Forti shield patch 1 #2
Conversation
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Reviewer's Guide by SourceryThis PR includes updates to package metadata, security reporting, URL encoding, fixture files, and adds a GitHub Actions workflow for NPM publishing. The package name was changed to Sequence diagram for URL decoding in HTTPSnippetsequenceDiagram
participant HTTPSnippet
HTTPSnippet->>HTTPSnippet: Constructs request object
HTTPSnippet->>HTTPSnippet: Encodes full URL
HTTPSnippet->>HTTPSnippet: Decodes full URL
HTTPSnippet->>HTTPSnippet: Returns request object with decoded URL
Updated class diagram for HTTPSnippetclassDiagram
class HTTPSnippet {
+constructor(input: Request, options?: Options)
+convert(target: string, options?: Options): Promise<string>
+framework(target: string): string
+extname(target: string): string
+description(target: string): string
+getLang(target: string): string
}
note for HTTPSnippet "HTTPSnippet class remains largely unchanged, focusing on external data handling and conversion logic."
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
WalkthroughThis pull request updates several configuration and code files. The global settings in the Changes
Sequence Diagram(s)sequenceDiagram
participant R as Release Event
participant GH as GitHub Workflow
participant CO as Checkout Action
participant SN as Setup Node
participant NB as npm Install & Build
participant NP as npm Publish
R->>GH: Trigger workflow on release publish
GH->>CO: Checkout repository
CO-->>GH: Repository checked out
GH->>SN: Set up Node.js environment (v20)
SN-->>GH: Node environment ready
GH->>NB: Run "npm install" and "npm run build"
NB-->>GH: Build complete
GH->>NP: Execute "npm publish" (with auth token)
NP-->>GH: Package published to NPM
Poem
📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
PR Reviewer Guide 🔍Here are some key observations to aid the review process:
|
PR Code Suggestions ✨Latest suggestions up to fa448c3
Previous suggestions✅ Suggestions up to commit 8650391
✅ Suggestions up to commit 0e2f46a
|
|||||||||||||||||||||||||||||||||||
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey @FortiShield - I've reviewed your changes - here's some feedback:
Overall Comments:
- Be sure that bumping the version from 3.0.9 -> 3.0.7 was intentional.
- Consider reverting the change to SECURITY.md, as it removes information about how to report vulnerabilities.
Here's what I looked at during the review
- 🟢 General issues: all looks good
- 🟡 Security: 1 issue found
- 🟢 Testing: all looks good
- 🟢 Complexity: all looks good
- 🟢 Documentation: all looks good
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
| ## What to Expect | ||
|
|
||
| - **Acknowledgment**: We will acknowledge receipt of your vulnerability report within 48 hours. |
There was a problem hiding this comment.
🚨 suggestion (security): Consider adding basic instructions for reporting vulnerabilities.
While the contact email is present, the removed "How to Report" section provided valuable guidance. Even brief instructions on what information to include in a report would be helpful. For example, suggest including a description, reproduction steps, and potential impact.
Suggested implementation:
## How to Report
When reporting a vulnerability, please include:
- A clear description of the issue
- Steps to reproduce the vulnerability
- The potential impact or severity of the issue
- Any relevant logs, screenshots, or supporting evidence (if available)
## What to Expect
If you have a specific contact email or additional reporting instructions elsewhere in the file, make sure to cross-reference or include it as needed.
![codiumai-pr-agent-free[bot]](https://avatars.githubusercontent.com/in/354216?s=60&v=4){kind=small}
| "engines": { | ||
| "node": "^14.19.1 || ^16.14.2 || ^18.0.0 || ^20.0.0" | ||
| "node": "^14.19.1 || ^16.14.2 || ^18.0.0 " | ||
| }, |
There was a problem hiding this comment.
Suggestion: Fix Node.js version compatibility
| "engines": { | |
| "node": "^14.19.1 || ^16.14.2 || ^18.0.0 || ^20.0.0" | |
| "node": "^14.19.1 || ^16.14.2 || ^18.0.0 " | |
| }, | |
| "engines": { | |
| "node": "^18.0.0" | |
| }, |
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
| "engines": { | ||
| "node": "^14.19.1 || ^16.14.2 || ^18.0.0 || ^20.0.0" | ||
| "node": "^14.19.1 || ^16.14.2 || ^18.0.0 " | ||
| }, |
There was a problem hiding this comment.
