Update snail traversal implementation and add SRI verification utility#254
Conversation
…DN; rename HuckerRank to HackerRank
📝 Walkthroughウォークスルー複数のドキュメントおよびユーティリティスクリプトを更新しました。Snailトラバーサル実装の TypeScript グローバル宣言を変更し、エッジケースの例を修正し、複数の HTML ファイルで Tailwind CDN と Prism リソースの参照を更新し、SRI ハッシュ値を検証するための新しい Python スクリプトを追加しました。 変更点
推定コードレビュー工数🎯 3 (Moderate) | ⏱️ ~20 分 関連する可能性のある PR
ウサギの詩
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 7
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (3)
Mathematics/Number Theory/HackerRank/Easy/Primitive_Problem.ipynb (1)
108-133: 🧹 Nitpick | 🔵 Trivial
euler_phiの実装がノートブック版とHTML版で異なるノートブック版(ここ)は
2を特別扱いして奇数のみループしますが、HTML版(Line 358-376)はp=2からp+=1で統一ループしています。どちらも正しいですが、ノートブック版のほうが約2倍高速です。一貫性の観点から、どちらかに統一することを推奨します。Mathematics/Number Theory/HackerRank/Easy/Primitive_Problem.html (2)
1362-1366:⚠️ Potential issue | 🟠 MajorPrism.js スクリプトが二重にロードされている
Prism.js とそのプラグインが2箇所でロードされています:
- Lines 1362-1366: SRI なし(React コンポーネントの前)
- Lines 2329-2354: SRI あり(ファイル末尾)
二重ロードは予期しない動作(シンタックスハイライトの二重適用、グローバル状態の上書きなど)を引き起こす可能性があり、帯域幅も無駄になります。SRI 付きの方(Lines 2329-2354)のみを残し、Lines 1362-1366 を削除してください。
🐛 修正案: SRIなし版を削除
- <script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/prism.min.js"></script> - <script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/components/prism-python.min.js"></script> - <script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/line-numbers/prism-line-numbers.min.js"></script> - <script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/toolbar/prism-toolbar.min.js"></script> - <script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/copy-to-clipboard/prism-copy-to-clipboard.min.js"></script>Also applies to: 2329-2354
41-52:⚠️ Potential issue | 🟡 MinorReact/ReactDOM の script タグに
crossorigin属性が重複Lines 42 と 45、Lines 48 と 51 でそれぞれ
crossoriginが2回指定されています。HTML仕様上、同一属性の重複は無効です。1つに統一してください。🔧 修正案
<script - crossorigin src="https://unpkg.com/react@18/umd/react.production.min.js" integrity="sha384-nVQePqH/QE94Buf4g/4MI5NrqDYjdqT76Db87Fa6eINIs+Uk31kgOEWzrnD1NTqU" crossorigin="anonymous" ></script> <script - crossorigin src="https://unpkg.com/react-dom@18/umd/react-dom.production.min.js" integrity="sha384-MUPX27At97Bs+bFaX2430abc2842R4tKjE2Frtj/z5r8v8lT1oI5ls55Dk7c21DD" crossorigin="anonymous" ></script>
🤖 Fix all issues with AI agents
In `@JavaScript/2624`. Snail Traversal/Claude Code Sonnet 4.5/README_react.html:
- Around line 251-254: Update the notebook's TypeScript declaration for
Array<T>. Locate the interface Array<T> declaration that defines
snail(rowsCount: number, colsCount: number): T[][] and change the method
signature to include the explicit this parameter so it reads snail(this: T[],
rowsCount: number, colsCount: number): T[][]; ensure the change targets the
snail method in the Array<T> interface so the notebook's type definition matches
the HTML version.
In `@JavaScript/2624`. Snail Traversal/Claude Code Sonnet 4.5/README.md:
- Line 340: The comment for the example invoking the snail method is incorrect:
update the comment on the line with [].snail(0, 0); to state that validation
passes because 0 * 0 = 0 equals this.length and that an empty array is returned
because the requested matrix has zero rows (not because validation failed or
because "1×1=1 ≠ 0"); look for the snail function/example entry (the [].snail(0,
0) example) and replace the misleading Japanese comment with one that accurately
describes that an empty result is returned due to zero dimensions.
