claw
75f65fbf5d
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 17s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 38s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 2m28s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 2m50s
- Add User-Agent header to all requests (gpt-review-bot) - Limit successful response body to 10 MiB via io.LimitReader (security-review-bot) - Add CheckRedirect to strip Authorization on cross-host redirects (security-review-bot) - Fix decodeBase64Content to strip both \r and \n (gpt-review-bot) - Document that transport errors are not retried (sonnet-review-bot) - Update package doc to reflect current scope (no review submission yet) - Add tests for User-Agent, empty-token auth skip, CRLF base64, CheckRedirect
74 lines
2.3 KiB
Go
74 lines
2.3 KiB
Go
package github
|
|
|
|
import (
|
|
"context"
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"gitea.weiker.me/rodin/review-bot/vcs"
|
|
)
|
|
|
|
// GetFileContent fetches a file from a repo at the given ref.
|
|
// Delegates to GetFileContentAtRef with the provided ref.
|
|
func (c *Client) GetFileContent(ctx context.Context, owner, repo, path, ref string) (string, error) {
|
|
return c.GetFileContentAtRef(ctx, owner, repo, path, ref)
|
|
}
|
|
|
|
// ListContents lists files and directories at a given path in a repo.
|
|
// Returns the directory listing from the GitHub contents API.
|
|
func (c *Client) ListContents(ctx context.Context, owner, repo, path string) ([]vcs.ContentEntry, error) {
|
|
reqURL := fmt.Sprintf("%s/repos/%s/%s/contents/%s",
|
|
c.baseURL, url.PathEscape(owner), url.PathEscape(repo), escapePath(path))
|
|
body, err := c.doGet(ctx, reqURL)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("list contents %s: %w", path, err)
|
|
}
|
|
var entries []struct {
|
|
Name string `json:"name"`
|
|
Path string `json:"path"`
|
|
Type string `json:"type"`
|
|
}
|
|
if err := json.Unmarshal(body, &entries); err != nil {
|
|
return nil, fmt.Errorf("parse contents JSON: %w", err)
|
|
}
|
|
result := make([]vcs.ContentEntry, len(entries))
|
|
for i, e := range entries {
|
|
result[i] = vcs.ContentEntry{
|
|
Name: e.Name,
|
|
Path: e.Path,
|
|
Type: e.Type,
|
|
}
|
|
}
|
|
return result, nil
|
|
}
|
|
|
|
// escapePath escapes each segment of a relative file path for use in URLs.
|
|
// Slashes are preserved as path separators; other special characters are escaped.
|
|
// Dot-segments ("." and "..") are removed to prevent path traversal.
|
|
func escapePath(p string) string {
|
|
parts := strings.Split(p, "/")
|
|
var clean []string
|
|
for _, part := range parts {
|
|
if part == "." || part == ".." || part == "" {
|
|
continue
|
|
}
|
|
clean = append(clean, url.PathEscape(part))
|
|
}
|
|
return strings.Join(clean, "/")
|
|
}
|
|
|
|
// decodeBase64Content decodes base64-encoded content from the GitHub contents API.
|
|
// GitHub returns base64 content with line breaks for formatting; we strip \r and \n before decoding.
|
|
func decodeBase64Content(encoded string) (string, error) {
|
|
// GitHub inserts newlines in base64 content
|
|
cleaned := strings.NewReplacer("\n", "", "\r", "").Replace(encoded)
|
|
decoded, err := base64.StdEncoding.DecodeString(cleaned)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return string(decoded), nil
|
|
}
|