feat(enrichment): add error-swallow catch analyzer#3356
Conversation
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
1 similar comment
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
|
Caution 🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥 🛑 Gittensory review result - reject/close recommendedReview updated: 2026-07-05 04:49:39 UTC
🛑 Suggested Action - Reject/Close
Review summary Blockers
Nits — 6 non-blocking
Why this is blocked
Review context
Contributor next steps
Signal definitions
🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #3356 +/- ##
=======================================
Coverage 93.88% 93.88%
=======================================
Files 280 280
Lines 30562 30562
Branches 11132 11132
=======================================
Hits 28694 28694
Misses 1211 1211
Partials 657 657
🚀 New features to boost your workflow:
|
|
Gittensory is closing this pull request on the maintainer's behalf (AI reviewers agree on a likely critical defect: review-enrichment/src/analyzers/error-swallow.ts:48 flags any catch body containing `return null`/`return undefined` as `return-null`, so `catch (e) { if (recoverable) return null; throw e; }` is incorrectly reported even though the body rethrows; make this exact-body matching, e.g. `const RETURN_NULL_RE = /^\s*return\s+(?:null|undefined)\s*;?\s*$/;`.). This is an automated maintenance action — to pursue this change, please open a new pull request with the issues resolved. Closed PRs may be analyzed later to improve review accuracy, but they are not automatically reopened or re-reviewed. |
Closes #2014
What
A new local REES analyzer,
errorSwallow, that flags newly-added catch blocks that swallow the error — an empty body, a body that just returns null/undefined, or a body that neither rethrows, logs, nor references the caught binding. A top source of silent failures the headless reviewer often misses. Pure compute over added diff lines, no network.Detection (single-line, precision-first)
catchblock) and Python (except …: pass). Non-source and other extensions are skipped.catch/exceptand its body on one added line — the compact form the pattern targets, followingactions-pin.ts): a body spread across multiple lines is not tracked — the safe, false-negative direction, with no cross-line state.empty-catch— an empty body (a comment-only body counts, since it swallows too).return-null— the body justreturn null/return undefined.unused-binding— a body that has a binding but neither rethrows (throw), logs (console.*/logger.*/log(/…), nor references the caught binding. A bindinglesscatch { … }is never an unused-binding.secret-log.ts'scodeOnlyplus same-line comment strip), so acatch {}inside a string literal or a// } catch (e) {}note is not matched. Added lines only, line-cited via hunk headers, with the shared\ No newlineline-counter fix; findings capped (maxFindings: 25) per file and globally.Registration
Registered as a local descriptor (category
quality, costlocal, requires["files"]) with an inlinerender(), following theredos/actions-pindescriptor shape. All wiring updated:types.ts(ErrorSwallowFinding+errorSwallow?key),render.ts,analyzer-registry.test.ts, rootsrc/review/enrichment-analyzer-names.ts(canonicalREES_ANALYZER_NAMES), roottest/unit/enrichment-wire.test.ts, and the generatedanalyzer-metadata.json/rees-analyzers.ts/.env.examplevianode scripts/generate-analyzer-metadata.mjs.Tests
review-enrichment/test/error-swallow.test.ts(12 tests) covers: empty catch flagged (with/without binding, comment-only body), return-null, unused-binding (ignored binding), a catch that rethrows/logs/references the binding NOT flagged, a bindingless catch with real work not flagged,catchinside a string/comment not matched, Pythonexcept: passflagged vs a handling except not, non-JS/Py files skipped, added-line scanning with exact locations, added-lines-only with line-number accuracy across mixed hunks, the per-file cap +maxFindings: 0, the entrypoint's global cap across files, and the no-files case. Analyzer metadata is regenerated and committed.