fix: add Leo/Zara false positive exclusion; add cloneRepo unit tests

chore: update ai-review findings [skip ci]
2026-05-12 02:21:25 +00:00 · 2026-05-12 02:18:22 +00:00
3 changed files with 136 additions and 13 deletions
@@ -3,5 +3,9 @@
    "role": "Rex",
    "location": "app/git.js",
    "suggestion": "請避免將敏感資料（如 GITEA_TOKEN）直接寫入環境變數"
+  },
+  {
+    "location": "app/git.js",
+    "suggestion": "GITEA_TOKEN 直接嵌入 URL 中"
  }
 ]
@@ -1,37 +1,100 @@
 [
  {
    "level": "critical",
-    "role": "Rex",
+    "role": "Leo",
    "location": "app/git.js:14",
-    "suggestion": "請避免將 GIT_TOKEN 直接寫入腳本中，應使用安全的秘密管理工具來管理這些敏感資訊.",
+    "suggestion": "GITEA_TOKEN 直接嵌入 URL 中，可能導致憑證洩漏。建議使用環境變數或安全的憑證管理方式來處理敏感資訊。",
+    "is_new": true
+  },
+  {
+    "level": "critical",
+    "role": "Zara",
+    "location": "app/git.js:14",
+    "suggestion": "GITEA_TOKEN 直接嵌入 URL 中，可能導致憑證洩漏。建議使用環境變數或安全的憑證管理方式來處理敏感資訊。",
+    "is_new": true
+  },
+  {
+    "level": "critical",
+    "role": "Maya",
+    "location": "app/git.js:1",
+    "suggestion": "缺少對 cloneRepo 函數的單元測試，應該為其添加測試以確保其正確性。",
+    "is_new": true
+  },
+  {
+    "level": "critical",
+    "role": "Maya",
+    "location": "app/git.js:1",
+    "suggestion": "缺少對 commitAndPush 函數的單元測試，應該為其添加測試以確保其正確性。",
    "is_new": true
  },
  {
    "level": "warning",
    "role": "Leo",
-    "location": "app/git.js:14",
-    "suggestion": "建議在 cloneRepo 函數中增加對於 GIT_TOKEN 的安全性處理，避免敏感資訊洩漏.",
+    "location": "app/git.js:25",
+    "suggestion": "在使用 fs.existsSync 檢查目錄是否存在時，應考慮使用非同步方法以避免阻塞事件循環。",
    "is_new": true
  },
  {
    "level": "warning",
    "role": "Leo",
-    "location": "app/findings.js:93",
-    "suggestion": "建議在 loadExclusions 函式中增加對於 JSON 格式的驗證，確保讀取的資料符合預期格式，避免潛在的錯誤.",
-    "is_new": false
+    "location": "app/git.js:29",
+    "suggestion": "在 git clone 時使用 --depth=1 可能會導致未來需要完整歷史紀錄時的性能問題，建議根據實際需求調整。",
+    "is_new": true
  },
  {
    "level": "warning",
-    "role": "Leo",
-    "location": "app/findings.js:40",
-    "suggestion": "在 applyExclusions 函式中，建議增加對於 findings 和 exclusions 參數的有效性檢查，以提高程式的健壯性.",
-    "is_new": false
+    "role": "Maya",
+    "location": "app/findings.js:1",
+    "suggestion": "loadExclusions 函數中對於 JSON 格式的驗證不足，建議增加對於資料結構的檢查，以避免潛在的錯誤。",
+    "is_new": true
+  },
+  {
+    "level": "warning",
+    "role": "Maya",
+    "location": "app/findings.js:1",
+    "suggestion": "applyExclusions 函數中對於 findings 和 exclusions 參數的有效性檢查不足，建議增加檢查以提高程式的健壯性。",
+    "is_new": true
  },
  {
    "level": "info",
-    "role": "Leo",
+    "role": "Aria",
    "location": "README.md",
    "suggestion": "建議在 README 中增加對於新功能（如排除問題過濾）的詳細說明，以便未來的維護者能快速了解其功能.",
    "is_new": true
+  },
+  {
+    "level": "info",
+    "role": "Rex",
+    "location": "app/findings.js:93",
+    "suggestion": "建議在 loadExclusions 函式中增加對於 JSON 格式的驗證，確保讀取的資料符合預期格式，避免潛在的錯誤。",
+    "is_new": true
+  },
+  {
+    "level": "info",
+    "role": "Rex",
+    "location": "app/findings.js:40",
+    "suggestion": "在 applyExclusions 函式中，建議增加對於 findings 和 exclusions 參數的有效性檢查，以提高程式的健壯性。",
+    "is_new": true
+  },
+  {
+    "level": "info",
+    "role": "Zara",
+    "location": "app/findings.js:93",
+    "suggestion": "建議在 loadExclusions 函式中增加對於 JSON 格式的驗證，確保讀取的資料符合預期格式，避免潛在的錯誤。",
+    "is_new": true
+  },
+  {
