fix: /chat save command silently fails on invalid tags #2839
Conversation
There was a problem hiding this comment.
Summary of Changes
Hello @greycodee, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request addresses a user experience issue by enhancing the /chat save command. It introduces necessary input validation for the tag argument, ensuring that users are immediately notified with clear error messages if they provide an invalid or missing tag, thus preventing silent failures and improving the command's usability.
Highlights
- Input Validation: Implemented validation for the
tagargument of the/chat savecommand. The tag must now conform to the regex^[a-zA-Z0-9_-]+$, allowing only letters, numbers, hyphens, and underscores. - Improved User Feedback: Added explicit error messages to inform users when a tag is invalid or missing for the
/chat savecommand. This prevents the command from silently failing and provides clear guidance to the user.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with π and π on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. β©
There was a problem hiding this comment.
Code Review
This pull request correctly adds validation to the /chat save command to prevent it from failing silently with invalid tags. This also implicitly fixes a critical path traversal security vulnerability. My review points out that the same vulnerability exists in the /chat resume command and recommends extending the fix to cover that case as well.
abhipatel12
left a comment
There was a problem hiding this comment.
Hey! Sorry this took me so long to get to. This looks great!
Can we add some test cases that validate/test this?
I have now added the relevant tests for the chat command. |
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request fixes a silent failure in the /chat save command by adding validation for the provided tag. A high-severity suggestion was added to also validate the length of the tag to prevent potential filesystem errors with overly long filenames, which could lead to an application crash. This improves the robustness of the fix.
| const validTagRegex = /^[a-zA-Z0-9_-]+$/; | ||
| if (!validTagRegex.test(tag)) { | ||
| addMessage({ | ||
| type: MessageType.ERROR, | ||
| content: 'Invalid tag. Only letters, numbers, hyphens, and underscores are allowed.', | ||
| timestamp: new Date(), | ||
| }); | ||
| return; |
There was a problem hiding this comment.
The current validation for the tag checks for valid characters but not for length. An excessively long tag could lead to errors when creating the checkpoint file, as file systems have filename length limitations. Enforce a reasonable maximum length for the tag to prevent potential filesystem errors and application crashes.
| const validTagRegex = /^[a-zA-Z0-9_-]+$/; | |
| if (!validTagRegex.test(tag)) { | |
| addMessage({ | |
| type: MessageType.ERROR, | |
| content: 'Invalid tag. Only letters, numbers, hyphens, and underscores are allowed.', | |
| timestamp: new Date(), | |
| }); | |
| return; | |
| const validTagRegex = /^[a-zA-Z0-9_-]{1,200}$/; | |
| if (!validTagRegex.test(tag)) { | |
| addMessage({ | |
| type: MessageType.ERROR, | |
| content: | |
| 'Invalid tag. Tag must be 1-200 characters and contain only letters, numbers, hyphens, and underscores.', | |
| timestamp: new Date(), | |
| }); | |
| return; | |
| } |
|
@abhipatel12 I found that your refactored code has been merged into #3175. Is the current PR still needed? |
|
Hey @greycodee! I didn't change any of the logic within |
|
@abhipatel12 I merged the refactored command code and modified the test code of the /chat command |
|
Awesome, thanks for doing that. I will have some time to review later today! |
|
The code version has been refactored and this branch is no longer needed. |
TLDR
Dive Deeper
Reviewer Test Plan
Testing Matrix
Linked issues / bugs
fix: #2819