fix(core): accept absolute paths in @file input; suppress proxy warning in CI#907
Open
EvanYao826 wants to merge 2 commits into
Open
fix(core): accept absolute paths in @file input; suppress proxy warning in CI#907EvanYao826 wants to merge 2 commits into
EvanYao826 wants to merge 2 commits into
Conversation
…ng in CI Two agent-friendly UX improvements: 1. ReadInputFile now accepts absolute paths after safety validation (control characters, symlink resolution). This allows AI agents and scripts to use /tmp/ and other absolute paths with --markdown @path. 2. WarnIfProxied is now suppressed when LARK_CLI_NO_PROXY_WARNING is set or when running in CI environments (CI env var). This prevents the warning from dominating output in agent loops and scripts. Fixes larksuite#811
📝 WalkthroughWalkthroughAccept absolute file paths for input flags by validating them with ChangesUX improvements for agents and CI
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
github-actions
Bot
added
the
size/M
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@internal/cmdutil/resolve.go`:
- Around line 87-99: The absolute-path branch calls a non-existent
localfileio.SafeAbsoluteInputPath and uses os.ReadFile directly: either
implement a new SafeAbsoluteInputPath in the localfileio package (perform the
same control-char checks, symlink resolution and safety rules as SafeInputPath
but allowing absolute paths) or change the code to reject absolute paths and
route callers to the existing SafeInputPath; once decided, replace the
os.ReadFile(safePath) call with vfs.ReadFile(safePath) and preserve the existing
error handling via wrapInputFileError so filesystem access remains mockable
(refer to filepath.IsAbs, localfileio.SafeInputPath/SafeEnvDirPath,
localfileio.SafeAbsoluteInputPath, vfs.ReadFile, fileIO.Open, and
wrapInputFileError).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 6bdc0dd5-c4b8-4bc5-ad19-70b97e957e9e
📒 Files selected for processing (2)
internal/cmdutil/resolve.gointernal/util/proxy.go
Author
|
@CLAassistant recheck please |
Author
|
@CLAassistant recheck |
Address CodeRabbit review: - Add SafeAbsoluteInputPath to localfileio and validate packages - Replace os.ReadFile with vfs.ReadFile to preserve test mocking - Remove unused os import
|
|
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
internal/validate/path.go (1)
31-37: ⚡ Quick winReturn the validated/resolved path instead of dropping it.
This wrapper discards the canonicalized path returned by
localfileio.SafeAbsoluteInputPath, so callers (e.g.ReadInputFileininternal/cmdutil/resolve.go) have nothing to use except the original rawpathfor the subsequentvfs.ReadFile. That defeats the symlink-resolution step (it widens the TOCTOU window between validate and read) and is also inconsistent with the siblingSafeInputPath/SafeOutputPathwrappers above, which both return(string, error). Prefer returning the resolved path and have the caller read via that value.♻️ Proposed change
-// SafeAbsoluteInputPath validates an absolute path for safety (control -// characters, symlink resolution) without restricting to the working directory. -func SafeAbsoluteInputPath(path string) error { - _, err := localfileio.SafeAbsoluteInputPath(path) - return err -} +// SafeAbsoluteInputPath validates an absolute path for safety (control +// characters, symlink resolution) without restricting to the working directory. +// Returns the canonicalized path; callers should read via the returned value +// to avoid TOCTOU between validation and read. +func SafeAbsoluteInputPath(path string) (string, error) { + return localfileio.SafeAbsoluteInputPath(path) +}🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@internal/validate/path.go` around lines 31 - 37, The wrapper SafeAbsoluteInputPath currently discards the canonicalized path returned by localfileio.SafeAbsoluteInputPath; change its signature to return (string, error) and return the resolved path and error so callers (e.g. ReadInputFile in internal/cmdutil/resolve.go) can use the canonical path for subsequent reads; follow the pattern used by SafeInputPath and SafeOutputPath by returning the resolved string from SafeAbsoluteInputPath rather than only the error.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@internal/vfs/localfileio/path.go`:
- Around line 103-126: safePathAbsolute / SafeAbsoluteInputPath claim to
validate absolute paths but never enforce absoluteness; add a check using
filepath.IsAbs at the start of safePathAbsolute (or in SafeAbsoluteInputPath
before delegating) and return a clear error if the input is not absolute so
callers (e.g., ReadInputFile) can't pass relative paths like "../../etc/passwd";
place the check after RejectControlChars and before
filepath.Clean/resolveNearestAncestor, and reference the functions
safePathAbsolute and SafeAbsoluteInputPath and the stdlib function
filepath.IsAbs when making the change.
---
Nitpick comments:
In `@internal/validate/path.go`:
- Around line 31-37: The wrapper SafeAbsoluteInputPath currently discards the
canonicalized path returned by localfileio.SafeAbsoluteInputPath; change its
signature to return (string, error) and return the resolved path and error so
callers (e.g. ReadInputFile in internal/cmdutil/resolve.go) can use the
canonical path for subsequent reads; follow the pattern used by SafeInputPath
and SafeOutputPath by returning the resolved string from SafeAbsoluteInputPath
rather than only the error.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 7c7a6678-697e-473d-9f26-8ea2cdfcae29
📒 Files selected for processing (3)
internal/cmdutil/resolve.gointernal/validate/path.gointernal/vfs/localfileio/path.go
🚧 Files skipped from review as they are similar to previous changes (1)
- internal/cmdutil/resolve.go
Author
|
@CLAassistant recheck |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #811
Two agent-friendly UX improvements:
1. Accept absolute paths in
@fileinputReadInputFilenow accepts absolute paths after safety validation (control characters, symlink resolution). This allows AI agents and scripts to use/tmp/and other absolute paths with--markdown @/tmp/content.mdand similar@filesyntax.For relative paths, behavior is unchanged (FileIO restricts to cwd).
2. Suppress proxy warning in CI
WarnIfProxiedis now suppressed when:LARK_CLI_NO_PROXY_WARNINGenv var is set (any non-empty value)CIenv var is set)This prevents the proxy warning from dominating output in agent loops and scripts that make many successive
lark-clicalls.Changes
internal/cmdutil/resolve.go:ReadInputFileusesos.ReadFilewithSafeAbsoluteInputPathfor absolute pathsinternal/util/proxy.go:WarnIfProxiedchecksLARK_CLI_NO_PROXY_WARNINGandCIenv varsSummary by CodeRabbit