Open
Conversation
|
CodeAnt AI is running Incremental review |
codeant-ai
bot
added
the
size:XL
🏁 CodeAnt Quality Gate ResultsCommit: ✅ Overall Status: PASSEDQuality Gate Details
|
![codeant-ai[bot]](https://avatars.githubusercontent.com/in/646884?s=60&v=4){kind=small}
|
|
||
| if (response.repos) { | ||
| const sortedRepos = (response.repos || []).sort( | ||
| (a, b) => new Date(b.pushed_at) - new Date(a.pushed_at) |
There was a problem hiding this comment.
Suggestion: The date comparator subtracts new Date(...) values directly, which produces NaN for invalid or missing timestamps and makes sorting unreliable. Use parsed timestamps with a numeric fallback so repos are deterministically ordered even when pushed_at is absent. [logic error]
Severity Level: Major ⚠️
- ⚠️ listRepos may not sort repositories by latest push time.
- ⚠️ Repositories missing pushed_at can appear in inconsistent order.
- ⚠️ Downstream consumers relying on order get unreliable results.
Suggested change
| (a, b) => new Date(b.pushed_at) - new Date(a.pushed_at) | |
| (a, b) => (Date.parse(b.pushed_at) || 0) - (Date.parse(a.pushed_at) || 0) |
Steps of Reproduction ✅
1. In a Node.js script, monkey-patch global `fetch` (used inside
`src/utils/fetchApi.js:4-25`) so that `response.json()` resolves to an object like `{
repos: [ { name: 'r1', full_name: 'org/r1', pushed_at: '2024-01-01T00:00:00Z' }, { name:
'r2', full_name: 'org/r2' }, { name: 'r3', full_name: 'org/r3', pushed_at:
'2024-02-01T00:00:00Z' } ] }`, where one repo lacks `pushed_at`.
2. Import `listRepos` from `src/scans/listRepos.js:13` in that script via `import {
listRepos } from './src/scans/listRepos.js';`.
3. Call `await listRepos('acme-org')`, which obtains the mocked response at
`src/scans/listRepos.js:15-17`, passes the `if (response.repos)` check at line 23, and
then sorts using `(response.repos || []).sort((a, b) => new Date(b.pushed_at) - new
Date(a.pushed_at))` at lines 24-26.
4. For the repo without `pushed_at`, `new Date(undefined)` yields an invalid Date whose
numeric value is `NaN`, so the comparator sometimes returns `NaN` instead of a
negative/zero/positive number; as a result, comparisons involving that repo treat it as
equal to others, and the final `sortedRepos` array returned at line 27 is not reliably
ordered by actual last push time, especially once multiple repos have missing or malformed
timestamps.Fix in Cursor | Fix in VSCode Claude
(Use Cmd/Ctrl + Click for best experience)
Prompt for AI Agent 🤖
This is a comment left during a code review.
**Path:** src/scans/listRepos.js
**Line:** 25:25
**Comment:**
*Logic Error: The date comparator subtracts `new Date(...)` values directly, which produces `NaN` for invalid or missing timestamps and makes sorting unreliable. Use parsed timestamps with a numeric fallback so repos are deterministically ordered even when `pushed_at` is absent.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
| const normalized = { ...item }; | ||
| normalized.file_path = extractRelativeFilePath(item.file_path || item.path || item.filename || 'unknown'); | ||
| normalized.line_number = item.line_number || item.start_line || item.line || 1; | ||
| normalized.file_line_range = [normalized.line_number]; |
There was a problem hiding this comment.
Suggestion: The normalization logic always overwrites file_line_range with a single-line array, which drops valid multi-line ranges coming from scanners (especially IaC checks). Preserve the incoming range when present so callers can correctly display the full affected span. [logic error]
Severity Level: Major ⚠️
- ⚠️ Advanced IaC issues lose multi-line `file_line_range` spans.
- ⚠️ Downstream tools cannot show full misconfiguration blocks.
Suggested change
| normalized.file_line_range = [normalized.line_number]; | |
| normalized.file_line_range = | |
| Array.isArray(item.file_line_range) && item.file_line_range.length > 0 | |
| ? item.file_line_range | |
| : [normalized.line_number]; |
Steps of Reproduction ✅
1. Import and call `fetchIacResults(repo, commitId)` exported at
`src/scans/fetchAdvancedScanResults.js:318-319`, which internally calls
`fetchAdvancedScanResults(repo, commitId, ADVANCED_RESULT_TYPES.IAC)` at
`src/scans/fetchAdvancedScanResults.js:202-204`.
