedIP(notPrivate2) {
|
||||
t.Errorf("IsBlockedIP(172.32.0.0) = true, want false (outside 172.16.0.0/12)")
|
||||
}
|
||||
// CGN: 100.63.255.255 is NOT in 100.64.0.0/10.
|
||||
notCGN := net.ParseIP("100.63.255.255")
|
||||
if IsBlockedIP(notCGN) {
|
||||
t.Errorf("IsBlockedIP(100.63.255.255) = true, want false (outside 100.64.0.0/10)")
|
||||
}
|
||||
// CGN: 100.128.0.0 is NOT in 100.64.0.0/10.
|
||||
notCGN2 := net.ParseIP("100.128.0.0")
|
||||
if IsBlockedIP(notCGN2) {
|
||||
t.Errorf("IsBlockedIP(100.128.0.0) = true, want false (outside 100.64.0.0/10)")
|
||||
}
|
||||
}
|
||||
|
||||
// TestBlockedCIDRsValid verifies that all entries in blockedCIDRStrings parse
|
||||
// successfully. This catches programming errors in the CIDR list without
|
||||
// requiring a startup panic. The init() function records parse failures in
|
||||
// blockedCIDRParseErrors rather than panicking; this test makes those failures
|
||||
// visible as test failures during CI.
|
||||
func TestBlockedCIDRsValid(t *testing.T) {
|
||||
for _, msg := range BlockedCIDRParseErrors() {
|
||||
t.Errorf("CIDR parse error: %s", msg)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user