Skip to content

Fix variable shadowing and linting violations in security fix #8657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 3 commits into from
Closed

Fix variable shadowing and linting violations in security fix #8657

Copilot wants to merge 3 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Jan 2, 2026
edited
Loading

The security fix for path traversal (PR #[number]) introduced variable shadowing and testifylint violations that prevented linting from passing.

Changes

Fixed variable shadowing in completions.go:

  • Renamed parameter filepathfilePath to avoid shadowing the path/filepath package
  • Security fix logic unchanged (path sanitization and absolute path validation intact)
// Before: shadowed package name
func getWorkflowDescription(filepath string) string {
    cleanPath := filepath.Clean(filepath)  // ❌ ambiguous
    ...
}

// After: clear reference
func getWorkflowDescription(filePath string) string {
    cleanPath := filepath.Clean(filePath)  // ✅ unambiguous
    ...
}

Fixed testifylint violations in interfaces_test.go:

  • Changed assert.NoErrorrequire.NoError for error assertions per testing guidelines
  • Critical setup failures now halt test execution immediately

Automatic cleanup:

  • Removed unused context imports via golangci-lint

All linting checks now pass.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

github-actions bot and others added 2 commits January 2, 2026 16:11
@github-actions
Security fix: Prevent path traversal in workflow description reader
38ae87e 
- Add path sanitization using filepath.Clean()
- Validate that paths are absolute to prevent relative path traversal
- Addresses CodeQL alert #446 (G304 - Path Traversal)

Severity: MEDIUM
Rule: G304 - Improper Limitation of a Pathname to a Restricted Directory

🤖 Generated with gh-aw security fix agent
Triggered by: @pelikhan
Workflow Run: #20661620598
Initial plan
df66045
Copilot AI mentioned this pull request Jan 2, 2026
Merged
Base automatically changed from security-fix-446-path-traversal-a031f370e50c3e8c to main January 2, 2026 16:26
@pelikhan
fix: format and lint Go code
227b1bf 
- Fix variable shadowing in completions.go (renamed `filepath` param to `filePath`)
- Fix testifylint issues in interfaces_test.go (use require.NoError for error assertions)
- Remove unused context imports in test files

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix path traversal vulnerability in workflow description reader Fix variable shadowing and linting violations in security fix Jan 2, 2026
Copilot AI requested a review from pelikhan January 2, 2026 16:31
@pelikhan pelikhan marked this pull request as ready for review January 2, 2026 16:51
@pelikhan pelikhan closed this Jan 2, 2026
@pelikhan pelikhan deleted the copilot/sub-pr-8656 branch January 4, 2026 04:23
@github-actions github-actions bot mentioned this pull request Jan 14, 2026
Closed
11 tasks
Copilot AI mentioned this pull request Jan 14, 2026
Merged
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan