Skip to content

Address PR #7 review feedback and add merge policy#8

Merged
klumhru merged 2 commits intomainfrom
fix/pr7-review-feedback
Mar 28, 2026
Merged

Address PR #7 review feedback and add merge policy#8
klumhru merged 2 commits intomainfrom
fix/pr7-review-feedback

Conversation

@klumhru
Copy link
Copy Markdown
Owner

@klumhru klumhru commented Mar 28, 2026

Summary

Addresses all 6 Copilot review comments from PR #7:

  1. Incomplete legal file patterns — now generated programmatically as the cross product of base names and extensions (.md, .txt, .rst), ensuring all documented variants are recognized
  2. os.Stat error handling in CopyLegalFiles — distinguishes IsNotExist from other errors instead of treating all errors as "not present"
  3. os.Stat error handling in ExtractLegalFilesFromZip — same fix
  4. Zip-slip guard in ExtractLegalFilesFromZip — uses filepath.Base + filepath.Clean and validates the destination stays within destDir
  5. Unchecked CopyFiltered error in test — now checked
  6. Missing assertion for nested LICENSE — added file count check to verify only root-level legal files are extracted

Also adds merge policy to CLAUDE.md: always wait for CI checks and Copilot review comments before merging.

Test plan

  • CI passes
  • TestIsLegalFile covers .rst and all new pattern variants
  • TestExtractLegalFilesFromZip asserts exactly 2 files extracted (no nested leaks)
  • TestCopyLegalFiles_SurvivesExcludePatterns properly checks CopyFiltered error
  • Copilot review comments addressed

🤖 Generated with Claude Code

@klumhru @claude
Address PR #7 review feedback and add merge policy to CLAUDE.md
cf1a0c0 
Fixes from Copilot review:
- Generate legal file patterns programmatically to cover all variants
  (.md, .txt, .rst) consistently
- Add proper os.Stat error handling (distinguish IsNotExist from other
  errors) in CopyLegalFiles and ExtractLegalFilesFromZip
- Add zip-slip guard in ExtractLegalFilesFromZip
- Check CopyFiltered error in test
- Assert nested legal files are not extracted from zip archives
- Expand isLegalFile test coverage for .rst and other variants

Also adds PR merge policy to CLAUDE.md: always wait for CI checks and
Copilot review comments before merging.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings March 28, 2026 12:16
Copilot AI reviewed Mar 28, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates legal-file detection/copy/extraction to address prior review feedback (correct pattern coverage, improved error handling, and safer zip extraction), and documents a PR merge policy.

Changes:

  • Generate legal filename patterns programmatically (base-name × extension) and expand test coverage (incl. .rst and ThirdPartyNotices variants).
  • Improve os.Stat handling in CopyLegalFiles / ExtractLegalFilesFromZip (treat non-IsNotExist errors as fatal) and add a zip-slip guard.
  • Strengthen tests to assert CopyFiltered errors and ensure only root-level legal files are extracted.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
internal/packager/legalfiles.go Generates legal file patterns via cross product; tightens os.Stat error handling; adds zip destination safety checks during extraction.
internal/packager/legalfiles_test.go Expands isLegalFile positive cases, checks CopyFiltered error, and adds an extracted-file count assertion to prevent nested leakage.
CLAUDE.md Adds an explicit PR/merge policy requiring CI + Copilot comment resolution before merge.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread internal/packager/legalfiles.go
Comment thread internal/packager/legalfiles_test.go Outdated
@klumhru @claude
Address Copilot review on PR #8
b387480 
- Use filepath.Rel-based containment check for zip-slip guard instead
  of string prefix comparison (handles filesystem root edge case)
- Check os.ReadDir error in test assertion

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@klumhru klumhru merged commit 6a8b8c4 into main Mar 28, 2026
1 check passed
@klumhru klumhru deleted the fix/pr7-review-feedback branch March 28, 2026 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@klumhru