refactor(config): refactor config package #6782
Open
+2,576
−1,521
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
1 similar comment
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
![ellipsis-dev[bot]](https://avatars.githubusercontent.com/in/64358?s=60&v=4){kind=small}
There was a problem hiding this comment.
👍 Looks good to me! Reviewed everything up to ae5ba2b in 1 minute and 44 seconds
More details
- Looked at
1775lines of code in34files - Skipped
0files when reviewing. - Skipped posting
4drafted comments based on config settings.
1. pkg/config/conf.go:28
- Draft comment:
The comment on line 28 is misleading. It should clarify that the function merges the input configuration at a specified path within the current configuration. - Reason this comment was not posted:
Confidence changes required:50%
The comment on line 28 incorrectly states that the function merges the current configuration with the input configuration. This is misleading as the function actually merges the input configuration at a specified path within the current configuration.
2. pkg/config/uri.go:10
- Draft comment:
The comment on line 10 is misleading. It should clarify that the regex matches a specific format of URI, not the entire URI definition. - Reason this comment was not posted:
Confidence changes required:50%
The comment on line 10 inpkg/config/uri.gois misleading. It states that the regex complies with the URI definition, but it only matches a specific format of URI. This should be clarified.
3. pkg/web/config.go:10
- Draft comment:
The comment on line 10 is outdated. It should reflect that the Config satisfies the new config.Config interface, not confmap.Config. - Reason this comment was not posted:
Confidence changes required:50%
The comment on line 10 inpkg/web/config.gois misleading. It states that the Config satisfies the confmap.Config interface, but it should be updated to reflect the new config.Config interface.
4. pkg/web/router/router.go:1
- Draft comment:
Avoid using thecomponent/index.tsxfile structure approach, as it makes it difficult to debug and find components using global search tools like VS Code. - Reason this comment was not posted:
Comment was on unchanged code.
Workflow ID: wflow_XloMbrlpzoO23qs6
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
vikrantgupta25
previously approved these changes
Jan 9, 2025
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
There was a problem hiding this comment.
👍 Looks good to me! Incremental review on 4c94386 in 1 minute and 31 seconds
More details
- Looked at
2466lines of code in40files - Skipped
0files when reviewing. - Skipped posting
4drafted comments based on config settings.
1. pkg/signoz/signoz.go:24
- Draft comment:
Add error handling for unrecognized cache providers to prevent potential nil pointer dereference. - Reason this comment was not posted:
Comment was not on a valid diff hunk.
2. pkg/signoz/signoz.go:46
- Draft comment:
Add error handling for web initialization to prevent potential nil pointer dereference. - Reason this comment was not posted:
Comment was not on a valid diff hunk.
3. pkg/signoz/signoz.go:57
- Draft comment:
Add error handling for sqlStore initialization to prevent potential nil pointer dereference. - Reason this comment was not posted:
Comment looked like it was already resolved.
4. pkg/query-service/app/server.go:27
- Draft comment:
Avoid using thecomponent/index.tsxfile structure approach, as it makes it difficult to debug and find components using global search tools like VS Code. - Reason this comment was not posted:
Comment was not on a valid diff hunk.
Workflow ID: wflow_SdvgtI8IbXj32Z5C
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
There was a problem hiding this comment.
👍 Looks good to me! Incremental review on 5d26d2b in 1 minute and 8 seconds
More details
- Looked at
170lines of code in5files - Skipped
0files when reviewing. - Skipped posting
3drafted comments based on config settings.
1. pkg/query-service/app/integrations/manager.go:126
- Draft comment:
Removing error handling forNewInstalledIntegrationsSqliteRepocan lead to runtime errors if the database is not properly initialized. Consider re-adding error handling to ensure robustness. - Reason this comment was not posted:
Decided after close inspection that this draft comment was likely wrong and/or not actionable:
- Without seeing NewInstalledIntegrationsSqliteRepo implementation, I can't be certain if it can fail. 2. The change suggests the function was modified to not return an error anymore. 3. If the function signature changed, then error handling would be unnecessary. 4. The code compiles, suggesting the function signature must have changed. 5. The PR author likely made this change intentionally after determining errors weren't possible.
