Dev #1578
Dev #1578
Conversation
* support for env in mcp * genai: /docs [skip ci] * pr feedback * docs --------- Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Improved resolveLanguageModelProvider to support options like listModels.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
* skeleton * format * action.yaml generation * tweaking script * generate action files * generate files * updating dockerfile * readme * permissions * updated folder * updated readme * generate .gitignore * ✨: Add support for FFmpeg and Playwright in CLI actions Enhanced CLI to include options for FFmpeg and Playwright usage. * ✨ Add branding support for GitHub Actions Introduced branding options with color and icon for scripts. * add cli test * ✨ chore: improve action configuration and token consistency Refined default handling, playwright script, and token ordering. * add custom action test * add package lock option * title * typo in docker * ✨: Add read permission for contents in workflow - Included a new `contents: read` permission in the YAML file. * ✨ feat: enhance browser config and Docker customization Added support for multi-browser install, Docker image config changes. * update default image * update playwright option * more options * refresh deps * ✨: Add GitHub Action support to CLI and improve outputs Introduced a new --github-action flag and enhanced output options. * more docs
Removed unnecessary "required: false" from outputs fields. Cleaned up scripts for GitHub Actions, removing GITHUB_TOKEN dependency in start commands.
- Introduced concurrency group and scoped paths for triggers.
* removed tree-sitter * refresh package lock * ✨ feat: add provider option to CLI for LLM selection Added support for specifying LLM provider in CLI commands and examples. * fix test * ♻️ Rename "action" command to "configure" Updated the command variable value in tests for clarity.
* log paths * ♻️ Remove installFolder method across host implementations Simplifies host classes by eliminating redundant installFolder method. * ✨ Merge host config support into NodeHost and config handling Refactored configuration to include host-specific overrides. * logging * ✨ feat: enhance host config merging and updating capabilities Added mergeHostConfigs function and updateHostConfig method. * add include option * support for debug flag * logging * added special github action mode * sniff github action * update interface * ✨ feat: expand NodeHost.install with additional parameter - Updated NodeHost.install to accept an extra undefined argument.
* feat: blog post about cline * fix: blog post cline * feat: blog post about cline
- Added INPUT_GITHUB_TOKEN fallback for GITHUB_TOKEN detection. - Enhanced event issue/pull_request resolution logic in GitHub client.
Investigator reportContext collection
AI Analysis
|
* ✨ feat: enhance input file handling from environment variables in run script * parse models from input_ * docs * refactor: comment out unused test for gist in run tests
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| // Regular expression for matching GitHub Flavored Markdown style warnings. | ||
| // Example: > [!WARNING] | ||
| // > This is a warning message. | ||
| const GITHUB_MARKDOWN_WARNINGS_RX = | ||
| /^\s*>\s*\[!(?<severity>NOTE|TIP|IMPORTANT|WARNING|CAUTION)\]\s*\n>\s*(?<message>.+)(?:\s*\n>\s*.*?)*?$/gim | ||
| /^\s*>\s*\[!(?<severity>NOTE|TIP|IMPORTANT|WARNING|CAUTION)\]\s*\n>\s*(?<message>.+)(?:\s*\n>\s*.*?)*?$/gim; |
Check failure
Code scanning / CodeQL
Inefficient regular expression High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
To fix the inefficiency, we need to remove the ambiguity in the regular expression. Specifically, the sub-expression .*? within the optional repetition (?:\s*\n>\s*.*?)*? should be rewritten to avoid backtracking. Instead of using .*?, we can explicitly match characters that are not part of the delimiter (\n>). This ensures that the regex engine does not need to backtrack when processing long or complex inputs.
The updated regex will replace .*? with a more specific pattern, such as [^\n>]*, which matches any sequence of characters that are not a newline or >.
| @@ -31,3 +31,3 @@ | ||
| const GITHUB_MARKDOWN_WARNINGS_RX = | ||
| /^\s*>\s*\[!(?<severity>NOTE|TIP|IMPORTANT|WARNING|CAUTION)\]\s*\n>\s*(?<message>.+)(?:\s*\n>\s*.*?)*?$/gim; | ||
| /^\s*>\s*\[!(?<severity>NOTE|TIP|IMPORTANT|WARNING|CAUTION)\]\s*\n>\s*(?<message>[^\n>]+)(?:\s*\n>\s*[^\n>]*)*$/gim; | ||
|
|
| const source = `ChangeLog:1@email_validator.py | ||
| Description: Implement a function to validate both email addresses and URLs. | ||
| OriginalCode@1-3: | ||
| [1] # Placeholder for email validation logic | ||
| [2] | ||
| [3] # Placeholder for URL validation logic | ||
| ChangedCode@1-10: | ||
| [1] import re | ||
| [2] | ||
| [3] def validate_email(email): | ||
| [4] # Simple regex pattern for validating an email address | ||
| [5] pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$' | ||
| [6] return re.match(pattern, email) is not None | ||
| [7] | ||
| [8] def validate_url(url): | ||
| [9] # Simple regex pattern for validating a URL | ||
| [10] pattern = r'^https?:\/\/[\w.-]+\.[a-zA-Z]{2,}.*$' | ||
| [11] return re.match(pattern, url) is not None | ||
| [12] | ||
| [13] def validate_email_and_url(email, url): | ||
| [14] return validate_email(email) and validate_url(url) | ||
| ` | ||
| const res = parseChangeLogs(source) | ||
| assert.equal(res.length, 1) | ||
| assert.equal(res[0].filename, "email_validator.py") | ||
| }) | ||
| `; |
Check failure
Code scanning / CodeQL
Useless regular-expression character escape High
| } | ||
| // Enclose in quotes if the value contains newlines or quotes, and escape quotes | ||
| if (value.includes("\n") || value.includes('"')) { | ||
| value = value.replace(/"/g, '\\"'); // Escape existing quotes |
Check failure
Code scanning / CodeQL
Incomplete string escaping or encoding High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
To fix the issue, we need to ensure that backslashes are escaped in addition to double quotes. This can be achieved by using a regular expression with the g flag to replace all occurrences of backslashes (\) with double backslashes (\\) before escaping double quotes. This ensures that both backslashes and double quotes are properly escaped.