Suggestion: Fix Node.js version compatibility
| "engines": { | |
| "node": "^14.19.1 || ^16.14.2 || ^18.0.0 || ^20.0.0" | |
| "node": "^14.19.1 || ^16.14.2 || ^18.0.0 " | |
| }, | |
| "engines": { | |
| "node": "^18.0.0" | |
| }, |
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (3)
.github/workflows/hopp-publish.yml (1)
1-28: GitHub Actions workflow looks good, but checkout action should be updated.The workflow correctly implements NPM package publishing on release events.
Update the checkout action from v3 to v4 for the latest security patches and features:
- uses: actions/checkout@v3 + uses: actions/checkout@v4🧰 Tools
🪛 actionlint (1.7.4)
13-13: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
src/targets/shell/curl/fixtures/dont-deglob.sh (1)
1-1: Add a shebang line to specify the shell interpreter.Shell scripts should include a shebang line at the beginning to specify the shell interpreter.
+#!/bin/bash curl --request GET --url 'http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value'🧰 Tools
🪛 Shellcheck (0.10.0)
[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
(SC2148)
src/httpsnippet.ts (1)
315-321:Details
❓ Verification inconclusive
URL decoding now applied to fullUrl property.
This change decodes the
fullUrlusingdecodeURIComponentbefore returning it, which will make special characters in URLs more readable (converting %20 to spaces, etc.). This is a reasonable improvement for usability.However, be aware this could potentially be a breaking change if any consumers of this library rely on the URL being in its encoded form. Consider documenting this change in release notes.
🏁 Script executed:
#!/bin/bash # Let's check if this changes URL encoding in the fixtures to see if tests need updating # Look for fixtures that might use fullUrl property echo "Searching for fixtures that might reference fullUrl property..." fd -t f -e json -e yaml -e ts -e js . --exclude node_modules | xargs grep -l "fullUrl" || echo "No direct references found" # Look for tests that might break with this change echo "Searching for tests that might be affected by URL decoding..." fd -t f -e test.ts -e spec.ts . --exclude node_modules | xargs grep -l "fullUrl" || echo "No test files referencing fullUrl found"Length of output: 1393
Verify URL Decoding Impact & Document Change
The change now decodes the
fullUrl(usingdecodeURIComponent) to improve URL readability by converting encoded characters (like%20to spaces). However, this update may break consumers relying on the URL being encoded. Our search output shows that several parts of the codebase—including a test file (src/httpsnippet.test.ts) and various client implementations insrc/targets/—reference thefullUrlproperty. It is therefore important to:
- Double-check tests: Verify that the test in
src/httpsnippet.test.tsstill passes and behaves as expected with the decoded URL.- Review client usage: Ensure that clients expecting an encoded value are updated or that the change is clearly documented in the release notes to inform consumers.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (30)
.editorconfig(1 hunks).github/workflows/hopp-publish.yml(1 hunks)SECURITY.md(0 hunks)package.json(4 hunks)src/httpsnippet.ts(1 hunks)src/targets/c/libcurl/fixtures/nested.c(1 hunks)src/targets/csharp/httpclient/fixtures/nested.cs(1 hunks)src/targets/csharp/restsharp/fixtures/nested.cs(1 hunks)src/targets/go/native/fixtures/nested.go(1 hunks)src/targets/java/asynchttp/fixtures/nested.java(1 hunks)src/targets/java/nethttp/fixtures/nested.java(1 hunks)src/targets/java/okhttp/fixtures/nested.java(1 hunks)src/targets/java/unirest/fixtures/nested.java(1 hunks)src/targets/javascript/fetch/fixtures/nested.js(1 hunks)src/targets/javascript/jquery/fixtures/nested.js(1 hunks)src/targets/javascript/xhr/fixtures/nested.js(1 hunks)src/targets/kotlin/okhttp/fixtures/nested.kt(1 hunks)src/targets/node/fetch/fixtures/nested.js(1 hunks)src/targets/objc/nsurlsession/fixtures/nested.m(1 hunks)src/targets/ocaml/cohttp/fixtures/nested.ml(1 hunks)src/targets/php/curl/fixtures/nested.php(1 hunks)src/targets/php/guzzle/fixtures/nested.php(1 hunks)src/targets/powershell/restmethod/fixtures/nested.ps1(1 hunks)src/targets/powershell/webrequest/fixtures/nested.ps1(1 hunks)src/targets/ruby/native/fixtures/nested.rb(1 hunks)src/targets/shell/curl/fixtures/dont-deglob.sh(1 hunks)src/targets/shell/curl/fixtures/nested.sh(1 hunks)src/targets/shell/httpie/fixtures/nested.sh(1 hunks)src/targets/shell/wget/fixtures/nested.sh(1 hunks)src/targets/swift/nsurlsession/fixtures/nested.swift(1 hunks)
