generated from ztimson/template
Check for duplicates before adding tickets #12
@@ -32,7 +32,7 @@ dotenv.config({path: '.env.local', override: true, quiet: true});
|
||||
if(resp.ok) return resp.json();
|
||||
else throw new Error(`${resp.status} ${await resp.text()}`);
|
||||
});
|
||||
if(issueData.labels?.[0]?.name !== 1 || issueData.labels?.[0] !== 'Review/AI') {
|
||||
if(issueData.labels?.[0] !== 1 || issueData.labels?.[0]?.name !== 'Review/AI') {
|
||||
console.log('Skipping');
|
||||
return process.exit();
|
||||
}
|
||||
@@ -169,7 +169,7 @@ Output ONLY markdown. No explanations, labels, or extra formatting.`});
|
||||
system: `Your job is to identify duplicates. Respond with the ID number of the duplicate or nothing if there are no matches \n\n${dupes}`
|
||||
}))?.pop()?.content;
|
||||
|
ztimson marked this conversation as resolved
|
||||
// Handle duplicates
|
||||
if(!!hasDuplicates && (dupeId = dupeIds.find(id => new RegExp(`(^| )${id}( |$)`, 'm').test(hasDuplicates)))) {
|
||||
if(!!hasDuplicates && (dupeId = dupeIds.find(id => new RegExp(`\\b${id}\\b`, 'm').test(hasDuplicates)))) {
|
||||
await fetch(`${git}/api/v1/repos/${owner}/${repo}/issues/${ticket}/comments`, {
|
||||
method: 'POST',
|
||||
|
ztimson marked this conversation as resolved
assistant
commented
Bug: JSON string is manually constructed instead of using Bug: JSON string is manually constructed instead of using `JSON.stringify()`. The body should be `body: JSON.stringify({body: \`Duplicate of #${dupeId}\`})` to properly escape special characters and prevent JSON injection vulnerabilities.
assistant
commented
JSON injection vulnerability: The JSON body is manually constructed using a template literal instead of JSON.stringify(). If JSON injection vulnerability: The JSON body is manually constructed using a template literal instead of JSON.stringify(). If `dupeId` contains special characters like quotes or backslashes, this will produce invalid JSON or allow injection. Change to: `body: JSON.stringify({body: \`Duplicate of #${dupeId}\`})`
|
||||
headers: {'Authorization': `token ${auth}`, 'Content-Type': 'application/json'},
|
||||
|
||||
Reference in New Issue
Block a user
Logic issue: The duplicate detection uses
hasDuplicates.includes(id.toString())which is a substring match. This could cause false positives (e.g., ID 123 would match content containing "1234"). Consider using a more precise matching strategy or parsing the AI response more carefully.Logic issue: The regex pattern
(^| )${id}( |$)performs substring matching which could cause false positives. For example, if the AI response contains "123" it would match issue ID 12 or 23. Consider using word boundaries or more precise parsing of the AI response to extract the exact ID number.