rodin/review-bot
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
24d4dcb751c48150c19278365921fffdf9119caf
review-bot/github
T
History
claw d545abe392
PR Ready Gate / clear-labels (pull_request) Successful in 2s
Details
CI / test (pull_request) Successful in 16s
Details
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 40s
Details
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m38s
Details
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m49s
Details
fix(#130): enforce HTTPS scheme consistently in GitHub client write methods 
PostReview, DeleteReview, and RequestReviewer were calling c.httpClient.Do
directly, bypassing the scheme check in doRequest that rejects http:// URLs
unless AllowInsecureHTTP is explicitly enabled.

Introduce doRequestWithBody(ctx, method, url, body) with the same HTTPS guard,
and refactor all three write methods to use it. This ensures tokens are never
sent over plaintext regardless of which API path is exercised.

Add scheme validation tests for each method.
2026-05-14 14:11:14 -07:00
..
client_test.go
fix(#130): enforce HTTPS scheme consistently in GitHub client write methods
2026-05-14 14:11:14 -07:00
client.go
fix(#130): enforce HTTPS scheme consistently in GitHub client write methods
2026-05-14 14:11:14 -07:00
export_test.go
fix: move AllowInsecureHTTPForTest to export_test.go, fix gofmt alignment
2026-05-13 11:58:25 -07:00