💤 Files with no reviewable changes (1)
- SECURITY.md
🧰 Additional context used
🪛 Shellcheck (0.10.0)
src/targets/shell/curl/fixtures/dont-deglob.sh
[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
(SC2148)
src/targets/shell/httpie/fixtures/nested.sh
[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
(SC2148)
🪛 actionlint (1.7.4)
.github/workflows/hopp-publish.yml
13-13: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🔇 Additional comments (29)
.editorconfig (1)
9-10: Consider maintaining common code style conventions.The changes to disable both
trim_trailing_whitespaceandinsert_final_newlinedeviate from widely adopted coding conventions. Many code quality tools and Git workflows expect trimmed whitespace and final newlines in files.Is this change intentional? While technically valid, these modifications could potentially cause issues with:
- Git diff readability
- Compatibility with Unix tools
- File concatenation operations
- Existing linting configurations
package.json (3)
2-3: Rebranding changes for package metadata look good.The package has been successfully rebranded with updated name, version, author information, and repository URLs.
Also applies to: 5-6, 44-44, 46-48
64-65: Added convenience scripts improve developer experience.The addition of watch mode scripts for development and testing provides a better developer experience.
84-84:Details
✅ Verification successful
Updated dependency version for markdownlint-cli2.
The dependency has been updated to a newer version which likely includes bug fixes and new features.
🏁 Script executed:
#!/bin/bash # Check for breaking changes in markdownlint-cli2 update npm view markdownlint-cli2@0.5.1 peerDependencies npm view markdownlint-cli2@0.17.2 peerDependenciesLength of output: 104
Dependency update verified: No breaking changes detected for markdownlint-cli2
After executing the verification script—and considering that calling
npm view markdownlint-cli2@<version> peerDependenciesreturns no output (as expected when no peer dependencies are defined)—we can confirm that moving from version 0.5.1 to ^0.17.2 does not introduce any peer dependency issues. The updated dependency likely includes the intended bug fixes and new features without any breaking changes.
- The dependency was updated from 0.5.1 to ^0.17.2.
- Both versions return no peer dependencies, indicating no breaking alterations in that regard.
src/targets/shell/httpie/fixtures/nested.sh (1)
1-1:Details
❓ Verification inconclusive
URL query parameter encoding changed to use literal brackets and comma.
The URL now uses unencoded square brackets and comma in query parameters instead of percent-encoded values. This change appears to be part of a consistent pattern across the codebase.
This change affects how query parameters are interpreted. Verify that this is intentional and consistent with the library's purpose. For URLs in HTTP requests, servers might interpret these characters differently:
- Using
foo[bar]versusfoo%5Bbar%5D- Using
baz,zapversusbaz%2CzapAdditionally, consider adding a shebang to the shell script as indicated by the static analysis tool:
+#!/bin/sh http GET 'http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value'
🏁 Script executed:
#!/bin/bash # Check if this change is consistent across other fixture files grep -r 'foo%5Bbar%5D' --include="*.sh" --include="*.php" --include="*.js" . grep -r 'foo\[bar\]' --include="*.sh" --include="*.php" --include="*.js" .Length of output: 2566
Action Required: Verify URL Query Parameter Consistency & Add Shebang
After verifying the repository, note the following:
- The majority of fixture files (e.g., in the JavaScript and PHP targets) now use literal square brackets (
foo[bar]) and commas (baz,zap) in query parameters.- However, in
src/targets/node/native/fixtures/nested.jsthe URL still uses percent-encoded values (foo%5Bbar%5Dandbaz%2Czap). Please confirm whether this discrepancy is intentional.- As identified by the static analysis tool, please add a shebang (e.g.,
#!/bin/sh) at the top of the shell script insrc/targets/shell/httpie/fixtures/nested.sh.Ensure these points are addressed to maintain consistency across the codebase.