In `@Mathematics/Number` Theory/HackerRank/Easy/Primitive_Problem.html:
- Around line 8-9: The page currently includes Tailwind via the Play CDN script
tag referencing "https://cdn.tailwindcss.com", which is intended for prototyping
and lacks SRI/version stability; replace this with a production-ready approach
by either (a) building and including a local precompiled Tailwind CSS file and
linking it with a <link rel="stylesheet">, or (b) using a versioned, CDN-hosted
prebuilt Tailwind CSS file (not the Play CDN) and include integrity (SRI) and
crossorigin attributes; update the existing script tag reference to the chosen
<link> and ensure the CSS is version-locked and served with integrity for
production use.
In `@Mathematics/Number` Theory/HackerRank/Easy/Primitive_Problem.ipynb:
- Around line 229-248: The LaTeX aligned lines (e.g. the strings starting with
"2^1 &\\equiv 2 \\pmod{7} \\\n" and the block for 3 ending with "3^6 &\\equiv 1
\\pmod{7}\n") are escaping line breaks incorrectly in the JSON: each LaTeX row
needs a double backslash in the rendered output, so update each trailing "\\\n"
in the aligned environment strings to "\\\\\n" (i.e. escape the backslash in the
JSON so the final string contains "\\" for LaTeX line breaks) for both the 2^..
block and the 3^.. block.
In `@verify_sri.py`:
- Around line 5-10: The urls list in verify_sri.py only includes CSS and
Tailwind and misses other external resources used in the HTML (e.g., Prism JS
plugins, React/ReactDOM); update verify_sri.py to either expand the urls
variable to include all known external resources (add Prism JS plugin URLs,
React/ReactDOM, etc.) or implement automatic extraction from the HTML by parsing
script and link tags and collecting href/src values into urls before SRI
verification (look for the variable urls in verify_sri.py and the code paths
that iterate it to verify SRI).
- Around line 12-22: requests.get is called without a timeout and without
checking the HTTP response, so the script can hang or hash error pages; update
the loop to call requests.get(url, timeout=...) and immediately verify the
response (e.g., call response.raise_for_status() or check response.ok) before
computing the hash with hashlib.sha384 and base64.b64encode, and handle
requests.exceptions.Timeout and requests.exceptions.HTTPError (or general
requests.RequestException) in the except block to print a clear error for that
URL.
- Around line 1-3: The script verify_sri.py directly imports and uses the
requests module (see the "import requests" line), but requests is missing from
requirements.txt; add an explicit requests entry to requirements.txt (matching
or compatible with the version in requirements.lock.txt), then regenerate or
sync your lock file (or run your dependency tooling) so the declared dependency
and lockfile remain consistent.
| <pre class="line-numbers"><code class="language-typescript">declare global { | ||
| interface Array<T> { | ||
| snail(this: T[], rowsCount: number, colsCount: number): T[][]; | ||
| } |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Find the files mentioned in the review comment
echo "=== Looking for the files ==="
find . -name "*README_react.html" -o -name "*Snail_Traversal_TS.ipynb" -o -name "README.md" | head -20Repository: myoshi2891/Algorithm-DataStructures-Math-SQL
Length of output: 1378
🏁 Script executed:
#!/bin/bash
# Search for Snail Traversal directory
echo "=== Searching for Snail Traversal files ==="
find . -type d -name "*Snail*" 2>/dev/null
find . -name "*README_react.html" 2>/dev/null
find . -name "*Snail_Traversal_TS*" 2>/dev/null
</script>Repository: myoshi2891/Algorithm-DataStructures-Math-SQL
Length of output: 2038
🏁 Script executed:
#!/bin/bash
# Read the HTML file around lines 251-254
echo "=== Checking README_react.html lines 240-265 ==="
sed -n '240,265p' "./JavaScript/2624. Snail Traversal/Claude Code Sonnet 4.5/README_react.html"
echo ""
echo "=== Checking Snail_Traversal_TS.ipynb structure ==="
# Get the line count of the notebook
wc -l "./JavaScript/2624. Snail Traversal/Claude Code Sonnet 4.5/Snail_Traversal_TS.ipynb"
echo ""
echo "=== Checking notebook for snail method declaration around line 29 ==="
sed -n '1,100p' "./JavaScript/2624. Snail Traversal/Claude Code Sonnet 4.5/Snail_Traversal_TS.ipynb" | grep -i "snail\|declare\|interface" -A 2 -B 2Repository: myoshi2891/Algorithm-DataStructures-Math-SQL
Length of output: 2782
ノートブック版の型定義を HTML 版と同期する必要がある
HTML ファイル(行 251-254)では snail(this: T[], rowsCount: number, colsCount: number): T[][] として this パラメータが含まれていますが、ノートブック版(Snail_Traversal_TS.ipynb)では snail(rowsCount: number, colsCount: number): T[][] として this パラメータがありません。ノートブック版も this: T[] パラメータを追加し、両ファイル間の型定義を一致させてください。
🤖 Prompt for AI Agents
In `@JavaScript/2624`. Snail Traversal/Claude Code Sonnet 4.5/README_react.html
around lines 251 - 254, Update the notebook's TypeScript declaration for
Array<T>. Locate the interface Array<T> declaration that defines
snail(rowsCount: number, colsCount: number): T[][] and change the method
signature to include the explicit this parameter so it reads snail(this: T[],
rowsCount: number, colsCount: number): T[][]; ensure the change targets the
snail method in the Array<T> interface so the notebook's type definition matches
the HTML version.
