Low Priority changes #35
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Summary of ChangesHello @learnthusalearner, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request refines the error message presented by a Semgrep rule designed to flag the use of Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the message for the pull-request-target-needs-exception semgrep rule to be more explicit about the risks. The change is good, but the YAML formatting for the multi-line message can be improved to ensure newlines are preserved for better readability in the output, as noted in the specific comment.
| message: 'pull_request_target is a high-risk event and should only be used in exceptional cases. | ||
| Please choose a safer trigger whenever possible. | ||
| If you are certain this workflow requires pull_request_target, you may dismiss this alert and proceed with the merge. | ||
| For more details, see: https://google.github.io/github-team/semgrep-rules/pull-request-target-needs-exception.html' |
There was a problem hiding this comment.
The new message is much clearer. However, by using a single-quoted string ('...'), the newlines will be folded into spaces, resulting in a single long line of text. If you intend for the message to have line breaks for better readability in the Semgrep output, you should use a literal block scalar (|). This will preserve the newlines and make the message easier to read. The trailing double spaces at the end of sentences are also no longer necessary with this change.
message: |
pull_request_target is a high-risk event and should only be used in exceptional cases.
Please choose a safer trigger whenever possible.
If you are certain this workflow requires pull_request_target, you may dismiss this alert and proceed with the merge.
For more details, see: https://google.github.io/github-team/semgrep-rules/pull-request-target-needs-exception.html1 participant
Error definition changes