+    "level": "info",
+    "role": "Zara",
+    "location": "app/findings.js:40",
+    "suggestion": "在 applyExclusions 函式中，建議增加對於 findings 和 exclusions 參數的有效性檢查，以提高程式的健壯性。",
+    "is_new": true
+  },
+  {
+    "level": "info",
+    "role": "Maya",
+    "location": "app/main.js:1",
+    "suggestion": "建議為主要流程中的每個步驟添加詳細的單元測試，以確保整體功能的正確性和穩定性。",
+    "is_new": true
  }
 ]
@@ -3,7 +3,7 @@ import assert from 'node:assert/strict';
 import fs from 'fs';
 import os from 'os';
 import path from 'path';
-import { commitAndPush } from './git.js';
+import { commitAndPush, cloneRepo } from './git.js';

 // --- helpers ---
 function makeTmpWorkspace() {
@@ -91,3 +91,59 @@ describe('commitAndPush', () => {
    await assert.doesNotReject(() => commitAndPush(workspace, failSpawn));
  });
 });
+
+describe('cloneRepo', () => {
+  let workspace;
+
+  before(() => { workspace = fs.mkdtempSync(path.join(os.tmpdir(), 'clone-test-')); });
+  after(() => { fs.rmSync(workspace, { recursive: true, force: true }); });
+
+  it('clones repo when repoDir does not exist', () => {
+    const spawn = makeSpawn();
+    cloneRepo(workspace, spawn);
+    const cloneCalled = spawn.calls.some(c => c.args[0] === 'clone');
+    assert.ok(cloneCalled, 'expected git clone to be called');
+  });
+
+  it('fetches and checks out when repoDir already exists', () => {
+    const repoDir = path.join(workspace, 'repo');
+    fs.mkdirSync(repoDir, { recursive: true });
+    const spawn = makeSpawn();
+    cloneRepo(workspace, spawn);
+    const cloneCalled = spawn.calls.some(c => c.args[0] === 'clone');
+    const fetchCalled = spawn.calls.some(c => c.args[0] === 'fetch');
+    assert.ok(!cloneCalled, 'clone should not run when repoDir exists');
+    assert.ok(fetchCalled, 'fetch should run when repoDir exists');
+  });
+
+  it('does not embed token in any git command argument', () => {
+    const spawn = makeSpawn();
+    cloneRepo(workspace, spawn);
+    for (const { args } of spawn.calls) {
+      assert.ok(!args.join(' ').includes('test-token'), `Token leaked in git args: ${args.join(' ')}`);
+    }
+  });
+
+  it('uses GIT_ASKPASS for network operations', () => {
+    const spawn = makeSpawn();
+    cloneRepo(workspace, spawn);
+    const networkCalls = spawn.calls.filter(c => ['clone', 'fetch'].includes(c.args[0]));
+    assert.ok(networkCalls.length > 0, 'expected at least one network git call');
+    for (const { args, opts } of networkCalls) {
+      assert.ok(opts?.env?.GIT_ASKPASS, `GIT_ASKPASS missing for git ${args[0]}`);
+    }
+  });
+
+  it('cleans up askpass script after run', () => {
+    const spawn = makeSpawn();
+    cloneRepo(workspace, spawn);
+    const leftover = fs.readdirSync(workspace).filter(f => f.endsWith('.git-askpass.sh'));
+    assert.equal(leftover.length, 0, 'askpass script was not cleaned up');
+  });
+
+  it('returns repoDir path', () => {
+    const spawn = makeSpawn();
+    const result = cloneRepo(workspace, spawn);
+    assert.equal(result, path.join(workspace, 'repo'));
+  });
+});
Author	SHA1	Message	Date
jiantw83	20ce50ee1b	fix: add Leo/Zara false positive exclusion; add cloneRepo unit tests	2026-05-12 02:21:25 +00:00
AI Review Bot	c7d9d38f2b	chore: update ai-review findings [skip ci]	2026-05-12 02:18:22 +00:00