Conversation
🔍 Deadcode AnalysisFound 0 unreachable functions in the backend. View detailsOnly remove deadcode that you know is 100% no longer used.
|
|
This pull request has merge conflicts. Please resolve the conflicts so the PR can stay up-to-date and reviewed. |
852de7c to
09e3a2f
Compare
|
Container images for this PR have been built successfully!
Built from commit 5f57327 |
|
This pull request has merge conflicts. Please resolve the conflicts so the PR can stay up-to-date and reviewed. |
|
This pull request has merge conflicts. Please resolve the conflicts so the PR can stay up-to-date and reviewed. |
Bundle ReportChanges will decrease total bundle size by 238.33kB (-0.27%) ⬇️. This is within the configured threshold ✅ Detailed changes
ℹ️ *Bundle size includes cached data from a previous commit Affected Assets, Files, and Routes:view changes for bundle: arcane-frontend-__sveltekit_1qbmeo1.app-server-esmAssets Changed:
Files in
Files in
App Routes Affected:
view changes for bundle: arcane-frontend-__sveltekit_1rjdl2c.app-server-esmAssets Changed:
Files in
Files in
App Routes Affected:
view changes for bundle: arcane-frontend-__sveltekit_1rjdl2c.app-client-esmAssets Changed:
Files in
Files in
App Routes Affected:
view changes for bundle: arcane-frontend-__sveltekit_1qbmeo1.app-client-esmAssets Changed:
Files in
Files in
App Routes Affected:
|
|
This pull request has merge conflicts. Please resolve the conflicts so the PR can stay up-to-date and reviewed. |
|
Container images for this PR have been built successfully!
Built from commit 717aee7 |
|
This pull request has merge conflicts. Please resolve the conflicts so the PR can stay up-to-date and reviewed. |
|
How is this PR coming along? Custom project files is one of the few things missing for me to fuilly adopt arcane; primarily because some containers want you to map to a file directly and being able to add a file via arcane would mean that I don't have to open an editor or terminal to make changes. Edit: How would this tie into something like: #1282 |
|
Closing this for now due to all of the conflicts, Will try to do it for 1.17.0, |
Disclaimer Greptiles Reviews use AI, make sure to check over its work.
To better help train Greptile on our codebase, if the comment is useful and valid Like the comment, if its not helpful or invalid Dislike
Greptile Summary
This PR introduces custom project files functionality, allowing users to add arbitrary files within their project folders and configure external paths via
ALLOWED_EXTERNAL_PATHS. The implementation includes a comprehensive security layer with path validation, symlink resolution, and boundary checking.Major Changes:
fs_secure.go) with symlink-aware path validation preventing traversal attacksALLOWED_EXTERNAL_PATHSfor controlled external file access.env,.arcane) at project rootSecurity Implementation:
ValidatePathfunction usesfilepath.EvalSymlinksto resolve symlinks before boundary checksArchitecture:
The refactoring consolidates previously scattered path validation logic into a single, well-tested security module. Include files and custom files now share the same validation code path, reducing inconsistency risk.
Confidence Score: 4/5
fs_secure.go) properly handles edge cases like symlink escapes and path traversal. Previous review comments identified legitimate security concerns (symlink validation in one function, error handling) that should be addressed. The feature is well-architected with clear separation of concerns between handlers, services, and security utilities.backend/internal/utils/projects/custom_files.gofor symlink validation and error handling issuesImportant Files Changed
ResolveFilePath,IsWithinDirectory, andValidatePathfunctions.CreateProjectCustomFile,UpdateProjectCustomFile,RemoveProjectCustomFile). All properly validate paths using the new security module before operations.Context used:
dashboard- GoLang Best Practicesdescription: 'Instructions for writing Go code following idiomatic Go pra... (source)