The fix involves modifying the value.replace logic on line 49 to first escape backslashes and then escape double quotes. This can be done by chaining two replace calls or using a single regular expression that handles both cases.
| @@ -48,3 +48,3 @@ | ||
| if (value.includes("\n") || value.includes('"')) { | ||
| value = value.replace(/"/g, '\\"'); // Escape existing quotes | ||
| value = value.replace(/\\/g, '\\\\').replace(/"/g, '\\"'); // Escape backslashes and quotes | ||
| return `${key}="${value}"`; |
|
|
||
| return text | ||
| if (/file=\w+\.\w+/.test(label)) { | ||
| const m = /^\s*\`{3,}\w*\r?\n((.|\s)*)\r?\n\`{3,}\s*$/.exec(text); |
Check failure
Code scanning / CodeQL
Inefficient regular expression High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
To fix the issue, we need to eliminate the ambiguity in the sub-expression (.|\s)*. This can be achieved by replacing it with a more specific pattern that directly matches any character, including newlines, without ambiguity. In JavaScript, the [\s\S] construct matches any character, including whitespace and non-whitespace characters, effectively replacing (.|\s) without introducing ambiguity.
The updated regular expression will be:
^\s*\`{3,}\w*\r?\n([\s\S]*)\r?\n\`{3,}\s*$
This change ensures that the regular expression performs efficiently, even for long input strings, while maintaining its original functionality.
| @@ -161,3 +161,3 @@ | ||
| if (/file=\w+\.\w+/.test(label)) { | ||
| const m = /^\s*\`{3,}\w*\r?\n((.|\s)*)\r?\n\`{3,}\s*$/.exec(text); | ||
| const m = /^\s*\`{3,}\w*\r?\n([\s\S]*)\r?\n\`{3,}\s*$/.exec(text); | ||
| if (m) return m[1]; |
| if (obj.includes("\n")) return fenceMD(obj); | ||
| return `\`${obj.replace(/`/g, "\\`")}\``; | ||
| } else return obj; | ||
| } else return quoteValues ? `\`${String(obj).replace(/`/g, "\\`")}\`` : String(obj); |
Check failure
Code scanning / CodeQL
Incomplete string escaping or encoding High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
To fix the issue, we need to ensure that backslashes are properly escaped in addition to backticks. This can be achieved by modifying the replace function to first escape backslashes and then escape backticks. The escaping should be done in the correct order to avoid double-escaping backslashes introduced during the first replacement.
The best way to fix this is to use a chained replace method or a single regular expression that handles both backslashes and backticks. This ensures that all occurrences are replaced globally and consistently.
Changes will be made to the MarkdownStringify function, specifically to the String(obj).replace calls on line 86 and line 84.
| @@ -83,5 +83,5 @@ | ||
| if (obj.includes("\n")) return fenceMD(obj); | ||
| return `\`${obj.replace(/`/g, "\\`")}\``; | ||
| return `\`${obj.replace(/\\/g, "\\\\").replace(/`/g, "\\`")}\``; | ||
| } else return obj; | ||
| } else return quoteValues ? `\`${String(obj).replace(/`/g, "\\`")}\`` : String(obj); | ||
| } else return quoteValues ? `\`${String(obj).replace(/\\/g, "\\\\").replace(/`/g, "\\`")}\`` : String(obj); | ||
| }; |
| ? `defAudio("${c.input_audio}")` | ||
| : `unknown message` | ||
| const renderJinja = (content: string) => | ||
| `$\`${content.replace(/`/g, "\\`")}\`${/\{(%|\{)/.test(content) ? `.jinja(env.vars)` : ""}`; |
Check failure
Code scanning / CodeQL
Incomplete string escaping or encoding High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
To fix the issue, the content.replace operation should be updated to escape backslashes (\) in addition to backticks. This can be achieved by chaining another replace call or using a single regular expression that handles both cases. The best approach is to use a regular expression that matches both backslashes and backticks and replaces them with their escaped versions. This ensures that all occurrences are handled correctly.