I don't have access to the NewInstalledIntegrationsSqliteRepo implementation or its changes. The comment could be valid if that function can still fail at runtime.
Since the code compiles, the function signature must have changed to not return an error. The PR author likely determined error handling wasn't needed and simplified the API.
Without seeing the NewInstalledIntegrationsSqliteRepo implementation or its changes, I cannot verify if error handling is actually needed. The comment makes assumptions without full context.
2. pkg/query-service/app/integrations/test_utils.go:18
- Draft comment:
Removing error handling forNewInstalledIntegrationsSqliteRepocan lead to runtime errors if the database is not properly initialized. Consider re-adding error handling to ensure robustness. This is also applicable inNewTestIntegrationsManager. - Reason this comment was not posted:
Decided after close inspection that this draft comment was likely wrong and/or not actionable:
This is a test utility function, and test utilities often simplify error handling for cleaner tests. The database is created using NewQueryServiceDBForTests which likely handles setup validation. Since this is test code, a panic on initialization failure is actually preferable to error propagation. The comment seems to be applying production code standards to test code.
I could be wrong about the database initialization being validated in NewQueryServiceDBForTests. There could be valid reasons to handle errors even in test code.
Even if the database initialization isn't fully validated elsewhere, having a test utility panic on setup failure is a valid and common pattern - it fails fast and makes test failures more obvious.
The comment should be deleted as it's applying overly strict standards to test code where simplified error handling is acceptable and often preferred.
3. pkg/query-service/app/integrations/manager.go:126
- Draft comment:
TheNewInstalledIntegrationsSqliteRepofunction no longer returns an error, so the error handling inNewManageris unnecessary and should be removed. - Reason this comment was not posted:
Comment looked like it was already resolved.
Workflow ID: wflow_BOx5CKlqmlQpyfHW
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
There was a problem hiding this comment.
👍 Looks good to me! Incremental review on 0c3af05 in 1 minute and 5 seconds
More details
- Looked at
106lines of code in5files - Skipped
0files when reviewing. - Skipped posting
5drafted comments based on config settings.
1. ee/query-service/app/server.go:210
- Draft comment:
The removal of the 'engine' parameter from theNewLogParsingPipelinesControllerfunction call is consistent with the refactoring goal. Ensure that this parameter is not used elsewhere in the function. - Reason this comment was not posted:
Confidence changes required:20%
The removal of the 'engine' parameter from the function signature is consistent across all instances where the function is called. This change aligns with the refactoring goal of removing unnecessary parameters.
2. pkg/query-service/agentConf/manager.go:42
- Draft comment:
The removal of the 'DBEngine' field from theManagerOptionsstruct is consistent with the refactoring goal. Ensure that this field is not used elsewhere in the code. - Reason this comment was not posted:
Confidence changes required:20%
The removal of the 'DBEngine' field from theManagerOptionsstruct is consistent across all instances where the struct is used. This change aligns with the refactoring goal of removing unnecessary fields.
3. pkg/query-service/app/logparsingpipeline/controller.go:30
- Draft comment:
The removal of the 'engine' parameter from theNewLogParsingPipelinesControllerfunction call is consistent with the refactoring goal. Ensure that this parameter is not used elsewhere in the function. - Reason this comment was not posted:
Confidence changes required:20%
The removal of the 'engine' parameter from the function signature is consistent across all instances where the function is called. This change aligns with the refactoring goal of removing unnecessary parameters.
4. pkg/query-service/tests/integration/logparsingpipeline_test.go:487
- Draft comment:
The removal of the 'DBEngine' field from theManagerOptionsstruct is consistent with the refactoring goal. Ensure that this field is not used elsewhere in the code. - Reason this comment was not posted:
Confidence changes required:20%
The removal of the 'DBEngine' field from theManagerOptionsstruct is consistent across all instances where the struct is used. This change aligns with the refactoring goal of removing unnecessary fields.
5. pkg/query-service/app/server.go:174
- Draft comment:
Avoid using inline styles in React components. Use external stylesheets, CSS classes, or styled components instead. This is also applicable in other parts of the code where inline styles are used. - Reason this comment was not posted:
Comment was not on a valid diff hunk.
Workflow ID: wflow_8M11gtu6Fo1lD3Vp
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
There was a problem hiding this comment.
👍 Looks good to me! Incremental review on e1cb905 in 38 seconds
More details
- Looked at
241lines of code in5files - Skipped
0files when reviewing. - Skipped posting
3drafted comments based on config settings.
1. pkg/sqlstore/config.go:36
- Draft comment:
The increase inMaxOpenConnsfrom 10 to 100 should be justified. Ensure the system can handle this increase without resource exhaustion. - Reason this comment was not posted:
Confidence changes required:50%
The change inMaxOpenConnsfrom 10 to 100 inpkg/sqlstore/config.gois significant and should be justified. Increasing the number of open connections can improve performance by allowing more concurrent database operations, but it can also lead to resource exhaustion if not managed properly. It's important to ensure that the system can handle this increase without negative side effects.
2. pkg/sqlstore/provider/sqlite/provider.go:33
- Draft comment:
The log message includes?_foreign_keys=truein the path, which might be misleading as it's not part of the actual connection string. Consider aligning the log message with the actual connection string or explaining the discrepancy. - Reason this comment was not posted:
Confidence changes required:50%
The connection string for SQLite inpkg/sqlstore/provider/sqlite/provider.goincludes?_foreign_keys=truein the log message but not in the actual connection string. This could lead to confusion as the log message suggests foreign keys are enabled by default, which is not the case unless explicitly set in the connection string or via PRAGMA command.
3. pkg/sqlstore/provider/sqlite/provider.go:5
- Draft comment:
Avoid using thecomponent/index.tsxfile structure approach, as it makes it difficult to debug and find components using global search tools. - Reason this comment was not posted:
Comment was on unchanged code.
Workflow ID: wflow_WX037G8SS8Azkp3M
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
There was a problem hiding this comment.
👍 Looks good to me! Incremental review on 2060905 in 36 seconds
More details
- Looked at
75lines of code in2files - Skipped
0files when reviewing. - Skipped posting
2drafted comments based on config settings.
1. pkg/sqlstore/provider/sqlite/provider.go:30
- Draft comment:
The refactor removed the explicit enabling of foreign key support usingPRAGMA foreign_keys = ON;. Ensure that foreign key constraints are enforced as expected, as SQLite does not enable them by default. - Reason this comment was not posted:
Comment did not seem useful.
2. pkg/sqlstore/provider/sqlite/provider.go:30
- Draft comment:
Avoid using inline styles in React components. Use external stylesheets, CSS classes, or styled components instead. This comment applies to other instances of inline styles in the code as well. - Reason this comment was not posted:
Comment was on unchanged code.
Workflow ID: wflow_iCItnw1uPH1tsZFP
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
grandwizard28
force-pushed
the
pkg/config
branch
from
2060905 to
e9decec
Compare
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
There was a problem hiding this comment.
👍 Looks good to me! Incremental review on e9decec in 37 seconds
More details
- Looked at
76lines of code in4files - Skipped
0files when reviewing. - Skipped posting
4drafted comments based on config settings.
