Fix whitespace padding of day of month in changelog entries

[nforro]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @nforro, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an inconsistency in the formatting of the day of the month within changelog entries. The change ensures that single-digit days are correctly padded with a leading space when a specific padding style is applied, preventing misaligned dates in the generated changelog. New tests have been introduced to verify the proper application of this formatting rule.

Highlights

• Changelog Formatting: Corrected the whitespace padding for the day of the month in changelog entries to ensure consistent formatting, especially for single-digit days.
• Test Coverage: Added new unit tests to validate the corrected day of month padding logic in changelog assembly.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• specfile/changelog.py
  • Modified the f-string formatting for the day of the month to apply right-alignment with a width of 2, ensuring proper whitespace padding.
• tests/unit/test_changelog.py
  • Added two new test cases to test_get_raw_section_data to specifically verify the correct whitespace padding for single and double-digit days in changelog entries.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request fixes an issue with whitespace padding for the day of the month in changelog entries. While the change correctly handles space-padding, it introduces a regression when no padding is specified (i.e., day_of_month_padding is an empty string). In this scenario, the space between the month and a double-digit day is omitted. I've added a review comment with a suggested fix to address this regression.

[nforro]

/gemini review

[centosinfra-prod-github-app]

Build succeeded.
https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/packit-service/buildset/705afbef55354ab0a87a1799a99b66cb

✔️ pre-commit SUCCESS in 2m 07s
✔️ specfile-tests-rpm-deps SUCCESS in 1m 40s
✔️ specfile-tests-pip-deps SUCCESS in 1m 37s

[gemini-code-assist]

Code Review

This pull request aims to fix an issue with whitespace padding for the day of the month in changelog entries, correctly handling padding for both single-digit and double-digit days. However, the current implementation introduces a medium-severity Format String Injection vulnerability because the day_of_month_padding parameter is used to dynamically construct a format string without proper validation. There is also a suggestion to improve the overall readability of the implementation.

[gemini-code-assist]

The assemble method constructs a format string for timestamp.day using the day_of_month_padding parameter. This introduces a Format String Injection vulnerability, as the last character of day_of_month_padding is used as a fill character in the format specifier ({timestamp.day:{day_of_month_padding[-1]}>2}). If day_of_month_padding is user-controlled, an attacker could inject characters, potentially leading to unexpected output, file corruption, or denial of service. Although Python's format strings are generally safe, dynamic construction from external input is a security risk. Additionally, the current logic is a bit dense and could be hard to understand at a glance; consider improving readability for better maintainability.

Suggested change

	if day_of_month_padding:
	header += f" {day_of_month_padding[:-1]}{timestamp.day:{day_of_month_padding[-1]}>2}"
	if day_of_month_padding and day_of_month_padding[-1] in (' ', '0'):
	header += f" {day_of_month_padding[:-1]}{timestamp.day:{day_of_month_padding[-1]}>2}"

[nforro]

an attacker could inject characters, potentially leading to unexpected output, file corruption, or denial of service

Like what?

[centosinfra-prod-github-app]

Build succeeded (gate pipeline).
https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/packit-service/buildset/781ee18b36ec4770b4a46958848ca657

✔️ pre-commit SUCCESS in 2m 04s