Skip to content

Fix VSCode extension: command injection, resource leaks, iteration safety#1027

Open
jwiegley wants to merge 1 commit intomainfrom
johnw/review-vscode-extension
Open

Fix VSCode extension: command injection, resource leaks, iteration safety#1027
jwiegley wants to merge 1 commit intomainfrom
johnw/review-vscode-extension

Conversation

@jwiegley
Copy link
Copy Markdown
Collaborator

@jwiegley jwiegley commented Apr 9, 2026
edited by devin-ai-integration bot
Loading

  • Replace exec() with execFile() to prevent shell injection
  • Clear pending save timers on dispose to prevent leaked intervals
  • Dispose old command registration before re-registering to avoid leaks
  • Only snapshot active editor on tab completion, not all open documents
  • Await afterHook to ensure checkpoints complete before re-registration
  • Clear document change timer when switching documents
  • Use unsigned right shift for hash modulo to avoid negative indices
  • Collect cache keys before deleting to avoid mutating Map during iteration

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

Open with Devin

@jwiegley Graphite App
Copy link
Copy Markdown
Collaborator Author

jwiegley commented Apr 9, 2026
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced Apr 9, 2026
Merged
Draft
Draft
Draft
Draft
Draft
Draft
@jwiegley jwiegley force-pushed the johnw/review-vscode-extension branch 2 times, most recently from aefe992 to 5780c9a Compare April 9, 2026 20:13
@svarlamov svarlamov changed the base branch from johnw/review-harden-scripts to graphite-base/1027 April 11, 2026 14:49
@svarlamov svarlamov force-pushed the johnw/review-vscode-extension branch from 5780c9a to cfb5bd0 Compare April 11, 2026 14:49
@graphite-app graphite-app bot changed the base branch from graphite-base/1027 to main April 11, 2026 14:50
@jwiegley @claude
Fix VSCode extension: command injection, resource leaks, iteration sa…
e78647c 
…fety

- Replace exec() with execFile() to prevent shell injection
- Clear pending save timers on dispose to prevent leaked intervals
- Dispose old command registration before re-registering to avoid leaks
- Only snapshot active editor on tab completion, not all open documents
- Await afterHook to ensure checkpoints complete before re-registration
- Clear document change timer when switching documents
- Use unsigned right shift for hash modulo to avoid negative indices
- Collect cache keys before deleting to avoid mutating Map during iteration

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@svarlamov svarlamov force-pushed the johnw/review-vscode-extension branch from cfb5bd0 to e78647c Compare April 11, 2026 14:50
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 11, 2026

Qodana for JVM

Analyzed project: agent-support/intellij/

2 new problems were found

Inspection name Severity Problems
Non-distinguishable logging calls ◽️ Notice 2

💡 Qodana analysis was run in the pull request mode: only the changed files were checked

View the detailed Qodana report

To be able to view the detailed Qodana report, you can either:

To get *.log files or any other Qodana artifacts, run the action with upload-result option set to true,
so that the action will upload the files as the job artifacts:

      - name: 'Qodana Scan'
        uses: JetBrains/qodana-action@v2025.3.2
        with:
          upload-result: true
Contact Qodana team

Contact us at qodana-support@jetbrains.com

@jwiegley jwiegley marked this pull request as ready for review April 12, 2026 17:30
@jwiegley jwiegley requested a review from svarlamov April 12, 2026 17:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@svarlamov svarlamov Awaiting requested review from svarlamov

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jwiegley