1. pkg/query-service/utils/testutils.go:18
- Draft comment:
The functionNewQueryServiceDBForTestsis a good refactor as it encapsulates the setup of a test database, including migrations and DAO initialization, providing a cleaner and more reliable test setup. - Reason this comment was not posted:
Confidence changes required:0%
The functionNewQueryServiceDBForTestsinpkg/query-service/utils/testutils.gois responsible for setting up a test database. It creates a temporary SQLite database file, initializes the SQL store, runs migrations, and initializes the DAO and dashboards. This function is used in the test files to provide a test database instance. The refactoring seems to replace the previousNewTestSqliteDBfunction with this new function, which is more comprehensive and encapsulates the setup process better.
2. ee/query-service/app/server.go:206
- Draft comment:
Refactored to usesignoz.SqlStore.Provider().SqlxDB()for initializingcloudIntegrationsController, which centralizes database access and reduces redundancy. - Reason this comment was not posted:
Confidence changes required:0%
The refactor inee/query-service/app/server.goandpkg/query-service/app/server.gochanges the way thecloudIntegrationsControlleris initialized. It now usessignoz.SqlStore.Provider().SqlxDB()instead oflocalDB. This change aligns with the refactor goal of removing upstream dependencies and centralizing the database access throughsignoz.SqlStore. This is a positive change as it reduces redundancy and potential inconsistencies in database access.
3. pkg/query-service/app/cloudintegrations/controller_test.go:15
- Draft comment:
ReplacedNewTestSqliteDBwithNewQueryServiceDBForTestsfor better encapsulation of test database setup, improving test reliability. - Reason this comment was not posted:
Confidence changes required:0%
The refactor inpkg/query-service/app/cloudintegrations/controller_test.goreplacesNewTestSqliteDBwithNewQueryServiceDBForTests. This change is consistent with the refactor goal of centralizing test database setup. The new function encapsulates the setup process better, including migrations and DAO initialization, which improves test reliability.
4. pkg/query-service/app/server.go:177
- Draft comment:
Refactored to usesignoz.SqlStore.Provider().SqlxDB()for initializingcloudIntegrationsController, aligning with the goal of centralizing database access. - Reason this comment was not posted:
Confidence changes required:0%
The refactor inpkg/query-service/app/server.gochanges the initialization ofcloudIntegrationsControllerto usesignoz.SqlStore.Provider().SqlxDB(). This aligns with the refactor goal of centralizing database access and removing upstream dependencies, which is a positive change for maintainability and consistency.
Workflow ID: wflow_5fjNCUa3QKXZ0UzS
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
There was a problem hiding this comment.
👍 Looks good to me! Incremental review on 50a06d1 in 48 seconds
More details
- Looked at
71lines of code in2files - Skipped
0files when reviewing. - Skipped posting
2drafted comments based on config settings.
1. pkg/sqlstore/migrations/007_add_integrations.go:37
- Draft comment:
Consider implementing theDownmethod to make the migration reversible. This will help in rolling back the migration if needed. - Reason this comment was not posted:
Comment was not on a valid diff hunk.
2. pkg/sqlstore/migrations/007_add_integrations.go:40
- Draft comment:
Do not add non-ClickHouse related functions to the ClickHouseReader interface. Use the DAO in the telemetry instance to access such information instead. - Reason this comment was not posted:
Comment was not on a valid diff hunk.
Workflow ID: wflow_DU2eZElvH4qeMJOr
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
grandwizard28
force-pushed
the
pkg/config
branch
from
e35d1c2 to
288747a
Compare
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
1 similar comment
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
There was a problem hiding this comment.
👍 Looks good to me! Incremental review on e35d1c2 in 1 minute and 26 seconds
More details
- Looked at
2165lines of code in41files - Skipped
0files when reviewing. - Skipped posting
6drafted comments based on config settings.
1. ee/query-service/app/server.go:115
- Draft comment:
The refactoring replacesSqlStore.Provider().SqlxDB()withSQLStore.SQLxDB(). Ensure that this change is consistent across the codebase and aligns with the refactoring goal to remove upstream dependencies. - Reason this comment was not posted:
Confidence changes required:20%
The refactoring seems to have removed theSqlStore.Provider().SqlxDB()calls and replaced them withSQLStore.SQLxDB(). This change is consistent across the files and aligns with the refactoring goal to remove upstream dependencies.
