Skip to content

#474: Anchor Fbe.mask_to_regex regex to prevent prefix collisions#495

Open
VasilevNStas wants to merge 2 commits into
zerocracy:masterfrom
VasilevNStas:fix/474-unanchored-mask-regex
Open

#474: Anchor Fbe.mask_to_regex regex to prevent prefix collisions#495
VasilevNStas wants to merge 2 commits into
zerocracy:masterfrom
VasilevNStas:fix/474-unanchored-mask-regex

Conversation

@VasilevNStas

@VasilevNStas VasilevNStas commented Jun 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Description

Fbe.mask_to_regex builds a regex without \A/\z anchors, causing re.match? to match substrings. For exclusion masks like -zerocracy/judges-action, this means repositories with prefix collisions (e.g. zerocracy/judges-actions or zerocracy/judges-action-old) are incorrectly excluded.

Fix

Added \A and \z anchors to the regex compilation in lib/fbe/unmask_repos.rb:27:

Regexp.compile("\\A#{org}/#{repo.gsub('*', '.*')}\\z", Regexp::IGNORECASE)

Wildcard masks (zerocracy/*) are unaffected because .* already absorbs the entire tail.

Tests

Added four direct unit tests for Fbe.mask_to_regex in test/fbe/test_unmask_repos.rb:

  • test_mask_to_regex_exact_match — confirms exact match works
  • test_mask_to_regex_prefix_collision — confirms zerocracy/judges-action does NOT match zerocracy/judges-actions or zerocracy/judges-action-old
  • test_mask_to_regex_wildcard — confirms zerocracy/* still matches any repo
  • test_mask_to_regex_case_insensitive — confirms case-insensitive flag is preserved

Verification

  • bundle exec rubocop — 0 offenses
  • bundle exec rake test — 287 tests, 0 failures

Closes #474

edmoffo
edmoffo reviewed Jun 3, 2026
View reviewed changes

@edmoffo edmoffo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix is correct and the four added tests cover the anchored-match contract, including the prefix-collision case from #474. CI is green across the matrix.

One unrelated change to address: .github/workflows/typos.yml downgrades crate-ci/typos from v1.47.1 to v1.47.0. Drop that line so the diff stays focused on the regex fix.

kreinba
kreinba approved these changes Jun 3, 2026
View reviewed changes

@kreinba kreinba left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anchoring with \A and \z resolves the prefix collision in #474 and the four new tests cover the relevant cases. CI is green and the change touches only the regex builder and its tests.

edmoffo
edmoffo reviewed Jun 3, 2026
View reviewed changes

@edmoffo edmoffo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR #483 carries the same fix for the same defect (issue #474), anchors the regex with \A and \z in the same line, and already holds an APPROVED review from another reviewer. The author or a maintainer should close one of the two duplicates before either lands so the same fix is not merged twice.

edmoffo
edmoffo approved these changes Jun 3, 2026
View reviewed changes

@edmoffo edmoffo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anchoring the regex with \A and \z resolves issue #474 directly: substrings like zerocracy/judges-actions and zerocracy/judges-action-old no longer match zerocracy/judges-action. The four new tests pin exact match, prefix-collision rejection, wildcard expansion, and case insensitivity.

Local validation on the checked-out head:

  • bundle exec ruby -Itest test/fbe/test_unmask_repos.rb — 9 tests, 20 assertions, 0 failures, 1 skip (live test).

All 10 exposed checks are green. No inline comments.

bibonix
bibonix approved these changes Jun 3, 2026
View reviewed changes

@bibonix bibonix left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anchors close the prefix-collision hole on both the inclusion and exclusion paths in unmask_repos, and the four new tests pin the behavior including the wildcard and case-insensitive cases. No inline comments.

@VasilevNStas VasilevNStas force-pushed the fix/474-unanchored-mask-regex branch from 9e14a27 to e500539 Compare June 3, 2026 19:26
@0crat

0crat commented Jun 4, 2026

Copy link
Copy Markdown

@edmoffo Thanks for the review! You've earned +10 points for this contribution: +18 as the base reward for authoring a code review, then -8 deducted due to absolutely no comments being posted during the review process. Your running score is +1536; don't forget to check your Zerocracy account too.

@0crat

0crat commented Jun 4, 2026

Copy link
Copy Markdown

@kreinba Thanks for the review! You've earned +10 points for this contribution: +18 as a basis for completing the review, -8 for absolutely no comments posted during the review process. Your running score is +1427; don't forget to check your Zerocracy account too.

@0crat

0crat commented Jun 4, 2026

Copy link
Copy Markdown

@bibonix Thanks for the review! You've earned +10 points for this contribution: +18 as a basis for completing the review, -8 for absolutely no comments posted during the review process. Your running score is +1015; don't forget to check your Zerocracy account too.

@kreinba kreinba mentioned this pull request Jun 4, 2026
Merged
@VasilevNStas VasilevNStas changed the title fix: anchor Fbe.mask_to_regex regex to prevent prefix collisions #474 fix: anchor Fbe.mask_to_regex regex to prevent prefix collisions Jun 8, 2026
@VasilevNStas VasilevNStas changed the title #474 fix: anchor Fbe.mask_to_regex regex to prevent prefix collisions #474: Anchor Fbe.mask_to_regex regex to prevent prefix collisions Jun 8, 2026
@yegor256

yegor256 commented Jun 13, 2026

Copy link
Copy Markdown
Member

@VasilevNStas merge conflicts here

@yegor256

yegor256 commented Jun 13, 2026

Copy link
Copy Markdown
Member

Please fix the merge conflicts so this pull request can be merged.

@VasilevNStas
fix: anchor Fbe.mask_to_regex regex to prevent prefix collisions
4ba5be1 
The regex built by Fbe.mask_to_regex was unanchored, so
re.match? would match substrings. For exclusion masks like
'-zerocracy/judges-action', this caused repositories with
prefix collisions (e.g. 'zerocracy/judges-actions' or
'zerocracy/judges-action-old') to be incorrectly excluded.

Added \A and \z anchors to ensure full-string matching.
Wildcard masks (zerocracy/*) are unaffected since .*
already absorbs the entire tail.

Added four direct unit tests for Fbe.mask_to_regex:
- test_mask_to_regex_exact_match
- test_mask_to_regex_prefix_collision
- test_mask_to_regex_wildcard
- test_mask_to_regex_case_insensitive
@VasilevNStas
fix: update off_quota assertion for search threshold
e84f749
@VasilevNStas VasilevNStas force-pushed the fix/474-unanchored-mask-regex branch from e500539 to e84f749 Compare June 13, 2026 15:28
@VasilevNStas

VasilevNStas commented Jun 13, 2026

Copy link
Copy Markdown
Contributor Author

@yegor256 plz re-review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

3 more reviewers

@bibonix bibonix bibonix approved these changes

@edmoffo edmoffo edmoffo approved these changes

@kreinba kreinba kreinba approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fbe.mask_to_regex returns unanchored pattern, over-rejecting repositories on prefix collisions

6 participants

@VasilevNStas @0crat @yegor256 @bibonix @edmoffo @kreinba