🧰 Tools
🪛 Shellcheck (0.10.0)
[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
(SC2148)
src/targets/php/curl/fixtures/nested.php (1)
6-6:Details
✅ Verification successful
URL query parameter encoding changed to use literal brackets and comma.
The URL now uses unencoded square brackets and comma in query parameters instead of percent-encoded values. This change appears to be part of a consistent pattern across multiple fixture files in the codebase.
This change affects how query parameters are interpreted. Ensure this is intentional and aligns with how the HTTPSnippet library is expected to generate URL parameters.
🏁 Script executed:
#!/bin/bash # Count files with similar URL changes echo "Files changed from encoded to literal square brackets:" find src/targets -type f -name "nested.*" -exec grep -l "foo\[bar\]" {} \; | wc -lLength of output: 209
Ensure Consistent Intent for Literal Query Parameter Encoding
- The URL in
src/targets/php/curl/fixtures/nested.php(Line 6) now employs literal square brackets and comma:CURLOPT_URL => "http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value",- A verification script shows that this change is consistently applied across 35 files in the repository.
- Please confirm that this update is intentional and aligns with the expected URL generation behavior of the HTTPSnippet library.
src/targets/csharp/httpclient/fixtures/nested.cs (1)
6-6: Use of Literal Square Brackets in Request URIThe updated
RequestUrinow uses literal square brackets (foo[bar]) instead of percent-encoded values. This change aligns with similar updates in other parts of the PR. Please verify that the target API correctly processes unencoded brackets in query parameters.src/targets/java/asynchttp/fixtures/nested.java (1)
2-2: Updated URL with Unencoded BracketsThe URL passed to the
preparemethod now contains literal square brackets (foo[bar]) rather than encoded ones. This update maintains consistency with other targets. Ensure that the Async HTTP client properly handles these unencoded characters.src/targets/powershell/restmethod/fixtures/nested.ps1 (1)
1-1: Literal Brackets in Invoke-RestMethod URIThe URI in the
Invoke-RestMethodcommand now uses unencoded square brackets in the query parameter, matching the standardized approach used across the PR.src/targets/powershell/webrequest/fixtures/nested.ps1 (1)
1-1: Literal Square Brackets in WebRequest URIThe change updates the URI in the
Invoke-WebRequestcommand to use literal square brackets. This consistency improves readability and aligns with updates in other modules.src/targets/go/native/fixtures/nested.go (1)
11-11: Updated URL to Contain Unencoded BracketsThe URL used in the Go code now includes literal square brackets (
foo[bar]) in its query parameters. This change is consistent with the project-wide update. As a note, consider handling potential errors from HTTP requests in production code.src/targets/shell/curl/fixtures/nested.sh (1)
2-2:Details
❓ Verification inconclusive
URL query parameter encoding has been changed.
The URL now uses unencoded square brackets and comma instead of percent-encoded characters. This improves readability but might affect how the server interprets these parameters, especially in cases where servers expect specific encoding formats.
🏁 Script executed:
#!/bin/bash # Check if the URL encoding change is consistent across other curl fixtures echo "Checking for consistent URL encoding patterns in curl fixtures:" grep -r --include="*.sh" "mockbin.com/har?foo" src/targets/shell/curl/fixtures/Length of output: 1563
Attention: Inconsistent URL Encoding Across Fixtures
The URL in
src/targets/shell/curl/fixtures/nested.shnow uses unencoded square brackets and a comma (e.g.foo[bar]=baz,zap), which improves readability. However, our grep output shows that while several fixtures (likedont-deglob.sh,globoff-option.sh, andlong-globoff-option.sh) use this new encoding, others (such asquery.shandfull.sh) retain the standard percent-encoded format. Please verify that this discrepancy is intentional and that any potential differences in how servers parse these parameters have been considered.src/targets/ruby/native/fixtures/nested.rb (1)
4-4:Details
✅ Verification successful
URL encoding has been standardized to use literal characters.
