You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The changes improve error handling for PyPI publishing, fix the malformed GitHub raw content URL for the coverage badge, add better parameter handling to the Linear API integration, and bump the version to 2.0.2, but several security and error handling issues remain unaddressed including potential shell injection in the Makefile and missing validation in the Linear API function.
The PYPI_TOKEN environment variable is directly interpolated into a shell command using f-string formatting. If the token contains special shell characters, it could cause command injection or execution errors. The token should be passed as a separate argument or properly escaped. Tags: security, bug Affected code:
If LINEAR_API_KEY environment variable is not set and api_key parameter is None, the code will pass None to the Authorization header, which will result in 'Authorization: None' being sent to the API. This will cause authentication failures. Tags: bug, security Affected code:
api_key=api_keyoros.getenv("LINEAR_API_KEY")
ifnotapi_key:
logging.error("LINEAR_API_KEY is required but not provided")
returnNoneurl="https://api.linear.app/graphql"headers= {
"Authorization": f"{api_key}",
"Content-Type": "application/json"
}
Line 35 performs issue_key.split("-") and expects exactly 2 parts to unpack into team_key and issue_number. If issue_key doesn't contain exactly one hyphen, this will raise a ValueError that is not handled by the existing exception handlers. Tags: bug Affected code:
Line 40 converts issue_number to int without handling the case where issue_number is not a valid integer. This will raise a ValueError that is not caught by the existing exception handlers. Tags: bug Affected code:
Норм! 🔥 Особливо фікс з subprocess.run() - замість shell injection тепер маємо чистий список аргументів. Плюс автоматичне підхоплення LINEAR_API_KEY з енва і check=True для proper error handling.
Єдине - в README лінк на coverage badge тепер через raw.githubusercontent.com, що правильно, але покриття впало з 46% до 45%. Час писати тести! 😈
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v2.0.2: