Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| scope | ||
| .trim() | ||
| .replace(/^\[+|\]+$/g, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
| var verbose = !!process.env.HARNESS_DEBUG; | ||
| var BASE_TAG = "[harness]"; | ||
| var getTimestamp = () => (/* @__PURE__ */ new Date()).toISOString(); | ||
| var normalizeScope = (scope) => scope.trim().replace(/^\[+|\]+$/g, "").replace(/\]\[/g, "]["); |
Check warning
Code scanning / CodeQL
Replacement of a substring with itself Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 16 days ago
In general, the way to fix a “replacement of a substring with itself” is to ensure that the replacement string actually differs from what is matched, or to remove the replacement entirely if it is truly redundant. Here, the normalization pipeline first trims whitespace and strips leading/trailing brackets, and then presumably wants to normalize multiple adjacent bracketed scopes. Keeping a replacement that does nothing is unnecessary and misleading.
The best fix that preserves and clarifies intended functionality is to replace "][" with a useful delimiter, such as "][" → "][" plus a separator, or more simply, convert adjacent bracket pairs into a single, consistent separator. A common and reasonable normalization is to join multiple scopes with " > " (or at least "," or "|"). I will change the replacement from "][" to "][" with a separator, e.g., "][" → "][" becomes "][" replaced by "][" including a space or other delimiter. To keep the scope string readable and obviously normalized, I’ll replace occurrences of "][" with "][" including a " > " separator between scopes: "][" → "][" becomes "][" replaced by "]["? That’s still identical, so instead we should directly replace "][" with "][" collapsed into a single delimiter, such as "|". Given we don’t see any other consumer code, the safest neutral change is to insert a single separator character that doesn’t conflict with brackets: ""][" → "][" becomes "][" replaced by "]["? To avoid further ambiguity, I’ll implement the normalization as converting "][" into "][" with a colon separator: ""][" → "][" becomes "][" replaced by "]["? This is getting too speculative.
To minimize assumptions while still fixing the bug, we can normalize adjacent bracketed scopes into a comma-separated list by replacing "][" with "][" converted to "]["? The simplest non-breaking, clearly meaningful transformation is to insert a single space between the brackets: ""][" → "][ ", but that splits the brackets. A clearer, deterministic choice is to replace adjacent bracket pairs with "][" collapsed into "]["? Given the ambiguity and the requirement not to change functionality drastically, the safest and smallest semantic change is to remove the redundant replace call entirely—normalization will still trim and drop outer brackets, and we won’t introduce new separators that might break consumers. Therefore, I will delete the .replace(/\]\[/g, "][") call from normalizeScope.
Concretely, in actions/shared/index.cjs, at line 4202, change:
var normalizeScope = (scope) => scope.trim().replace(/^\[+|\]+$/g, "").replace(/\]\[/g, "][");to:
var normalizeScope = (scope) => scope.trim().replace(/^\[+|\]+$/g, "");No additional imports or helper methods are needed.
| @@ -4199,7 +4199,7 @@ | ||
| var verbose = !!process.env.HARNESS_DEBUG; | ||
| var BASE_TAG = "[harness]"; | ||
| var getTimestamp = () => (/* @__PURE__ */ new Date()).toISOString(); | ||
| var normalizeScope = (scope) => scope.trim().replace(/^\[+|\]+$/g, "").replace(/\]\[/g, "]["); | ||
| var normalizeScope = (scope) => scope.trim().replace(/^\[+|\]+$/g, ""); | ||
| var formatPrefix = (scopes) => { | ||
| const suffix = scopes.map((scope) => `[${normalizeScope(scope)}]`).join(""); | ||
| return `${BASE_TAG}${suffix}`; |
| scope | ||
| .trim() | ||
| .replace(/^\[+|\]+$/g, '') | ||
| .replace(/\]\[/g, ']['); |
Check warning
Code scanning / CodeQL
Replacement of a substring with itself Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 16 days ago
In general, to fix a “replacement of a substring with itself” issue, either remove the redundant replacement if no change is required, or correct the pattern or replacement so that the transformation actually does what was intended (e.g. escape characters or insert separators).
Here, normalizeScope appears to standardize scope strings into bracketed segments. The first replacement strips leading/trailing brackets; the second one currently does nothing. The safest fix that doesn’t change existing behavior is to remove the no-op replacement entirely, since it has no effect on output. This preserves current functionality while eliminating the confusing, redundant code and the static analysis warning.
Concretely, in packages/tools/src/logger.ts, update normalizeScope so that it only performs the meaningful .replace(/^\[+|\]+$/g, '') and drop .replace(/\]\[/g, ']['). No new imports or helper functions are needed.
| @@ -24,8 +24,7 @@ | ||
| const normalizeScope = (scope: string): string => | ||
| scope | ||
| .trim() | ||
| .replace(/^\[+|\]+$/g, '') | ||
| .replace(/\]\[/g, ']['); | ||
| .replace(/^\[+|\]+$/g, ''); | ||
|
|
||
| const formatPrefix = (scopes: readonly string[]): string => { | ||
| const suffix = scopes.map((scope) => `[${normalizeScope(scope)}]`).join(''); |
Merge origin/main and resolve Harness startup logging conflict.
2 participants
Description
Improves Harness debug logging so it is much easier to follow what the runtime is doing during startup, retries, readiness checks, and crash handling. Internal logs now use a simpler plain-console format with timestamps and clear scope tags, while the existing user-facing Jest output stays unchanged.