2. ee/query-service/main.go:148
- Draft comment:
The introduction of theinstrumentationpackage and its usage to create anInstrumentationinstance is a good practice. It modularizes the code and separates concerns. - Reason this comment was not posted:
Confidence changes required:10%
The refactoring introduces a newinstrumentationpackage and uses it to create anInstrumentationinstance. This is a good practice as it modularizes the code and separates concerns.
3. pkg/cache/config.go:28
- Draft comment:
The introduction of thefactorypackage to handle configuration and provider creation centralizes the creation logic and makes the code more maintainable. - Reason this comment was not posted:
Confidence changes required:10%
The refactoring introduces a newfactorypackage to handle configuration and provider creation. This is a good practice as it centralizes the creation logic and makes the code more maintainable.
4. pkg/sqlstore/config.go:30
- Draft comment:
The introduction of thefactorypackage to handle configuration and provider creation centralizes the creation logic and makes the code more maintainable. - Reason this comment was not posted:
Confidence changes required:10%
The refactoring introduces a newfactorypackage to handle configuration and provider creation. This is a good practice as it centralizes the creation logic and makes the code more maintainable.
5. pkg/web/config.go:18
- Draft comment:
The introduction of thefactorypackage to handle configuration and provider creation centralizes the creation logic and makes the code more maintainable. - Reason this comment was not posted:
Confidence changes required:10%
The refactoring introduces a newfactorypackage to handle configuration and provider creation. This is a good practice as it centralizes the creation logic and makes the code more maintainable.
6. pkg/signoz/config.go:22
- Draft comment:
The introduction of thefactorypackage to handle configuration and provider creation centralizes the creation logic and makes the code more maintainable. - Reason this comment was not posted:
Confidence changes required:10%
The refactoring introduces a newfactorypackage to handle configuration and provider creation. This is a good practice as it centralizes the creation logic and makes the code more maintainable.
Workflow ID: wflow_B18PCoTALM59wbck
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
There was a problem hiding this comment.
👍 Looks good to me! Incremental review on 288747a in 1 minute and 41 seconds
More details
- Looked at
2165lines of code in41files - Skipped
0files when reviewing. - Skipped posting
6drafted comments based on config settings.
1. ee/query-service/app/server.go:115
- Draft comment:
Refactored to usesignoz.SQLStore.SQLxDB()instead ofsignoz.SqlStore.Provider().SqlxDB(), which aligns with the refactoring goal to remove the dependency onopentelemetry-collector. This change is applied consistently across the files. - Reason this comment was not posted:
Confidence changes required:10%
The refactoring of theNewServerfunction inee/query-service/app/server.goandpkg/query-service/app/server.gois consistent with the intent to remove the dependency onopentelemetry-collector. The changes involve usingsignoz.SQLStore.SQLxDB()instead ofsignoz.SqlStore.Provider().SqlxDB(), which aligns with the refactoring goal. This change is applied consistently across the files.
2. pkg/query-service/main.go:91
- Draft comment:
Refactored to initializeinstrumentationandsignozusing the new factory pattern, which aligns with the refactoring goal to remove the dependency onopentelemetry-collector. - Reason this comment was not posted:
Confidence changes required:10%
The refactoring inpkg/query-service/main.goandee/query-service/main.goinvolves initializing theinstrumentationandsignozinstances with the new factory pattern. This change is consistent with the refactoring goal to remove the dependency onopentelemetry-collector. The initialization ofinstrumentationandsignozis done using the newNewProviderFactoriesmethod, which is a part of the refactoring.
