Skip to content

Gemini polishing #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nang-dev merged 7 commits into from
Apr 8, 2025
Merged

Gemini polishing #51

nang-dev merged 7 commits into from
Apr 8, 2025

Conversation

@nang-dev
Copy link

@nang-dev nang-dev commented Apr 8, 2025
edited
Loading

add robustness and everything is synced with server now

github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 8, 2025
View reviewed changes
src/api/providers/pearai/pearaiGeneric.ts
console.dir(modelInfo)
console.dir(modelId)
const deepseekReasoner = modelId.includes("deepseek-reasoner")
const ark = modelUrl.includes(".volces.com")

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
.volces.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Copilot Autofix

AI 9 months ago

To fix the problem, we need to parse the URL and check the host value instead of using a substring check. This ensures that the check is accurate and cannot be bypassed by embedding the allowed host in an unexpected location within the URL.

  • Parse the URL using the URL constructor to extract the host.
  • Check if the host matches the allowed host or its subdomains.
  • Replace the substring check with the new host validation logic.
Suggested changeset 1
src/api/providers/pearai/pearaiGeneric.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/api/providers/pearai/pearaiGeneric.ts b/src/api/providers/pearai/pearaiGeneric.ts
--- a/src/api/providers/pearai/pearaiGeneric.ts
+++ b/src/api/providers/pearai/pearaiGeneric.ts
@@ -73,3 +73,10 @@
 		const deepseekReasoner = modelId.includes("deepseek-reasoner")
-		const ark = modelUrl.includes(".volces.com")
+		let ark = false
+		try {
+			const urlHost = new URL(modelUrl).host
+			ark = urlHost === "volces.com" || urlHost.endsWith(".volces.com")
+		} catch (error) {
+			// Handle invalid URL
+			ark = false
+		}
 
EOF
@@ -73,3 +73,10 @@
const deepseekReasoner = modelId.includes("deepseek-reasoner")
const ark = modelUrl.includes(".volces.com")
let ark = false
try {
const urlHost = new URL(modelUrl).host
ark = urlHost === "volces.com" || urlHost.endsWith(".volces.com")
} catch (error) {
// Handle invalid URL
ark = false
}

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
@nang-dev nang-dev merged commit 7892d29 into main Apr 8, 2025
5 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nang-dev