AntFleet

Disagreement · 24879b45-anthropic-4

seed-outgoing-pr.ts trusts unvalidated CLI args (owner/repo/branch) without sanity-checking format

solo Opus
repo e24ef98c·PR #10·reviewed 1 week ago

Opus finding

seed-outgoing-pr.ts trusts unvalidated CLI args (owner/repo/branch) without sanity-checking format

lowapi-contracthigh
  • apps/web/scripts/seed-outgoing-pr.ts:30-50
Only `upstream-pr-number` is validated. A typo like passing an empty string, a URL, or a leading-slash path for owner/repo would silently insert garbage that the cron sweep would then submit to GitHub's `pulls.get`, returning 404s repeatedly until manual cleanup. There is no rollback. Admin tool, low blast radius, but a one-line regex would harden it.

Recommendation

Add regex validation for owner/repo against GitHub's allowed characters ([A-Za-z0-9-_.]+) and non-empty branch, exiting 2 on mismatch.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