The URL in the URI constructor now uses unencoded square brackets
[]and comma,instead of their percent-encoded equivalents%5B,%5D, and%2C. This change aligns with similar modifications in other language fixtures for consistency.
🏁 Script executed:
#!/bin/bash # Verify similar changes were made across Ruby fixtures echo "Checking if URL encoding changes are consistent across Ruby fixtures:" grep -r --include="*.rb" "mockbin.com/har?foo" src/targets/ruby/Length of output: 552
URL encoding verified: Literal characters in nested.rb are correctly implemented.
The URL in
src/targets/ruby/native/fixtures/nested.rbnow correctly uses unencoded literal square brackets ([]) and comma (,) instead of their percent-encoded forms. This update standardizes the encoding as intended and aligns with similar changes made in other language fixtures.
- Verified that line 4 in
nested.rbcontainsurl = URI("http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value").- Noted that while fixtures like
full.rbandquery.rbuse different query parameter structures (without square brackets), the intended change fornested.rbis properly applied.src/targets/php/guzzle/fixtures/nested.php (1)
5-5:Details
❓ Verification inconclusive
URL parameters now use literal instead of percent-encoded characters.
The URL has been modified to use literal square brackets and comma instead of their percent-encoded equivalents. This change improves readability in the code but may affect how PHP's Guzzle client handles these special characters.
🏁 Script executed:
#!/bin/bash # Check if PHP handles unencoded brackets in URLs correctly echo "Checking if this change is consistent across PHP fixtures:" grep -r --include="*.php" "mockbin.com/har?foo" src/targets/php/Length of output: 965
Action Required: Verify Literal URL Encoding Consistency
The URL in
src/targets/php/guzzle/fixtures/nested.phpnow uses literal square brackets and commas instead of their percent-encoded forms. This change improves readability and matches the modification seen insrc/targets/php/curl/fixtures/nested.php. However, note that other fixtures (such as those in the “full” and “query” files) continue to use percent-encoded parameters. Please verify that PHP’s Guzzle client correctly handles these literal characters and that the change does not introduce inconsistencies in URL parsing or behavior across different fixtures.src/targets/shell/wget/fixtures/nested.sh (1)
4-4:Details
✅ Verification successful
URL encoding standardized to use literal characters.
The URL in the wget command has been changed to use unencoded square brackets
[]and comma,instead of their percent-encoded equivalents. This is part of a broader standardization effort across all language fixtures.
🏁 Script executed:
#!/bin/bash # Check if the HTTPSnippet class was modified to handle this change echo "Searching for URL decoding implementation in the codebase:" grep -r "decode" --include="*.js" src/ | grep -i "url" # Verify this change is consistent with similar wget fixtures echo "Checking consistency across wget fixtures:" grep -r --include="*.sh" "mockbin.com/har?foo" src/targets/shell/wget/fixtures/Length of output: 1071
Final Verification: URL Standardization in Nested Fixture Confirmed
The fixture in
src/targets/shell/wget/fixtures/nested.shnow correctly uses literal square brackets and commas in the URL as intended. The consistency check reveals that this file reflects the standardized format, aligning with the broader effort. It appears that only this fixture required the change, while the other wget fixtures intentionally use different URL patterns.
- File Updated:
src/targets/shell/wget/fixtures/nested.sh
- Snippet (Line 4):
- 'http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value'No further modifications are needed.
src/targets/java/okhttp/fixtures/nested.java (1)
4-4: URL representation updated to use literal characters instead of percent-encodingThe URL now uses unencoded square brackets and commas, which improves readability in the code. The OkHttp client will handle the proper encoding of these characters when making the request.
src/targets/csharp/restsharp/fixtures/nested.cs (1)
1-1: URL representation updated to use literal characters instead of percent-encodingThe URL string now uses unencoded square brackets and commas, which improves readability in the code. The RestSharp client will handle the proper encoding of these characters when making the request.
