Conversation
![augment-app-staging[bot]](https://avatars.githubusercontent.com/in/1008152?s=60&v=4){kind=small}
|
|
||
| // Construct clone URL with token auth | ||
| // Format: https://x-token-auth:{token}@bitbucket.org/{workspace}/{repo}.git | ||
| const cloneUrl = `https://x-token-auth:${this.token}@bitbucket.org/${this.workspace}/${this.repo}.git`; |
There was a problem hiding this comment.
cloneUrl embeds this.token directly in the git URL, which can leak via process listings and (on failure) via error.message in the thrown exception. That risks exposing credentials in logs/telemetry during transient git errors.
Other Locations
src/sources/bitbucket.ts:218
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| }); | ||
|
|
||
| const store = await createStore(options); | ||
| const indexKey = options.index || "."; |
There was a problem hiding this comment.
options.index || "." will sanitize to an empty key, and the S3 store currently rejects empty keys—so --store s3 + default index will fail at runtime unless --index is explicitly provided. If this is intentional, consider validating earlier so the CLI error is clearer.
Other Locations
src/bin/cmd-index.ts:114src/bin/cmd-index.ts:141src/bin/cmd-index.ts:198
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| const { data } = await octokit.repos.getContent({ | ||
| owner: this.owner, | ||
| repo: this.repo, | ||
| path: directory, |
There was a problem hiding this comment.
repos.getContent is called with path: directory, and when directory is "" (root) this may not resolve correctly with Octokit/GitHub API (root content is typically requested without a path). If root listing is needed, consider handling the empty-directory case explicitly to avoid returning an empty list/404.
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
1 participant
No description provided.