3. pkg/cache/provider/memory/memory.go:18
- Draft comment:
Introduced a new factory pattern for creating cache providers usingNewFactory, which aligns with the refactoring goal to remove the dependency onopentelemetry-collector. - Reason this comment was not posted:
Confidence changes required:10%
The refactoring inpkg/cache/provider/memory/memory.gointroduces a new factory pattern for creating cache providers. This change is consistent with the refactoring goal to remove the dependency onopentelemetry-collector. TheNewFactoryfunction is used to create a new provider factory for the memory cache, which aligns with the new factory pattern.
4. pkg/sqlstore/provider/sqlite/sqlite.go:23
- Draft comment:
Introduced a new factory pattern for creating SQL store providers usingNewFactory, which aligns with the refactoring goal to remove the dependency onopentelemetry-collector. - Reason this comment was not posted:
Confidence changes required:10%
The refactoring inpkg/sqlstore/provider/sqlite/sqlite.gointroduces a new factory pattern for creating SQL store providers. This change is consistent with the refactoring goal to remove the dependency onopentelemetry-collector. TheNewFactoryfunction is used to create a new provider factory for the SQLite provider, which aligns with the new factory pattern.
5. pkg/sqlstore/migrations/migrations.go:19
- Draft comment:
Refactored to use the new factory pattern for creating migration instances usingNamedMap, which aligns with the refactoring goal to remove the dependency onopentelemetry-collector. - Reason this comment was not posted:
Confidence changes required:10%
The refactoring inpkg/sqlstore/migrations/migrations.goinvolves using the new factory pattern for creating migration instances. This change is consistent with the refactoring goal to remove the dependency onopentelemetry-collector. TheNewfunction now uses theNamedMapto get migration factories, which aligns with the new factory pattern.
6. pkg/query-service/app/server.go:98
- Draft comment:
Avoid using inline styles in React components. Use external stylesheets, CSS classes, or styled components instead. This is also applicable at line 115, 153, 170, and 233. - Reason this comment was not posted:
Comment was on unchanged code.
Workflow ID: wflow_Nm8s5l6BS2KSoR9s
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
There was a problem hiding this comment.
👍 Looks good to me! Incremental review on 6a7975a in 51 seconds
More details
- Looked at
216lines of code in4files - Skipped
0files when reviewing. - Skipped posting
2drafted comments based on config settings.
1. ee/query-service/main.go:94
- Draft comment:
The removal of theenableQueryServiceLogOTLPExportflag and related logic changes the functionality. Ensure this is intended and documented. - Reason this comment was not posted:
Confidence changes required:50%
The PR refactors the logging setup by removing the custom initialization and using the logger from the instrumentation package. This is a good change as it centralizes logging configuration. However, the removal of theenableQueryServiceLogOTLPExportflag and related logic should be noted as it changes the functionality.
2. pkg/query-service/main.go:87
- Draft comment:
The removal of theinitZapLogfunction changes the logging setup. Ensure this is intended and documented. - Reason this comment was not posted:
Confidence changes required:50%
The PR refactors the logging setup by removing the custom initialization and using the logger from the instrumentation package. This is a good change as it centralizes logging configuration. However, the removal of theinitZapLogfunction should be noted as it changes the logging setup.
Workflow ID: wflow_QCSU5FCHm6TrL9Jd
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
| path := filepath.Join(web.config.Directory, req.URL.Path) | ||
|
|
||
| // check whether a file exists or is a directory at the given path | ||
| fi, err := os.Stat(path) |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 18 hours ago
To fix the problem, we need to ensure that the user-provided path does not contain any path separators or sequences that could lead to directory traversal. We can achieve this by validating the req.URL.Path before using it to construct the file path. Specifically, we should:
- Check that the path does not contain any
..sequences. - Ensure that the path is within the intended directory by resolving the absolute path and verifying it.
