Skip to content

fix(security): resolve CodeQL warnings #380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 15, 2025
Merged

fix(security): resolve CodeQL warnings #380

merged 1 commit into from
Jul 15, 2025

Conversation

Nuzair46
Copy link
Member

@Nuzair46 Nuzair46 commented Jul 15, 2025
edited by pkuczynski
Loading

@Nuzair46 Nuzair46 requested review from Copilot and pkuczynski July 15, 2025 05:25
Copilot
Copilot AI reviewed Jul 15, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Fix CodeQL security warnings by replacing regex patterns with safer, clearer alternatives.

  • Replace a complex regex in method_missing with String#end_with? to detect setter methods.
  • Update the environment parser regex to use an atomic grouping to prevent backtracking.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
lib/config/options.rb Swapped regex check for setter methods with method_name.to_s.end_with?('=').
lib/config/integrations/heroku.rb Changed the trailing-word regex to use an atomic group (?>\w+) instead of (\w+).
Comments suppressed due to low confidence (2)

lib/config/options.rb:153

  • Consider adding unit tests for missing setter methods to ensure fail_on_missing is correctly bypassed for setter calls and raises a KeyError for undefined getters.
      if Config.fail_on_missing && !method_name.to_s.end_with?('=')

lib/config/integrations/heroku.rb:29

  • [nitpick] Add a brief comment explaining the use of the atomic grouping (?>\w+) to clarify that it prevents regex backtracking and addresses the CodeQL warning.
        heroku("run 'echo $RAILS_ENV'").chomp[/(?>\w+)\z/]

@pkuczynski pkuczynski changed the title Security/Fix CodeQl warnings fix(security): resolve CodeQL warnings Jul 15, 2025
@pkuczynski pkuczynski merged commit 5e192a5 into rubyconfig:master Jul 15, 2025
10 checks passed
@pkuczynski pkuczynski added this to the Next milestone Jul 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@pkuczynski pkuczynski pkuczynski approved these changes

Assignees

@Nuzair46 Nuzair46

Labels
improvement
Milestone
Next
Development

Successfully merging this pull request may close these issues.
2 participants
@Nuzair46 @pkuczynski