Skip to content

upgrade ds9, add tests, move internal to pkg#64

Merged
tstromberg merged 2 commits intomainfrom
reliable
Oct 29, 2025
Merged

upgrade ds9, add tests, move internal to pkg#64
tstromberg merged 2 commits intomainfrom
reliable

Conversation

@tstromberg
Copy link
Copy Markdown
Member

@tstromberg tstromberg commented Oct 29, 2025

No description provided.

@kusari-inspector
Copy link
Copy Markdown

kusari-inspector bot commented Oct 29, 2025

Kusari Inspector

Kusari Analysis Results:

Do not proceed without addressing issues

Caution

Flagged Issues Detected
These changes contain flagged issues that may introduce security risks.

While the dependency analysis shows positive changes with no security vulnerabilities and reduced attack surface, the code analysis identifies 6 critical nil pointer dereference issues in GitHub API calls that could cause runtime panics and service disruption. These medium-impact issues in core GitHub integration functionality pose immediate operational risk that outweighs the dependency improvements. The fixes are straightforward - adding nil checks before accessing resp.StatusCode - and should be implemented before merging to prevent potential service crashes.

Note

View full detailed analysis result for more information on the output and the checks that were run.

Required Code Mitigations

Add nil check before accessing resp variable to prevent potential panic

pr, resp, err = c.client.PullRequests.Get(ctx, owner, repo, number)
if err != nil {
    if resp != nil && resp.StatusCode == http.StatusNotFound {
        return retry.Unrecoverable(err)
    }
    slog.Warn("failed to get PR, retrying", "owner", owner, "repo", repo, "number", number, "error", err)
    return err
}

Add nil check before accessing resp variable to prevent potential panic

allPRs, resp, err = c.client.PullRequests.ListPullRequestsWithCommit(ctx, owner, repo, sha, &github.PullRequestListOptions{State: "all"})
if err != nil {
    if resp != nil && resp.StatusCode == http.StatusNotFound {
        return retry.Unrecoverable(err)
    }
    return err
}

Add nil check before accessing resp variable to prevent potential panic

installations, resp, err = appClient.Apps.ListInstallations(ctx, &github.ListOptions{PerPage: 100})
if err != nil {
    if resp != nil && resp.StatusCode == http.StatusUnauthorized {
        slog.Error("GitHub App authentication failed", "app_id", m.appID, "hint", "Check that your GitHub App ID and private key are correct")
        return retry.Unrecoverable(err)
    }
    slog.Warn("failed to list installations, retrying", "error", err)
    return err
}

Add nil check before accessing resp variable to prevent potential panic

pr, resp, err = c.client.PullRequests.Get(ctx, owner, repo, number)
if err != nil {
    if resp != nil && resp.StatusCode == http.StatusNotFound {
        return retry.Unrecoverable(err)
    }
    slog.Warn("failed to get PR, retrying", "owner", owner, "repo", repo, "number", number, "error", err)
    return err
}

Add nil check before accessing resp variable to prevent potential panic

allPRs, resp, err = c.client.PullRequests.ListPullRequestsWithCommit(ctx, owner, repo, sha, &github.PullRequestListOptions{State: "all"})
if err != nil {
    if resp != nil && resp.StatusCode == http.StatusNotFound {
        return retry.Unrecoverable(err)
    }
    return err
}

Add nil check before accessing resp variable to prevent potential panic

installations, resp, err = appClient.Apps.ListInstallations(ctx, &github.ListOptions{PerPage: 100})
if err != nil {
    if resp != nil && resp.StatusCode == http.StatusUnauthorized {
        slog.Error("GitHub App authentication failed", "app_id", m.appID, "hint", "Check that your GitHub App ID and private key are correct")
        return retry.Unrecoverable(err)
    }
    slog.Warn("failed to list installations, retrying", "error", err)
    return err
}

@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 677f723, performed at: 2025-10-29T17:35:34Z

Found this helpful? Give it a 👍 or 👎 reaction!

kusari-inspector[bot]
kusari-inspector bot reviewed Oct 29, 2025
View reviewed changes
kusari-inspector[bot]
kusari-inspector bot reviewed Oct 29, 2025
View reviewed changes
kusari-inspector[bot]
kusari-inspector bot reviewed Oct 29, 2025
View reviewed changes
@tstromberg tstromberg merged commit c2f7c04 into main Oct 29, 2025
0 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@kusari-inspector kusari-inspector[bot] kusari-inspector[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tstromberg