Suggested changeset
1
pkg/web/provider/router/router.go
| @@ -76,2 +76,8 @@ | ||
| func (web *router) ServeHTTP(rw http.ResponseWriter, req *http.Request) { | ||
| // Validate the URL path to prevent directory traversal | ||
| if strings.Contains(req.URL.Path, "..") { | ||
| http.Error(rw, "Invalid file path", http.StatusBadRequest) | ||
| return | ||
| } | ||
|
|
||
| // Join internally call path.Clean to prevent directory traversal | ||
| @@ -79,4 +85,11 @@ | ||
|
|
||
| // Ensure the resolved path is within the web.config.Directory | ||
| absPath, err := filepath.Abs(path) | ||
| if err != nil || !strings.HasPrefix(absPath, web.config.Directory) { | ||
| http.Error(rw, "Invalid file path", http.StatusBadRequest) | ||
| return | ||
| } | ||
|
|
||
| // check whether a file exists or is a directory at the given path | ||
| fi, err := os.Stat(path) | ||
| fi, err := os.Stat(absPath) | ||
| if os.IsNotExist(err) || fi.IsDir() { |
Copilot is powered by AI and may make mistakes. Always verify output.
There was a problem hiding this comment.
👍 Looks good to me! Incremental review on 76d23b1 in 1 minute and 5 seconds
More details
- Looked at
243lines of code in8files - Skipped
0files when reviewing. - Skipped posting
2drafted comments based on config settings.
1. pkg/sqlstore/config.go:11
- Draft comment:
The removal of thePostgresConfigstruct is a breaking change. Ensure that there are no dependencies on PostgreSQL elsewhere in the codebase. - Reason this comment was not posted:
Comment did not seem useful.
2. pkg/instrumentation/instrumentation.go:23
- Draft comment:
TheToProviderSettingsmethod should not be part of theClickHouseReaderinterface if it were present. However, sinceClickHouseReaderis not in this code, this rule does not apply here. - Reason this comment was not posted:
Confidence changes required:50%
TheToProviderSettingsmethod in theInstrumentationinterface and its implementations is not related to ClickHouse, so it should not be part of theClickHouseReaderinterface. However, since theClickHouseReaderinterface is not present in the provided code, this rule does not apply here. The method is correctly placed in theInstrumentationinterface.
Workflow ID: wflow_zqY3KtxXAdgGZ8vI
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
There was a problem hiding this comment.
❌ Changes requested. Incremental review on 33bbc96 in 2 minutes and 32 seconds
More details
- Looked at
693lines of code in14files - Skipped
0files when reviewing. - Skipped posting
1drafted comments based on config settings.
1. pkg/query-service/main.go:76
- Draft comment:
Thefmt.Println(err, err.Error())line is redundant becausezap.L().Fatalalready logs the error. Consider removing this line to clean up the code. - Reason this comment was not posted:
Marked as duplicate.
Workflow ID: wflow_rqSRuzTqbaLxkmsw
Want Ellipsis to fix these issues? Tag @ellipsis-dev in a comment. You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
| signoz, err := signoz.New(config, skipWebFrontend) | ||
| instrumentation, err := instrumentation.New(context.Background(), pkgversion.Build{}, config.Instrumentation) | ||
| if err != nil { | ||
| fmt.Println(err, err.Error()) |
There was a problem hiding this comment.
The fmt.Println(err, err.Error()) line is redundant because zap.L().Fatal already logs the error. Consider removing this line to clean up the code.
|
This is a very big PR to review. Can it be broken down to smaller individual parts which can be reviewed ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
refactor config package and get rid of upstream dependency on opentelemetry-collector
Important
Refactor configuration package to remove opentelemetry-collector dependency, introduce new config system, and update database and server initialization.
factoryandproviderpatterns inpkg/configandpkg/factory.opentelemetry-collector.NewConfigFactoryandNewProviderFactoryfor modular configuration.sqlstoreandmigrations.agents,dashboards,integrations.InitDBfunctions to use newsqlstoresetup.Serverinitialization inserver.goto use new configuration and SQL store.NewServerto integrate withsignozstruct and new config system.webpackage withrouterandnoopproviders.This description was created by
for 33bbc96. It will automatically update as commits are pushed.