Rodin

rodin created branch issue-125 in rodin/review-bot

2026-05-14 05:26:10 +00:00

rodin commented on pull request rodin/review-bot#121

2026-05-14 05:21:45 +00:00

fix(action): detect VCS host type for version resolution and binary download

Self-Review: PR #121

Self-review against 27d7fd3a93e54da20994ec6869dd6e8831add91d

Phase 1: Independent Findings

Reviewed the full diff of .gitea/actions/review/action.yml (262 changes,…

rodin commented on pull request rodin/review-bot#121

2026-05-14 05:21:21 +00:00

fix(action): detect VCS host type for version resolution and binary download

Response to security-review-bot findings (review #3666 on 27d7fd3)

The security-review-bot raised 3 findings against commit 27d7fd3a. These are the same underlying concern as security MINOR…

rodin opened issue rodin/review-bot#125

2026-05-14 05:05:15 +00:00

Rename GITEA_URL env var to generic VCS_URL for multi-host support

rodin commented on pull request rodin/review-bot#121

2026-05-14 05:05:06 +00:00

fix(action): detect VCS host type for version resolution and binary download

Feedback addressed in 27d7fd3

Fixed:

✅ sonnet MINOR #1 (AUTH_HEADER variable): Eliminated AUTH_HEADER intermediate variable; auth headers now inline in each curl call.
✅…

rodin pushed to review-bot-issue-120 at rodin/review-bot

2026-05-14 05:04:19 +00:00

27d7fd3a93 address review feedback: portability, docs, and security hardening

rodin commented on pull request rodin/review-bot#121

2026-05-14 05:02:46 +00:00

fix(action): detect VCS host type for version resolution and binary download

Fix Plan against 220f6e73697e948622919af2e656e74cf6fd9c3b:

sonnet-review-bot findings:

MINOR #1 (comment 21204) — AUTH_HEADER curl injection:

Action: FIX — Replace the…

rodin commented on pull request rodin/review-bot#121

2026-05-14 04:55:04 +00:00

fix(action): detect VCS host type for version resolution and binary download

Responses to review findings (220f6e7)

Fixed (9 items)

rodin commented on pull request rodin/review-bot#121

2026-05-14 04:54:40 +00:00

fix(action): detect VCS host type for version resolution and binary download

Fixed in 220f6e7 — removed the redundant newline check. The [^[:space:]] regex already rejects newlines.

rodin opened issue rodin/review-bot#124

2026-05-14 04:54:22 +00:00

Support multi-arch binary downloads in composite action

rodin pushed to review-bot-issue-120 at rodin/review-bot

2026-05-14 04:54:15 +00:00

220f6e7369 fix(action): address review findings - validation hardening and cleanup

rodin commented on pull request rodin/review-bot#121

2026-05-14 04:52:57 +00:00

fix(action): detect VCS host type for version resolution and binary download

Fix Plan against e709956d0b277fbc028e876ad8a291cf19b2f33f:

Summary

14 findings across 3 reviews. Categorized as: 9 FIX, 3 PUSH BACK, 1 DEFER, 1 NO ACTION (already…

rodin commented on pull request rodin/review-bot#121

2026-05-14 04:47:04 +00:00

fix(action): detect VCS host type for version resolution and binary download

Self-Review: PR #121

Self-review against e709956d0b277fbc028e876ad8a291cf19b2f33f

Phase 1: Independent Findings

No new blocking findings. The diff is well-structured and achieves its…

rodin commented on pull request rodin/review-bot#121

2026-05-14 04:39:05 +00:00

fix(action): detect VCS host type for version resolution and binary download

Addressing gpt-review-bot findings (review #3654)

MAJOR #1: Token exfiltration via GITEA_URL

Fixed in commit e709956. The "Run review" step's env: block now sets:

GITEA_URL:…

rodin pushed to review-bot-issue-120 at rodin/review-bot

2026-05-14 04:38:54 +00:00

e709956d0b fix(action): use REST API for GitHub asset downloads, enforce trusted GITEA_URL

rodin commented on pull request rodin/review-bot#121

2026-05-14 04:36:56 +00:00

fix(action): detect VCS host type for version resolution and binary download

Fix Plan against 93d89ba662b6f6d90452b7484c76cf80bb919738

Addressing gpt-review-bot findings from review #3654 on PR #121.

MAJOR #1: Token exfiltration via GITEA_URL in 'Run review'…

rodin commented on pull request rodin/review-bot#121

2026-05-14 04:30:20 +00:00

fix(action): detect VCS host type for version resolution and binary download

Responses to Security Review Findings

All findings have been addressed in commit 93d89ba. Summary:

MAJOR #1 & #2 — Secret exfiltration (comments #21095, #21096)

Fixed: On GitHub/GHES…

rodin pushed to review-bot-issue-120 at rodin/review-bot

2026-05-14 04:29:20 +00:00

93d89ba662 fix(action): address security review - prevent token exfiltration and add input validation

rodin opened issue rodin/review-bot#123

2026-05-14 04:29:07 +00:00

security: add IP-level SSRF defense for action.yml Gitea path

rodin commented on pull request rodin/review-bot#121

2026-05-14 04:27:26 +00:00

fix(action): detect VCS host type for version resolution and binary download

Fix Plan against 646497de681c55e0523f2924efa6059bbfbc43fd

Addressing all 5 security review findings.

Finding #1 & #2 [MAJOR]: Secret exfiltration via `inputs.gitea-url`

Root cause:…

Self-Review: PR #121

Phase 1: Independent Findings

Response to security-review-bot findings (review #3666 on 27d7fd3)

Feedback addressed in 27d7fd3

Fix Plan against 220f6e73697e948622919af2e656e74cf6fd9c3b:

sonnet-review-bot findings:

Responses to review findings (220f6e7)

Fixed (9 items)

Fix Plan against e709956d0b277fbc028e876ad8a291cf19b2f33f:

Summary

Self-Review: PR #121

Phase 1: Independent Findings

Addressing gpt-review-bot findings (review #3654)

MAJOR #1: Token exfiltration via GITEA_URL

Fix Plan against 93d89ba662b6f6d90452b7484c76cf80bb919738

MAJOR #1: Token exfiltration via GITEA_URL in 'Run review'…

Responses to Security Review Findings

MAJOR #1 & #2 — Secret exfiltration (comments #21095, #21096)

Fix Plan against 646497de681c55e0523f2924efa6059bbfbc43fd

Finding #1 & #2 [MAJOR]: Secret exfiltration via inputs.gitea-url

Finding #1 & #2 [MAJOR]: Secret exfiltration via `inputs.gitea-url`