Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 jiantw83
|
8d8ace636e | ||
 AI Review Bot
|
fdeceee52f |
@@ -213,5 +213,10 @@
|
||||
"role": "Leo",
|
||||
"location": "app/comments.js",
|
||||
"suggestion": "buildTable 函式已在 comments.js 第 13 行定義,非未定義或未匯入,不會導致執行時錯誤"
|
||||
},
|
||||
{
|
||||
"role": "Maya",
|
||||
"location": "app/gitea.js",
|
||||
"suggestion": "filterDiff 的單元測試已在 gitea.test.js 補齊,涵蓋過濾 .gitea/、不誤過濾其他路徑、全部排除、空 diff 四種情境"
|
||||
}
|
||||
]
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
[
|
||||
{
|
||||
"level": "critical",
|
||||
"role": "Leo",
|
||||
"location": "app/comments.js:66",
|
||||
"suggestion": "`buildTable` 函式在此檔案中被呼叫,但未見其定義或匯入。這將導致執行時錯誤。請確保 `buildTable` 函式已被正確定義或從其他模組匯入,以確保程式碼的正確執行。",
|
||||
"is_new": true
|
||||
},
|
||||
{
|
||||
"level": "warning",
|
||||
"role": "Maya",
|
||||
"location": "app/gitea.js:11, app/main.js:42-45",
|
||||
"suggestion": "`filterDiff` 函數的邏輯已從正規表達式比對改為 `startsWith`,並將其呼叫從 `getPRDiff` 移至 `main.js`。雖然 `startsWith` 可能更高效精確,但這是一個行為變更與職責重分配。請確保為 `filterDiff` 函數撰寫足夠的單元測試,以驗證:\n1. 正確過濾 `.gitea/` 路徑下的檔案。\n2. 不會錯誤過濾非 `.gitea/` 路徑下的檔案。\n3. 處理空 diff 內容。\n4. 處理僅包含 `.gitea/` 檔案的 diff 內容(應返回空字串)。",
|
||||
"is_new": false
|
||||
},
|
||||
{
|
||||
"level": "warning",
|
||||
"role": "Rex",
|
||||
"location": "app/gitea.js:11",
|
||||
"suggestion": "`getPRDiff` 函數現在直接回傳未經篩選的 Git Diff 內容,將 `.gitea/` 資料夾的排除邏輯移至 `main.js`。這改變了 `getPRDiff` 的契約,增加了未來若 `main.js` 未正確呼叫 `filterDiff`,可能導致 `.gitea/` 內敏感配置(如 workflow 設定、潛在的秘密資訊)被傳送給 AI 分析的風險。建議考慮將 `.gitea/` 排除邏輯保留在 `getPRDiff` 內部,或在 `getPRDiff` 的文件註釋中明確指出其輸出是未經篩選的,並強調必須在外部進行敏感路徑過濾。",
|
||||
"is_new": true
|
||||
}
|
||||
]
|
||||
|
||||
@@ -6,6 +6,10 @@ const httpsAgent = GITEA_SKIP_TLS_VERIFY ? new https.Agent({ rejectUnauthorized:
|
||||
const headers = () => ({ Authorization: `token ${GITEA_TOKEN}`, 'Content-Type': 'application/json' });
|
||||
const api = (path) => `${GITEA_SERVER_URL.replace(/\/$/, '')}/api/v1${path}`;
|
||||
|
||||
/**
|
||||
* 取得 PR 的原始 Git Diff 內容。
|
||||
* 注意:回傳值未經路徑過濾,呼叫端須使用 filterDiff 排除敏感路徑(如 .gitea/)後再傳給 AI。
|
||||
*/
|
||||
export async function getPRDiff() {
|
||||
const resp = await axios.get(api(`/repos/${GITEA_REPOSITORY}/pulls/${PR_NUMBER}.diff`), { headers: headers(), timeout: 60000, httpsAgent });
|
||||
return resp.data;
|
||||
|
||||
Reference in New Issue
Block a user