|
|
||
| ```typescript | ||
| [].snail(1, 0); // → [] (入力サイズ 0) | ||
| [].snail(0, 0); // → [] (1×1=1 ≠ 0のため空配列を返す) |
There was a problem hiding this comment.
エッジケースのコメントが不正確
[].snail(0, 0) の場合、0 * 0 = 0 で this.length = 0 と一致するため、バリデーションは通過します。結果として空配列 [] が返りますが、それはバリデーション失敗ではなく、行数が0のため空の結果が返るという理由です。
コメントの「1×1=1 ≠ 0のため空配列を返す」は誤りです。
🐛 修正案
- [].snail(0, 0); // → [] (1×1=1 ≠ 0のため空配列を返す)
+ [].snail(0, 0); // → [] (0×0=0 = length なのでバリデーション通過、行数0のため空配列)📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| [].snail(0, 0); // → [] (1×1=1 ≠ 0のため空配列を返す) | |
| [].snail(0, 0); // → [] (0×0=0 = length なのでバリデーション通過、行数0のため空配列) |
🤖 Prompt for AI Agents
In `@JavaScript/2624`. Snail Traversal/Claude Code Sonnet 4.5/README.md at line
340, The comment for the example invoking the snail method is incorrect: update
the comment on the line with [].snail(0, 0); to state that validation passes
because 0 * 0 = 0 equals this.length and that an empty array is returned because
the requested matrix has zero rows (not because validation failed or because
"1×1=1 ≠ 0"); look for the snail function/example entry (the [].snail(0, 0)
example) and replace the misleading Japanese comment with one that accurately
describes that an empty result is returned due to zero dimensions.
| <!-- Tailwind CSS (Play CDN - SRI非対応) --> | ||
| <script src="https://cdn.tailwindcss.com"></script> |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Tailwind CSS Play CDN はプロダクション環境に不適切
cdn.tailwindcss.com の Play CDN はプロトタイピング用であり、SRI をサポートしておらず、ビルドごとに内容が変わる可能性があります。学習用コンテンツであれば許容範囲ですが、公開するページであれば、ビルド済み CSS やバージョン固定の CDN の使用を検討してください。
🤖 Prompt for AI Agents
In `@Mathematics/Number` Theory/HackerRank/Easy/Primitive_Problem.html around
lines 8 - 9, The page currently includes Tailwind via the Play CDN script tag
referencing "https://cdn.tailwindcss.com", which is intended for prototyping and
lacks SRI/version stability; replace this with a production-ready approach by
either (a) building and including a local precompiled Tailwind CSS file and
linking it with a <link rel="stylesheet">, or (b) using a versioned, CDN-hosted
prebuilt Tailwind CSS file (not the Play CDN) and include integrity (SRI) and
crossorigin attributes; update the existing script tag reference to the chosen
<link> and ensure the CSS is version-locked and served with integrity for
production use.
| "\\begin{aligned}\n", | ||
| "2^1 &\\equiv 2 \\pmod{7} \\\n", | ||
| "2^2 &\\equiv 4 \\pmod{7} \\\n", | ||
| "2^3 &\\equiv 1 \\pmod{7}\n", | ||
| "\\end{aligned}\n", | ||
| "$$\n", | ||
| "\n", | ||
| "ここで $1$ に戻ってしまい、${1,2,4}$ しか生成できません。\n", | ||
| "\n", | ||
| "### 3 を使った場合\n", | ||
| "\n", | ||
| "$$\n", | ||
| "\\begin{aligned}\n", | ||
| "3^1 &\\equiv 3 \\pmod{7} \\\n", | ||
| "3^2 &\\equiv 2 \\pmod{7} \\\n", | ||
| "3^3 &\\equiv 6 \\pmod{7} \\\n", | ||
| "3^4 &\\equiv 4 \\pmod{7} \\\n", | ||
| "3^5 &\\equiv 5 \\pmod{7} \\\n", | ||
| "3^6 &\\equiv 1 \\pmod{7}\n", | ||
| "\\end{aligned}\n", |
There was a problem hiding this comment.
