WIP - preview rule is working#269
Conversation
![derricks-squire[bot]](https://avatars.githubusercontent.com/u/26125827?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request summary created by Squire AI
Summary
This pull request introduces a new preview rule feature, integrating several components to support rule previewing for pull requests. Key changes include adding the PreviewRuleDependencyInjector and RulePreviewNode classes for managing dependency injection and extending SingleInferenceNode, respectively. The PreviewRuleService and PreviewRuleController are implemented to handle rule preview requests, with a new API endpoint added in squire/api/api.py. Additionally, modifications to database models and repositories, such as adding ForeignKey constraints and new repository classes, support enhanced data handling. Utility functions for URL validation and extraction have been updated to facilitate this new functionality.
File Summary
File Changes:
di.py: Added import and installation for PreviewRuleDependencyInjector.violation.py: Introduced ViolationV2 class using BaseModelV2 with new fields and attributes.formatters.py: Added import for StandardModel and implemented format_rule function.api.py: Included preview_rule_router with a new endpoint for organization rules.di.py: Added DataSourceRepository and PullRequestRepository to DI with corresponding providers.standard_model.py: Removed optional fields from StandardPublicDTO and added to_model method.pull_request.py: Added ForeignKey constraint to repository_id column in PullRequest model.__init__.py: Exported DataSourceRepository and PullRequestRepository in the module.repository_postgres_service.py: Renamed import to extract_owner_and_name_from_git_url.create_models.py: Renamed import to extract_owner_and_name_from_git_url.github_pull_request_service.py: Added get_diff_by_pull_url method for fetching pull request diffs.url_utils.py: Renamed function to extract_owner_and_name_from_git_url and added functions for pull request URL validation and extraction.
New Files:
di.py: Introduced PreviewRuleDependencyInjector class for dependency injection, binding Config and RulePreviewNode, and providing RulePreviewNode with LLMInvoker and ContextManager.__init__.py: Initialized module with RulePreviewNode import and defined all for module exports.rule_preview_node.py: Added RulePreviewNode class extending SingleInferenceNode, implementing methods for building prompts, handling post-inference, and updating historical context.service.py: Implemented RulePreviewService class to handle rule preview requests, utilizing various repositories and services to identify code violations.state.py: Defined RulePreviewState class extending BaseContextualState with attributes for standard, file_diff, and violations.preview_rule_controller.py: Created PreviewRuleController and associated API endpoint to handle rule preview requests via FastAPI.data_source_repository.py: Added DataSourceRepository class to interface with DataSourceModel, including method to get GitHub installations.pull_request_respository.py: Defined PullRequestRepository class for managing PullRequestModel data, implementing method to retrieve multiple pull requests.
There was a problem hiding this comment.
Review completed by Squire AI
1 comments were added to this review.
Help make Squire better by providing feedback - the good, the bad, & the ugly.
https://cal.com/saumil/chat-with-squire-ai
| async def get_github_installation( | ||
| self, session: AsyncSession, organization_id: int | ||
| ) -> Optional[DataSourceModel]: | ||
| query = Select(DataSourceModel).where( | ||
| DataSourceModel.organization_id == organization_id, | ||
| DataSourceModel.type == DataSourceType.GITHUB.value, | ||
| ) | ||
| result = await session.execute(query) | ||
| return result.scalar_one_or_none() |
There was a problem hiding this comment.
The method get_github_installation currently lacks validation to ensure that a user has the appropriate rights to access organization-specific data. This omission can lead to potential unauthorized access, resulting in an Insecure Direct Object References vulnerability.
To address this issue, consider introducing an authorization check. Verify whether the user possesses the necessary permissions to access the organization data, as suggested by the proposed user_has_access_to_organization method. Implementing such checks will help enforce access controls, safeguard sensitive data, and ensure compliance with standard SEC-4 on Authorization Controls.
|
/derricks-squire review |
1 participant
previewcontroller with a standard.pull_request_url