rodin/review-bot
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
1e0959b077bd0b06807ea984ba17dd137b8023f9
review-bot/gitea
T
History
claw 1e0959b077
CI / test (pull_request) Successful in 16s
Details
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 37s
Details
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m19s
Details
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m47s
Details
feat: reject cross-host redirects and HTTPS→HTTP downgrades (#95) 
Add defaultCheckRedirect to both GitHub and Gitea clients that rejects:
- HTTPS→HTTP protocol downgrades (prevents plaintext leakage)
- Cross-host redirects entirely (prevents consuming untrusted responses)

Same-host, same-or-upgraded-scheme redirects remain allowed.

Both NewClient constructors wire the policy, and SetHTTPClient(nil)
restores it. Callers providing a non-nil client are responsible for
configuring their own safe redirect policy.

Closes #95
2026-05-13 08:51:36 -07:00
..
client_test.go
feat: reject cross-host redirects and HTTPS→HTTP downgrades (#95)
2026-05-13 08:51:36 -07:00
client.go
feat: reject cross-host redirects and HTTPS→HTTP downgrades (#95)
2026-05-13 08:51:36 -07:00
diff_size_test.go
refactor(gitea): eliminate retry duplication, harden redactURL and MaxInt64 edge case
2026-05-13 13:39:37 +00:00
diff_test.go
fix: handle single-line hunks and no-newline markers in diff parser
2026-05-01 22:10:49 -07:00
diff.go
fix: handle single-line hunks and no-newline markers in diff parser
2026-05-01 22:10:49 -07:00
post_review_comments_test.go
feat: inline review comments on specific lines
2026-05-01 21:59:21 -07:00