The updated code will replace backslashes (\) with double backslashes (\\) and backticks (\``) with escaped backticks (\``). This change should be applied to the renderJinja function on line 136.
| @@ -135,3 +135,3 @@ | ||
| const renderJinja = (content: string) => | ||
| `$\`${content.replace(/`/g, "\\`")}\`${/\{(%|\{)/.test(content) ? `.jinja(env.vars)` : ""}`; | ||
| `$\`${content.replace(/[`\\]/g, (match) => (match === "`" ? "\\`" : "\\\\"))}\`${/\{(%|\{)/.test(content) ? `.jinja(env.vars)` : ""}`; | ||
| const renderPart = (c: ChatCompletionContentPart) => |
| .filter((s) => s !== undefined && s !== null) | ||
| .map((l) => (l === "*" ? ".*?" : l.replace(/[^a-z0-9_]/gi, ""))) | ||
| .join("|"); | ||
| const startRx = new RegExp(`^[\r\n\s]*(\`{3,})(${lg})\s*\r?\n`, "i"); |
Check failure
Code scanning / CodeQL
Useless regular-expression character escape High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
To fix the issue, the backslash in \s must be escaped as \\s in the string literal. This ensures that the resulting regular expression correctly interprets \s as a whitespace character class. Similarly, any other backslashes in the regular expression should be reviewed and escaped if necessary. The fix will involve updating the regular expression on line 17 to use \\s instead of \s.
| @@ -16,3 +16,3 @@ | ||
| .join("|"); | ||
| const startRx = new RegExp(`^[\r\n\s]*(\`{3,})(${lg})\s*\r?\n`, "i"); | ||
| const startRx = new RegExp(`^[\\r\\n\\s]*(\`{3,})(${lg})\\s*\\r?\\n`, "i"); | ||
| const mstart = startRx.exec(text); | ||
| @@ -20,3 +20,3 @@ | ||
| const n = mstart[1].length; | ||
| const endRx = new RegExp(`\r?\n\`{${n},${n}}[\r\n\s]*$`, "i"); | ||
| const endRx = new RegExp(`\\r?\\n\`{${n},${n}}[\\r\\n\\s]*$`, "i"); | ||
| const mend = endRx.exec(text); |
| .filter((s) => s !== undefined && s !== null) | ||
| .map((l) => (l === "*" ? ".*?" : l.replace(/[^a-z0-9_]/gi, ""))) | ||
| .join("|"); | ||
| const startRx = new RegExp(`^[\r\n\s]*(\`{3,})(${lg})\s*\r?\n`, "i"); |
Check failure
Code scanning / CodeQL
Useless regular-expression character escape High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
To fix the issue, the backslash in the string literal should be escaped by doubling it (\\s). This ensures that the resulting regular expression interprets \s as a whitespace character. The same applies to other escape sequences in the regular expression, such as \r and \n, which should also be double-escaped to maintain consistency and correctness.
The specific changes are:
- Update the regular expression on line 17 to use
\\sinstead of\sfor whitespace matching. - Similarly, update the regular expression on line 21 to use
\\rand\\ninstead of\rand\n.
| @@ -16,3 +16,3 @@ | ||
| .join("|"); | ||
| const startRx = new RegExp(`^[\r\n\s]*(\`{3,})(${lg})\s*\r?\n`, "i"); | ||
| const startRx = new RegExp(`^[\\r\\n\\s]*(\`{3,})(${lg})\\s*\\r?\\n`, "i"); | ||
| const mstart = startRx.exec(text); | ||
| @@ -20,3 +20,3 @@ | ||
| const n = mstart[1].length; | ||
| const endRx = new RegExp(`\r?\n\`{${n},${n}}[\r\n\s]*$`, "i"); | ||
| const endRx = new RegExp(`\\r?\\n\`{${n},${n}}[\\r\\n\\s]*$`, "i"); | ||
| const mend = endRx.exec(text); |
| const mstart = startRx.exec(text); | ||
| if (mstart) { | ||
| const n = mstart[1].length; | ||
| const endRx = new RegExp(`\r?\n\`{${n},${n}}[\r\n\s]*$`, "i"); |
Check failure
Code scanning / CodeQL
Useless regular-expression character escape High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
To fix the issue, we need to ensure that the \s escape sequence is properly interpreted as a whitespace character in the regular expression. This can be achieved by using a double backslash (\\s) in the string literal, which ensures that the backslash is preserved when the string is converted into a regular expression. This change will make the regular expression behave as intended.
The specific change will be made on line 21 of the file packages/core/src/unwrappers.ts. The \s escape sequence will be replaced with \\s to ensure proper escaping.
| @@ -20,3 +20,3 @@ | ||
| const n = mstart[1].length; | ||
| const endRx = new RegExp(`\r?\n\`{${n},${n}}[\r\n\s]*$`, "i"); | ||
| const endRx = new RegExp(`\r?\n\`{${n},${n}}[\\r\\n\\s]*$`, "i"); | ||
| const mend = endRx.exec(text); |
Dev branch.