diff --git a/.github/workflows/pr-codex-review.yml b/.github/workflows/pr-codex-review.yml deleted file mode 100644 index 8a8c65e..0000000 --- a/.github/workflows/pr-codex-review.yml +++ /dev/null @@ -1,138 +0,0 @@ -name: PR Codex Review - -on: - pull_request: - types: [opened, reopened, ready_for_review, synchronize] - - -permissions: - contents: read - pull-requests: write - -jobs: - codex_pr_review: - name: Codex PR Review - runs-on: ubuntu-latest - env: - REVIEW_TABLE_FALLBACK: | - | File | Concern | Recommendation | Severity | - | --- | --- | --- | --- | - | All files | No actionable feedback generated | None | info | - AZURE_OPENAI_BASE_URL: ${{ secrets.AZURE_OPENAI_BASE_URL }} - AZURE_OPENAI_MODEL: ${{ secrets.AZURE_OPENAI_MODEL || 'gpt-5-codex' }} - AZURE_OPENAI_API_KEY: ${{ secrets.AZURE_OPENAI_API_KEY }} - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Compute diff and changed files - id: diff - run: | - BASE_SHA="${{ github.event.pull_request.base.sha }}" - HEAD_SHA="${{ github.event.pull_request.head.sha }}" - - git diff --name-only "$BASE_SHA" "$HEAD_SHA" > changed_files.txt - git diff --unified=3 "$BASE_SHA" "$HEAD_SHA" > diff.patch - - if [ ! -s changed_files.txt ]; then - echo "no_changes=true" >> "$GITHUB_OUTPUT" - else - echo "no_changes=false" >> "$GITHUB_OUTPUT" - fi - - - name: Prepare fallback review - if: steps.diff.outputs.no_changes == 'true' - run: | - printf '%s' "$REVIEW_TABLE_FALLBACK" > raw_review.md - cp raw_review.md review_result.md - - - name: Install Codex CLI - if: steps.diff.outputs.no_changes == 'false' - run: | - sudo apt-get update - sudo apt-get install -y --no-install-recommends curl ca-certificates git - npm install -g @openai/codex@latest - mkdir -p ~/.codex - cat < ~/.codex/config.toml - # Set the default model and provider - model = "${AZURE_OPENAI_MODEL}" - model_provider = "azure" - preferred_auth_method = "apikey" - - # Configure the Azure provider - [model_providers.azure] - name = "Azure" - - # Make sure you set the appropriate subdomain for this URL. - base_url = "${AZURE_OPENAI_BASE_URL}/openai/v1" - env_key = "AZURE_OPENAI_API_KEY" - wire_api = "responses" - model_reasoning_effort = "high" - EOF - codex --version - - - name: Run Codex code review - if: steps.diff.outputs.no_changes == 'false' - run: | - if [ -z "$AZURE_OPENAI_API_KEY" ]; then - echo "AZURE_OPENAI_API_KEY secret is not configured." >&2 - exit 1 - fi - - HEADER="You are an expert software engineer performing a strict code review for the provided pull request diff." - RULES="Rules:\n- Output ONLY a GitHub-flavored Markdown table with exactly these columns: File | Concern | Recommendation | Severity.\n- Every row must reference a real file path from the Changed files list.\n- Severity must be one of: info, minor, major, critical.\n- If no issues are found, return a single table row with 'All files' in the File column and 'No issues found' in the Concern column.\n- Cite line numbers from the diff using the format L.\n- Do not wrap the table in backticks or add any prose before or after the table.\n- Focus on actionable feedback specific to the diff." - - CHANGED_FILES_SECTION="Changed files:\n$(cat changed_files.txt)" - DIFF_SECTION="Unified diff:\n$(cat diff.patch)" - - export CODEX_PROMPT="$HEADER\n\n$RULES\n\n$CHANGED_FILES_SECTION\n\n$DIFF_SECTION" - - printf '%s\n' "$CODEX_PROMPT" - - codex exec --full-auto "$CODEX_PROMPT" | tee codex_raw.txt >/dev/null - - printf '\n\nRaw Codex Output:\n%s\n' "$(cat codex_raw.txt)" - - sed -E 's/\x1B\[[0-9;]*[A-Za-z]//g' codex_raw.txt | tr -d '\r' > raw_review.md - - if ! grep -q '|' raw_review.md; then - printf '%s\n' "$REVIEW_TABLE_FALLBACK" > raw_review.md - fi - - - name: Normalize review table with Azure OpenAI - if: steps.diff.outputs.no_changes == 'false' - run: | - python3 -m pip install --quiet --upgrade pip 'openai>=1.45.0' - python3 scripts/normalize_review_result.py - - - name: Post review as PR comment - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - if [ -f review_result.md ]; then - BODY_FILE=review_result.md - elif [ -f raw_review.md ]; then - BODY_FILE=raw_review.md - else - printf '%s' "$REVIEW_TABLE_FALLBACK" > review_result.md - BODY_FILE=review_result.md - fi - - # Append attribution footer to the comment body - printf '\n\nReviewed by Codex\n' >> "$BODY_FILE" - - gh pr comment ${{ github.event.pull_request.number }} --body-file "$BODY_FILE" - - - name: Upload Codex raw output - if: steps.diff.outputs.no_changes == 'false' - uses: actions/upload-artifact@v4 - with: - name: codex-review-logs - path: | - codex_raw.txt - raw_review.md - review_result.md - diff.patch - changed_files.txt diff --git a/.github/workflows/pr-copilot-PII-review.yml b/.github/workflows/pr-copilot-PII-review.yml new file mode 100644 index 0000000..716c657 --- /dev/null +++ b/.github/workflows/pr-copilot-PII-review.yml @@ -0,0 +1,144 @@ +name: PR Copilot PII Review + +on: + pull_request: + types: [opened, reopened, ready_for_review, synchronize] + + +permissions: + contents: read + pull-requests: write + +jobs: + copilot_pii_review: + name: Copilot PII Review + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '22' + + - name: Compute diff and changed files + id: diff + run: | + BASE_SHA="${{ github.event.pull_request.base.sha }}" + HEAD_SHA="${{ github.event.pull_request.head.sha }}" + + git diff --name-only "$BASE_SHA" "$HEAD_SHA" > changed_files.txt + git diff --unified=3 "$BASE_SHA" "$HEAD_SHA" > diff.patch + + if [ ! -s changed_files.txt ]; then + echo "no_changes=true" >> "$GITHUB_OUTPUT" + else + echo "no_changes=false" >> "$GITHUB_OUTPUT" + fi + + - name: Install Copilot CLI + if: steps.diff.outputs.no_changes == 'false' + run: | + npm install -g @github/copilot + copilot --version + + - name: Run Copilot PII review + env: + GITHUB_TOKEN: ${{ secrets.COPILOT_CLI_PAT }} + if: steps.diff.outputs.no_changes == 'false' + run: | + if [ -z "$GITHUB_TOKEN" ]; then + echo "GITHUB_TOKEN secret is not configured." >&2 + exit 1 + fi + + printf 'GITHUB_TOKEN is set: ${{secrets.COPILOT_CLI_PAT}}' + + HEADER="You are a professional security expert specializing in PII (Personally Identifiable Information) detection. The current working directory is a Git repository undergoing a Pull Request code review." + + REVIEW_REQUIREMENTS="**Review Task**: + Analyze the provided code diff for potential PII exposure and privacy concerns. + + **Changed Files**: $(cat changed_files.txt | tr '\n' ', ' | sed 's/,$//') + + **Review Requirements**: + Please focus on the following PII-related aspects and provide a detailed security review: + 1. Direct PII exposure (names, emails, phone numbers, addresses, SSN, credit card numbers, etc.) + 2. Indirect PII that could identify individuals when combined + 3. Hardcoded credentials, API keys, or tokens + 4. Logging or printing of sensitive user data + 5. Insufficient data masking or anonymization + 6. PII stored in comments, test data, or configuration files + 7. Potential GDPR, CCPA, or other privacy regulation violations" + + RULES="**Output Format Requirements**: + Provide specific, actionable feedback including: + 1. Relevant file names and line numbers + 2. Clear issue descriptions + 3. Concrete fix recommendations + 4. Severity levels (info, minor, major, critical) + 5. Organize the review report in markdown format with clear section structure + + **Mandatory Requirements**: + 1. Base your review on the actual diff content provided below + 2. Provide comprehensive PII analysis with specific examples where applicable + 3. Prioritize critical privacy concerns that could lead to data breaches" + + REVIEW_FALLBACK="No Personally Identifiable Information (PII) exposure or privacy concerns were detected in the analyzed code changes." + + DIFF_SECTION="**Unified diff**:\n$(cat diff.patch)" + + export COPILOT_PROMPT="$HEADER\n\n$REVIEW_REQUIREMENTS\n\n$RULES\n\n$DIFF_SECTION" + + printf '%s\n' "$COPILOT_PROMPT" + + copilot -p "$COPILOT_PROMPT" | tee copilot_raw.txt >/dev/null + + printf '\n\nRaw Copilot Output:\n%s\n' "$(cat copilot_raw.txt)" + + sed -E 's/\x1B\[[0-9;]*[A-Za-z]//g' copilot_raw.txt | tr -d '\r' > raw_review.md + + if ! grep -q '|' raw_review.md; then + printf '%s\n' "$REVIEW_FALLBACK" > raw_review.md + fi + + - name: Format review output + run: | + PR_NUMBER="${{ github.event.pull_request.number }}" + + cat > review_result.md < #include + + class Data { public: std::string name; diff --git a/github-copilot-features/refactor/nullptrtest.cpp b/github-copilot-features/refactor/nullptrtest.cpp new file mode 100644 index 0000000..7ab58db --- /dev/null +++ b/github-copilot-features/refactor/nullptrtest.cpp @@ -0,0 +1,58 @@ +#include +#include +#include + +class Data { +public: + std::string name; + int value; + Data(std::string n, int v) : name(n), value(v) {} +}; + + + + +class Container { +private: + std::vector dataList; + +public: + void addData(Data* data) { + dataList.push_back(data); + } + + Data* findData(const std::string& name) { + for (auto data : dataList) { + if (data && data->name == name) { + return data; + } + } + return nullptr; + } +}; + +class Processor { +private: + Container* container; + +public: + Processor(Container* c) : container(c) {} + + void processData(const std::string& name) { + Data* data = container->findData(name); + + std::cout << "Processing data: " << data->name << ", value: " << data->value << std::endl; + } +}; + +int main() { + Container container; + container.addData(new Data("item1", 10)); + container.addData(new Data("item2", 20)); + + Processor processor(&container); + processor.processData("item1"); + processor.processData("item3"); + + return 0; +} \ No newline at end of file