rodin/review-bot

feat(github): add safeguards against accidental AllowInsecureHTTP use (#96) #113

Merged

aweiker merged 6 commits from review-bot-issue-96 into main

2026-05-13 20:21:42 +00:00

Author	SHA1	Message	Date
claw	ab2a6c8aef	Address review feedback on PR #113 PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 22s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 34s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m33s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m47s Details - Fix AllowInsecureHTTP doc comment: say '_test.go file in the same package' instead of 'export_test.go' (MINOR #1) - Remove dead u.Fragment = "" from redactURL: HTTP requests never carry fragments over the wire per RFC 7230 §5.1 (MINOR #2) - Use 127.0.0.1:1 in scheme-rejection tests to make intent clearer that no network call should occur (NIT #3)	2026-05-13 13:04:23 -07:00
claw	6b7f3f6924	fix: address NIT findings from sonnet review (#113 ) PR Ready Gate / clear-labels (pull_request) Successful in 1s Details CI / test (pull_request) Successful in 17s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 35s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m7s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m32s Details - Fix AllowInsecureHTTP doc comment: 'silently ignored' -> 'ignored' (it logs a warning) - Remove unnecessary nil guard in redactURL (assigning nil to nil is a no-op) - Add clarifying comment about acceptable double URL parse in doRequest	2026-05-13 12:48:02 -07:00
claw	4c032a3b53	fix: move AllowInsecureHTTPForTest to export_test.go, fix gofmt alignment PR Ready Gate / clear-labels (pull_request) Successful in 1s Details CI / test (pull_request) Successful in 17s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 30s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m14s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m45s Details	2026-05-13 11:58:25 -07:00
claw	64c9d551ba	fix: address review feedback — restore timer.Stop() and fix test spacing PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 24s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 32s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m14s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 2m8s Details - Restore timer.Stop() no-op in case <-timer.C for symmetry with ctx.Done - Add missing blank line between TestNoInsecureOption_RejectsHTTP and TestNoInsecureOption_RejectsUppercaseHTTP - Remove double blank line before TestAllowInsecureHTTP_WithoutEnvVar_Rejected Resolves review comments from sonnet-review-bot on PR #113.	2026-05-13 11:44:28 -07:00
claw	db7b7e66bf	fix: use case-insensitive HTTP scheme check and redact userinfo PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 17s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 30s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 56s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m53s Details Address review feedback on PR #113: - MAJOR (both reviews): Replace strings.HasPrefix(reqURL, "http://") with url.Parse + strings.EqualFold for case-insensitive scheme comparison per RFC 3986. Prevents bypass via HTTP:// or Http://. - MINOR (security): Enhance redactURL to strip userinfo component (user:pass@host) in addition to query params, preventing credential leakage in error messages and logs. - NIT (gpt): Remove redundant timer.Stop() after timer.C fires — it's a no-op and the comment was misleading. - Add tests for uppercase/mixed-case HTTP scheme rejection and userinfo redaction.	2026-05-13 11:35:10 -07:00
claw	0232343126	feat(github): add safeguards against accidental AllowInsecureHTTP use in production PR Ready Gate / clear-labels (pull_request) Successful in 1s Details CI / test (pull_request) Successful in 13s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 38s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m45s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 2m9s Details Three-layer defense for the AllowInsecureHTTP client option: 1. Environment gate: AllowInsecureHTTP() requires REVIEW_BOT_ALLOW_INSECURE=1 env var. Without it, the option is silently ignored with a slog.Warn. 2. Warning log on activation: When the env gate IS satisfied, a slog.Warn fires at client construction time so operators notice in production logs. 3. Test bypass: AllowInsecureHTTPForTest() skips the env gate entirely, keeping test code clean (no t.Setenv needed in every test). Additionally, doRequest now rejects HTTP URLs unless allowInsecureHTTP is set on the client, providing defense-in-depth against credential leakage. Closes #96	2026-05-13 11:24:07 -07:00