LaTeX aligned 環境の改行が壊れている可能性
JSON文字列内で \\\n は \ + 改行になりますが、LaTeX の aligned 環境では行の区切りに \\ (バックスラッシュ2つ)が必要です。現在の記述では各行末が \ 1つ + 改行のみのため、Jupyter上でレンダリングすると改行が正しく表示されない可能性があります。
JSON内で \\\\ と記述すれば、出力文字列で \\ となり、正しいLaTeX改行になります。
🐛 修正例(1箇所目)
- "2^1 &\\equiv 2 \\pmod{7} \\\n",
- "2^2 &\\equiv 4 \\pmod{7} \\\n",
+ "2^1 &\\equiv 2 \\pmod{7} \\\\\\\\\n",
+ "2^2 &\\equiv 4 \\pmod{7} \\\\\\\\\n",同様の問題が Lines 242-247 の 3 を使った場合のブロックにも存在します。
🤖 Prompt for AI Agents
In `@Mathematics/Number` Theory/HackerRank/Easy/Primitive_Problem.ipynb around
lines 229 - 248, The LaTeX aligned lines (e.g. the strings starting with "2^1
&\\equiv 2 \\pmod{7} \\\n" and the block for 3 ending with "3^6 &\\equiv 1
\\pmod{7}\n") are escaping line breaks incorrectly in the JSON: each LaTeX row
needs a double backslash in the rendered output, so update each trailing "\\\n"
in the aligned environment strings to "\\\\\n" (i.e. escape the backslash in the
JSON so the final string contains "\\" for LaTeX line breaks) for both the 2^..
block and the 3^.. block.
| import hashlib | ||
| import requests | ||
| import base64 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Search for dependency-related files
find . -type f \( -name "requirements*.txt" -o -name "setup.py" -o -name "setup.cfg" -o -name "pyproject.toml" -o -name "Pipfile" -o -name "poetry.lock" \) 2>/dev/null | head -20Repository: myoshi2891/Algorithm-DataStructures-Math-SQL
Length of output: 130
🏁 Script executed:
#!/bin/bash
# Check if requests is listed in dependency files
find . -type f \( -name "requirements*.txt" -o -name "setup.py" -o -name "setup.cfg" -o -name "pyproject.toml" -o -name "Pipfile" \) 2>/dev/null -exec grep -l "requests" {} \;Repository: myoshi2891/Algorithm-DataStructures-Math-SQL
Length of output: 111
🏁 Script executed:
#!/bin/bash
# List the directory structure to understand the project layout
ls -laRepository: myoshi2891/Algorithm-DataStructures-Math-SQL
Length of output: 1763
🏁 Script executed:
#!/bin/bash
# Find the verify_sri.py file and check its context
find . -name "verify_sri.py" -type fRepository: myoshi2891/Algorithm-DataStructures-Math-SQL
Length of output: 103
🏁 Script executed:
cat ./requirements.txtRepository: myoshi2891/Algorithm-DataStructures-Math-SQL
Length of output: 143
🏁 Script executed:
cat ./requirements.lock.txtRepository: myoshi2891/Algorithm-DataStructures-Math-SQL
Length of output: 2071
🏁 Script executed:
cat -n ./verify_sri.py | head -50Repository: myoshi2891/Algorithm-DataStructures-Math-SQL
Length of output: 1015
requirements.txt に requests を明示的に追加する必要がある
requests は requirements.lock.txt では管理されていますが、requirements.txt に明示的に記載されていません。このスクリプトが直接 requests をインポート・使用しているため、requirements.txt に requests を直接追加することを推奨します。
🤖 Prompt for AI Agents
In `@verify_sri.py` around lines 1 - 3, The script verify_sri.py directly imports
and uses the requests module (see the "import requests" line), but requests is
missing from requirements.txt; add an explicit requests entry to
requirements.txt (matching or compatible with the version in
requirements.lock.txt), then regenerate or sync your lock file (or run your
dependency tooling) so the declared dependency and lockfile remain consistent.
