fix: eliminate JSON injection risk in cmd_image ref array construction#4456
fix: eliminate JSON injection risk in cmd_image ref array construction#4456alex-solovyev merged 1 commit intomainfrom
Conversation
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Three issues from CodeRabbit review on PR #4357 (GH#4282): 1. Unify global capacity counting: prefetch_active_workers() used a grep pipeline that diverged from count_active_workers(). Replace with the same awk filter so the active-worker snapshot shown to the pulse agent is always consistent with the global capacity counter. 2. Narrow /pulse exclusion to argument boundaries: count_active_workers() had a !( newline ) awk pattern that caused a GNU awk parse error (unexpected newline after '!'). Collapse to a single-line !(...) guard. prefetch_active_workers() now uses the same token-boundary regex (--role pulse + --session-key supervisor-pulse as whole arguments) instead of a broad substring grep that could hide legitimate workers. 3. Exact --dir matching in has_worker_for_repo_issue(): replace index($0, path) > 0 (substring match) with a regex that anchors path as a whole --dir argument (space or = form, optional trailing slash). Prevents sibling-path false positives such as /tmp/aidevops matching /tmp/aidevops-tools. Add four regression tests covering the new behaviours: - prefetch_active_workers excludes supervisor pulse - prefetch_active_workers count matches count_active_workers - has_worker_for_repo_issue rejects sibling-path match - has_worker_for_repo_issue accepts exact path match Closes #4282
alex-solovyev
force-pushed
the
bugfix/3543-runway-json-injection
branch
from
eeff290 to
2e37246
Compare
🔍 Code Quality Report�[0;35m[MONITOR]�[0m Code Review Monitoring Report �[0;34m[INFO]�[0m Latest Quality Status: �[0;34m[INFO]�[0m Recent monitoring activity: 📈 Current Quality Metrics
Generated on: Fri Mar 13 18:32:27 UTC 2026 Generated by AI DevOps Framework Code Review Monitoring |
|
marcusquinn
added
the
review-feedback-scanned
2 participants
Fixes #3543
Eliminates JSON injection risk in cmd_image ref array construction in runway-helper.sh.