From 4e128be7a89e34fd50ea79a715e4389c82f3a5de Mon Sep 17 00:00:00 2001 From: Harjot Gill Date: Wed, 2 Aug 2023 19:40:56 -0700 Subject: [PATCH] sanitize entire response before parsing comments (#416) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Summary by CodeRabbit ``` ### Bug Fixes: - Fixed a logic error in the `add` function in `prompts.ts`. The operation has been corrected from subtraction to addition. - Enhanced security in `review.ts` by sanitizing the entire response before parsing comments. ### Refactor: - Renamed `sanitizeComment` function to `sanitizeResponse` in `review.ts`, and expanded its functionality to sanitize code blocks for suggestions and diffs. ### Removed: - Removed single line comment functionality as it was deemed unnecessary. ``` > 🎉 Here's to bugs that are no more, > To logic errors shown the door. > With sanitized responses, we stand tall, > In the face of threats, big or small. > So here's to code that's clean and neat, > Making our victory oh so sweet! 🥳 --- dist/index.js | 29 ++++++++--------------------- src/prompts.ts | 11 +++++------ src/review.ts | 18 ++++-------------- 3 files changed, 17 insertions(+), 41 deletions(-) diff --git a/dist/index.js b/dist/index.js index ffc36345..62101695 100644 --- a/dist/index.js +++ b/dist/index.js @@ -6787,7 +6787,8 @@ consisting of review sections. Each review section must have a line number range and a review comment for that range. Use separator after each review section. Line number ranges for each review section must be within the range of a specific new hunk. Start line number must belong to the same hunk as the end line number. -Provide the exact line number range (inclusive) for each issue. +Provide the exact line number range (inclusive) for each review comment. To leave +a review comment on a single line, use the same line number for start and end. Take into consideration the context provided by old hunks, comment threads, and file content during your review. Remember, the hunk under review is a fragment of a @@ -6845,7 +6846,7 @@ text \`LGTM!\` for that line range in the review section. 18: return a + b 19: 20: def add(x, y): -21: z = x - y +21: z = x + y 22: retrn z 23: 24: def multiply(x, y): @@ -6893,11 +6894,9 @@ def complex_function(x, y): + return c / 2 \`\`\` --- -20-22: -There's a logic error and a syntax error in the add function. +22-22: +There's a syntax error in the add function. \`\`\`suggestion -def add(x, y): - z = x + y return z \`\`\` --- @@ -7943,20 +7942,19 @@ const parsePatch = (patch) => { }; function parseReview(response, patches, debug = false) { const reviews = []; + response = sanitizeResponse(response.trim()); const lines = response.split('\n'); const lineNumberRangeRegex = /(?:^|\s)(\d+)-(\d+):\s*$/; - const lineNumberSingleRegex = /(?:^|\s)(\d+):\s*$/; // New single line regex const commentSeparator = '---'; let currentStartLine = null; let currentEndLine = null; let currentComment = ''; function storeReview() { if (currentStartLine !== null && currentEndLine !== null) { - const sanitizedComment = sanitizeComment(currentComment.trim()); const review = { startLine: currentStartLine, endLine: currentEndLine, - comment: sanitizedComment.trim() + comment: currentComment }; let withinPatch = false; let bestPatchStartLine = -1; @@ -8018,14 +8016,13 @@ ${review.comment}`; } return comment; } - function sanitizeComment(comment) { + function sanitizeResponse(comment) { comment = sanitizeCodeBlock(comment, 'suggestion'); comment = sanitizeCodeBlock(comment, 'diff'); return comment; } for (const line of lines) { const lineNumberRangeMatch = line.match(lineNumberRangeRegex); - const lineNumberSingleMatch = line.match(lineNumberSingleRegex); // Check for single line match if (lineNumberRangeMatch != null) { storeReview(); currentStartLine = parseInt(lineNumberRangeMatch[1], 10); @@ -8036,16 +8033,6 @@ ${review.comment}`; } continue; } - else if (lineNumberSingleMatch != null) { - storeReview(); - currentStartLine = parseInt(lineNumberSingleMatch[1], 10); - currentEndLine = currentStartLine; // For single line comments, start and end are the same - currentComment = ''; - if (debug) { - (0,core.info)(`Found single line comment: ${currentStartLine}`); - } - continue; - } if (line.trim() === commentSeparator) { storeReview(); currentStartLine = null; diff --git a/src/prompts.ts b/src/prompts.ts index c3b756d9..302143d3 100644 --- a/src/prompts.ts +++ b/src/prompts.ts @@ -113,7 +113,8 @@ consisting of review sections. Each review section must have a line number range and a review comment for that range. Use separator after each review section. Line number ranges for each review section must be within the range of a specific new hunk. Start line number must belong to the same hunk as the end line number. -Provide the exact line number range (inclusive) for each issue. +Provide the exact line number range (inclusive) for each review comment. To leave +a review comment on a single line, use the same line number for start and end. Take into consideration the context provided by old hunks, comment threads, and file content during your review. Remember, the hunk under review is a fragment of a @@ -171,7 +172,7 @@ text \`LGTM!\` for that line range in the review section. 18: return a + b 19: 20: def add(x, y): -21: z = x - y +21: z = x + y 22: retrn z 23: 24: def multiply(x, y): @@ -219,11 +220,9 @@ def complex_function(x, y): + return c / 2 \`\`\` --- -20-22: -There's a logic error and a syntax error in the add function. +22-22: +There's a syntax error in the add function. \`\`\`suggestion -def add(x, y): - z = x + y return z \`\`\` --- diff --git a/src/review.ts b/src/review.ts index 84195e84..862f386c 100644 --- a/src/review.ts +++ b/src/review.ts @@ -868,9 +868,10 @@ function parseReview( ): Review[] { const reviews: Review[] = [] + response = sanitizeResponse(response.trim()) + const lines = response.split('\n') const lineNumberRangeRegex = /(?:^|\s)(\d+)-(\d+):\s*$/ - const lineNumberSingleRegex = /(?:^|\s)(\d+):\s*$/ // New single line regex const commentSeparator = '---' let currentStartLine: number | null = null @@ -878,11 +879,10 @@ function parseReview( let currentComment = '' function storeReview(): void { if (currentStartLine !== null && currentEndLine !== null) { - const sanitizedComment = sanitizeComment(currentComment.trim()) const review: Review = { startLine: currentStartLine, endLine: currentEndLine, - comment: sanitizedComment.trim() + comment: currentComment } let withinPatch = false @@ -971,7 +971,7 @@ ${review.comment}` return comment } - function sanitizeComment(comment: string): string { + function sanitizeResponse(comment: string): string { comment = sanitizeCodeBlock(comment, 'suggestion') comment = sanitizeCodeBlock(comment, 'diff') return comment @@ -979,7 +979,6 @@ ${review.comment}` for (const line of lines) { const lineNumberRangeMatch = line.match(lineNumberRangeRegex) - const lineNumberSingleMatch = line.match(lineNumberSingleRegex) // Check for single line match if (lineNumberRangeMatch != null) { storeReview() @@ -990,15 +989,6 @@ ${review.comment}` info(`Found line number range: ${currentStartLine}-${currentEndLine}`) } continue - } else if (lineNumberSingleMatch != null) { - storeReview() - currentStartLine = parseInt(lineNumberSingleMatch[1], 10) - currentEndLine = currentStartLine // For single line comments, start and end are the same - currentComment = '' - if (debug) { - info(`Found single line comment: ${currentStartLine}`) - } - continue } if (line.trim() === commentSeparator) {