| urls = [ | ||
| "https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/themes/prism-tomorrow.min.css", | ||
| "https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/line-numbers/prism-line-numbers.min.css", | ||
| "https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/toolbar/prism-toolbar.min.css", | ||
| "https://cdn.tailwindcss.com/3.4.1" | ||
| ] |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
URL リストが HTML ファイルで使用されている全リソースをカバーしていない
このスクリプトは CSS リソースと Tailwind のみを対象としていますが、HTML ファイルでは Prism.js の JS プラグインや React/ReactDOM 等にも SRI が適用されています。スクリプトの有用性を高めるために、全対象リソースを含めるか、HTML ファイルから URL を自動抽出する仕組みを検討してください。
🤖 Prompt for AI Agents
In `@verify_sri.py` around lines 5 - 10, The urls list in verify_sri.py only
includes CSS and Tailwind and misses other external resources used in the HTML
(e.g., Prism JS plugins, React/ReactDOM); update verify_sri.py to either expand
the urls variable to include all known external resources (add Prism JS plugin
URLs, React/ReactDOM, etc.) or implement automatic extraction from the HTML by
parsing script and link tags and collecting href/src values into urls before SRI
verification (look for the variable urls in verify_sri.py and the code paths
that iterate it to verify SRI).
| for url in urls: | ||
| try: | ||
| response = requests.get(url) | ||
| content = response.content | ||
| hash_obj = hashlib.sha384(content) | ||
| base64_hash = base64.b64encode(hash_obj.digest()).decode('utf-8') | ||
| print(f"URL: {url}") | ||
| print(f"SRI: sha384-{base64_hash}") | ||
| print("-" * 20) | ||
| except Exception as e: | ||
| print(f"Error fetching {url}: {e}") |
There was a problem hiding this comment.
requests.get にタイムアウトと応答ステータスチェックが欠落
requests.get(url)にタイムアウトが指定されていないため、サーバーが応答しない場合に無限にブロックします。- レスポンスのステータスコードを確認していないため、404 や 500 エラー時にも無効なコンテンツのハッシュを計算してしまいます。
🔧 修正案
for url in urls:
try:
- response = requests.get(url)
+ response = requests.get(url, timeout=30)
+ response.raise_for_status()
content = response.content
hash_obj = hashlib.sha384(content)
base64_hash = base64.b64encode(hash_obj.digest()).decode('utf-8')
print(f"URL: {url}")
print(f"SRI: sha384-{base64_hash}")
print("-" * 20)
- except Exception as e:
+ except requests.RequestException as e:
print(f"Error fetching {url}: {e}")📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| for url in urls: | |
| try: | |
| response = requests.get(url) | |
| content = response.content | |
| hash_obj = hashlib.sha384(content) | |
| base64_hash = base64.b64encode(hash_obj.digest()).decode('utf-8') | |
| print(f"URL: {url}") | |
| print(f"SRI: sha384-{base64_hash}") | |
| print("-" * 20) | |
| except Exception as e: | |
| print(f"Error fetching {url}: {e}") | |
| for url in urls: | |
| try: | |
| response = requests.get(url, timeout=30) | |
| response.raise_for_status() | |
| content = response.content | |
| hash_obj = hashlib.sha384(content) | |
| base64_hash = base64.b64encode(hash_obj.digest()).decode('utf-8') | |
| print(f"URL: {url}") | |
| print(f"SRI: sha384-{base64_hash}") | |
| print("-" * 20) | |
| except requests.RequestException as e: | |
| print(f"Error fetching {url}: {e}") |
🧰 Tools
🪛 Ruff (0.14.14)
[error] 14-14: Probable use of requests call without timeout
(S113)
[warning] 21-21: Do not catch blind exception: Exception
(BLE001)
🤖 Prompt for AI Agents
In `@verify_sri.py` around lines 12 - 22, requests.get is called without a timeout
and without checking the HTTP response, so the script can hang or hash error
pages; update the loop to call requests.get(url, timeout=...) and immediately
verify the response (e.g., call response.raise_for_status() or check
response.ok) before computing the hash with hashlib.sha384 and base64.b64encode,
and handle requests.exceptions.Timeout and requests.exceptions.HTTPError (or
general requests.RequestException) in the except block to print a clear error
for that URL.
myoshi2891
changed the title
1 participant
No description provided.