2. In `fetchAdvancedScanResults`, when `resultType === ADVANCED_RESULT_TYPES.IAC`, the
response from `/extension/scans2/fetch-advanced-results` is flattened in the IAC branch at
`src/scans/fetchAdvancedScanResults.js:241-270`; each failed check is turned into an
object with `file_line_range: check.file_line_range || [1]` at lines `253-254`, preserving
any multi-line ranges returned by the scanner.
3. After flattening, the code normalizes all items via
`resultsData.filter(Boolean).map((item) => normalizeAdvancedIssue(item, resultType))` at
`src/scans/fetchAdvancedScanResults.js:279-280`, which calls `normalizeAdvancedIssue`
defined at `src/scans/fetchAdvancedScanResults.js:147-192`.
4. Inside `normalizeAdvancedIssue`, the snippet at
`src/scans/fetchAdvancedScanResults.js:154-155` overwrites `file_line_range` with
`[normalized.line_number]`, so an IaC issue that originally had `file_line_range: [10,
20]` from the scanner is returned to callers with `file_line_range: [10]`, losing the
multi-line span; a future consumer that wants to highlight the full affected range
(similar to how `fetchScanResults` sets `file_line_range` at
`src/scans/fetchScanResults.js:92`) will only know about the first line.Fix in Cursor | Fix in VSCode Claude
(Use Cmd/Ctrl + Click for best experience)
Prompt for AI Agent 🤖
This is a comment left during a code review.
**Path:** src/scans/fetchAdvancedScanResults.js
**Line:** 155:155
**Comment:**
*Logic Error: The normalization logic always overwrites `file_line_range` with a single-line array, which drops valid multi-line ranges coming from scanners (especially IaC checks). Preserve the incoming range when present so callers can correctly display the full affected span.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Comment on lines
+50
to
+51
| reason_for_dismiss: dismissInfo.reason_for_dismiss || '', | ||
| comment_for_dismiss: dismissInfo.comment_for_dismiss || '', |
There was a problem hiding this comment.
Suggestion: dismissInfo is used as an object without null checks, so a null/undefined entry in response.data will throw when accessing dismissal fields and fail the whole operation. Use optional access with defaults to avoid crashing on partial backend data. [null pointer]
Severity Level: Major ⚠️
- ❌ Dismissed alerts fetch fails on any null dismissal entry.
- ⚠️ All valid dismissed alerts lost due to single bad record.
Suggested change
| reason_for_dismiss: dismissInfo.reason_for_dismiss || '', | |
| comment_for_dismiss: dismissInfo.comment_for_dismiss || '', | |
| reason_for_dismiss: dismissInfo?.reason_for_dismiss || '', | |
| comment_for_dismiss: dismissInfo?.comment_for_dismiss || '', |
Steps of Reproduction ✅
1. Any future caller (e.g. a scansv2 CLI flow) invokes `fetchDismissedAlerts(repo)`
defined in `src/scans/fetchDismissedAlerts.js:13`, which internally calls
`fetchApi('/extension/scans2/dismiss-alerts/get', 'POST', { repo, analysis_type })` at
lines 15–18.
2. The backend responds with JSON parsed by `fetchApi` (`src/utils/fetchApi.js:4–37`),
returning an object where `data` contains at least one entry whose value is `null` or
`undefined`, e.g. `{ "some/file.js||::||code||::||T1": null }`.
3. In `fetchDismissedAlerts`, the code at `src/scans/fetchDismissedAlerts.js:28–32`
executes `const dismissData = response.data || {};` and then `for (const [issueKey,
dismissInfo] of Object.entries(dismissData))`; for the malformed entry, `dismissInfo` is
`null`/`undefined`.
4. When constructing `dismissedAlerts.push({ ... })` at lines 43–52, accessing
`dismissInfo.reason_for_dismiss` and `dismissInfo.comment_for_dismiss` at lines 50–51
throws a `TypeError` ("Cannot read properties of null/undefined"), which is caught by the
`try/catch` at lines 14–57, causing the whole function to return `{ success: false, error:
error.message || 'Failed to fetch dismissed alerts' }` and preventing any dismissed alerts
from being returned.Fix in Cursor | Fix in VSCode Claude
(Use Cmd/Ctrl + Click for best experience)
Prompt for AI Agent 🤖
This is a comment left during a code review.
**Path:** src/scans/fetchDismissedAlerts.js
**Line:** 50:51
**Comment:**
*Null Pointer: `dismissInfo` is used as an object without null checks, so a null/undefined entry in `response.data` will throw when accessing dismissal fields and fail the whole operation. Use optional access with defaults to avoid crashing on partial backend data.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
|
CodeAnt AI Incremental review completed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CodeAnt-AI Description
Add the new scans center for repository results, history, and dismissed alerts
What Changed
Impact
✅ Centralized scan results in one place✅ Easier access to repository scan history✅ Re-display dismissed alerts with saved context🔄 Retrigger CodeAnt AI Review
Details
💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.