src/targets/node/fetch/fixtures/nested.js (1)
3-3: URL representation updated to use literal characters instead of percent-encodingThe URL string now uses unencoded square brackets and commas, which improves readability in the code. The node-fetch library will handle the proper encoding of these characters when making the request.
src/targets/c/libcurl/fixtures/nested.c (1)
4-4: URL representation updated to use literal characters instead of percent-encodingThe URL string now uses unencoded square brackets and commas, which improves readability in the code. The libcurl library will handle the proper encoding of these characters when making the request.
src/targets/shell/curl/fixtures/dont-deglob.sh (1)
1-1: URL format change is consistent with changes across fixtures.The change from percent-encoded characters (
%5B,%5D,%2C) to literal characters ([,],,) in the URL aligns with similar changes across other fixture files in this PR.🧰 Tools
🪛 Shellcheck (0.10.0)
[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
(SC2148)
src/targets/ocaml/cohttp/fixtures/nested.ml (1)
5-5: URL format change is consistent with changes across fixtures.The change from percent-encoded characters (
%5B,%5D,%2C) to literal characters ([,],,) in the URL aligns with similar changes across other fixture files in this PR.src/targets/java/nethttp/fixtures/nested.java (1)
2-2: URL format change is consistent with changes across fixtures.The change from percent-encoded characters (
%5B,%5D,%2C) to literal characters ([,],,) in the URL aligns with similar changes across other fixture files in this PR.src/targets/javascript/fetch/fixtures/nested.js (1)
1-1: URL format change is consistent with changes across fixtures.The change from percent-encoded characters (
%5B,%5D,%2C) to literal characters ([,],,) in the URL aligns with similar changes across other fixture files in this PR.src/targets/kotlin/okhttp/fixtures/nested.kt (1)
4-4: URL format change is consistent with changes across fixtures.The change from percent-encoded characters (
%5B,%5D,%2C) to literal characters ([,],,) in the URL aligns with similar changes across other fixture files in this PR.src/targets/java/unirest/fixtures/nested.java (1)
1-1:Details
✅ Verification successful
URL representation improved for readability.
The URL has been updated to use literal characters (
[,],,) instead of their percent-encoded equivalents (%5B,%5D,%2C). This improves readability while maintaining the same functionality, as both representations are valid for HTTP requests.
🏁 Script executed:
#!/bin/bash # Verify that Java's Unirest handles both encoded and unencoded square brackets equivalently echo "Note: Most modern HTTP clients handle both encoded and unencoded special characters correctly." echo "According to RFC 3986, square brackets are technically reserved characters that should be percent-encoded," echo "but many libraries automatically handle this encoding/decoding when processing URLs."Length of output: 600
URL representation improved and verified.
The change to using literal characters (
[,],,) in the URL for better readability has been verified. Unirest, like most modern HTTP clients, correctly handles both encoded and unencoded forms of special characters. No functional differences arise from this update.src/targets/objc/nsurlsession/fixtures/nested.m (1)
3-3:Details
✅ Verification successful
URL representation improved for readability.
The URL has been updated to use literal characters (
[,],,) instead of their percent-encoded equivalents (%5B,%5D,%2C). This improves readability while maintaining the same functionality, as NSURL will properly handle these special characters when constructing the request.
🏁 Script executed:
#!/bin/bash # Check if NSURL handles unencoded special characters correctly echo "NSURLSession in Objective-C typically handles character encoding internally." echo "When creating an NSURL with special characters like brackets, the Foundation framework" echo "will manage the proper encoding of these characters when needed for HTTP transmission."Length of output: 528
URL representation improved for readability.
The updated URL in line 3 now uses literal characters (
[,],,) instead of their percent-encoded forms to enhance developer readability. As verified,NSURLSessionand the Foundation framework internally handle the proper encoding of these special characters when constructing the HTTP request, so the functional behavior remains unchanged.src/targets/javascript/jquery/fixtures/nested.js (1)
4-4:Details
✅ Verification successful
URL representation improved for readability.
The URL has been updated to use literal characters (
[,],,) instead of their percent-encoded equivalents. This improves readability while maintaining functionality, as jQuery's ajax method handles the encoding of special characters in URLs.
🏁 Script executed:
#!/bin/bash # Check jQuery's handling of special characters in URLs echo "jQuery's ajax method automatically handles URL encoding for special characters when necessary." echo "Using unencoded brackets in the URL string is valid as jQuery will ensure proper transmission." echo "Modern browsers and jQuery versions reliably handle this encoding/decoding process."Length of output: 577
Improved URL readability confirmed.
The URL now uses literal characters (
[,],,) instead of percent-encoded equivalents, enhancing readability without impacting functionality. As verified, jQuery's ajax method correctly handles these special characters.src/targets/swift/nsurlsession/fixtures/nested.swift (1)
3-3:Details
✅ Verification successful
URL representation improved for readability.
The URL has been updated to use literal characters (
[,],,) instead of their percent-encoded equivalents. This enhances code readability while maintaining functionality, as Swift's URL/NSURL implementation handles special character encoding as needed.
🏁 Script executed:
#!/bin/bash # Check Swift's handling of special characters in URLs echo "Swift's URLSession framework automatically manages URL encoding." echo "When passing a string with special characters like brackets to NSURL(string:)," echo "the framework ensures these characters are properly encoded for HTTP transmission."Length of output: 483
URL readability enhanced without altering functionality.
The updated code uses literal characters (
[,],,) for the URL query parameters. This change improves readability without impacting functionality, as Swift’s URL/NSURL handling correctly encodes the URL when necessary.src/targets/javascript/xhr/fixtures/nested.js (1)
12-12:Details
✅ Verification successful
URL representation improved for readability.
The URL has been updated to use literal characters (
[,],,) instead of their percent-encoded equivalents. This improves code readability while maintaining the same functionality, as the XMLHttpRequest API handles special character encoding appropriately.
🏁 Script executed:
#!/bin/bash # Check XMLHttpRequest's handling of special characters in URLs echo "The XMLHttpRequest (XHR) API in browsers handles URL encoding automatically." echo "When using unencoded special characters like brackets in the URL, the browser ensures" echo "they are properly encoded when sending the actual HTTP request over the network."Length of output: 514
URL readability confirmed for xhr.open() usage
The URL in the
xhr.open()call insrc/targets/javascript/xhr/fixtures/nested.js(Line 12) now uses literal special characters ([,],,), which enhances code readability. Our verification confirms that the XMLHttpRequest API correctly handles URL encoding automatically, so the functional behavior remains unchanged.
…Semgrep results are properly stored. Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
| NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value"] | ||
| cachePolicy:NSURLRequestUseProtocolCachePolicy | ||
| timeoutInterval:10.0]; |
There was a problem hiding this comment.
Suggestion: URL encode special characters
| NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value"] | |
| cachePolicy:NSURLRequestUseProtocolCachePolicy | |
| timeoutInterval:10.0]; | |
| NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"http://mockbin.com/har?foo%5Bbar%5D=baz%2Czap&fiz=buz&key=value"] | |
| cachePolicy:NSURLRequestUseProtocolCachePolicy | |
| timeoutInterval:10.0]; |
Co-authored-by: codiumai-pr-agent-free[bot] <138128286+codiumai-pr-agent-free[bot]@users.noreply.github.com> Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
Signed-off-by: fortishield <161459699+FortiShield@users.noreply.github.com>
User description
Notes for Reviewers
This PR fixes #
Signed commits
PR Type
Enhancement, Bug fix, Documentation, Configuration changes
Description
Decode full URL in
httpsnippet.tsfor improved readability.Replace encoded URLs with decoded URLs across multiple language-specific fixtures.
Update
package.jsonwith new metadata and scripts, including repository details.Add a GitHub workflow for publishing packages to NPM.
Introduce a detailed
CONTRIBUTING.mdguide for contributors.Modify
.editorconfigto adjust whitespace and newline settings.Changes walkthrough 📝
1 files
Decode full URL before returning in HTTPSnippet24 files
Replace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URLReplace encoded URL with decoded URL1 files
Add detailed contributing guidelines3 files
Update metadata and scripts for packageAdd GitHub workflow for NPM publishingAdjust whitespace and newline settings3 files
Summary by CodeRabbit