You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Below is a summary of compliance checks for this PR:
Security Compliance
⚪
Markdown injection
Description:sanitize_diagram() only checks that input starts with a fence and ensures it ends with a fence, but does not prevent additional embedded sequences inside the diagram body, which can prematurely close the code block and allow markdown/HTML injection (e.g., a diagram containing \n\n<script>...</script>\n could escape the fenced block in rendered PR descriptions depending on downstream rendering). pr_description.py [772-785]
Follow the guide to enable codebase context checks.
Custom Compliance
🟢
Consistent Naming Conventions
Objective: All new variables, functions, and classes must follow the project's established naming standards
Status: Passed
Single Responsibility for Functions
Objective: Each function should have a single, well-defined responsibility
Status: Passed
When relevant, utilize early return
Objective: In a code snippet containing multiple logic conditions (such as 'if-else'), prefer an early return on edge cases than deep nesting
Status: Passed
🔴
No Dead or Commented-Out Code
Objective: Keep the codebase clean by ensuring all submitted code is active and necessary
Status: Unused import: The newly added pytest import is unused in the test module, introducing unnecessary dead code.
Referred Code
importpytestimportyaml
⚪
Robust Error Handling
Objective: Ensure potential errors and edge cases are anticipated and handled gracefully throughout the code
Status: Input type safety: sanitize_diagram() calls .strip() on diagram_raw without guarding against non-string/None inputs, which could raise an exception depending on upstream data types.
Referred Code
defsanitize_diagram(diagram_raw: str) ->str:
"""Sanitize a diagram string: fix missing closing fence and remove backticks."""diagram=diagram_raw.strip()
ifnotdiagram.startswith('```'):
return''
Compliance status legend
🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label
Update the regex for sanitizing Mermaid node labels to correctly handle the id["..."] format, as the current expression r'["([^"]*?)"]' fails to match them.
-# remove backticks inside node labels: ["`label`"] -> ["label"]+# remove backticks inside node labels: A["`label`"] -> A["label"]
lines = diagram.split('\n')
-result = [re.sub(r'\["([^"]*?)"\]', lambda m: '["' + m.group(1).replace('`', '') + '"]', line) for line in lines]+result = [re.sub(r'(\w+\[")([^"]*)("\])', lambda m: m.group(1) + m.group(2).replace('`', '') + m.group(3), line) for line in lines]
return '\n' + '\n'.join(result)
Apply / Chat
Suggestion importance[1-10]: 9
__
Why: The suggestion correctly identifies a bug in the new sanitize_diagram function where the regex for node labels is wrong, and it provides a correct implementation that fixes the bug, which is critical for the feature to work as intended.
High
Learned best practice
Add safe guards for missing values
Guard against diagram_raw being None or non-string before calling .strip() to avoid AttributeError when the YAML value is missing or not a string.
def sanitize_diagram(diagram_raw: str) -> str:
"""Sanitize a diagram string: fix missing closing fence and remove backticks."""
+ if not isinstance(diagram_raw, str):+ return ''
diagram = diagram_raw.strip()
if not diagram.startswith('```'):
return ''
-+
# fallback missing closing
if not diagram.endswith('```'):
- diagram += '\n```' -+ diagram += '\n```'+
# remove backticks inside node labels: ["`label`"] -> ["label"]
lines = diagram.split('\n')
result = [re.sub(r'\["([^"]*?)"\]', lambda m: '["' + m.group(1).replace('`', '') + '"]', line) for line in lines]
return '\n' + '\n'.join(result)
Apply / Chat
Suggestion importance[1-10]: 6
__
Why:
Relevant best practice - When accessing attributes on values that may be missing/None, use safe access patterns (e.g., guard clauses) to prevent AttributeError/KeyError.
Low
More
Author self-review: I have reviewed the PR code suggestions, and addressed the relevant ones.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue: #2211
PR Type
Enhancement, Tests
Description
Extract diagram sanitization logic into dedicated function
Remove backticks from node labels in mermaid diagrams
Add comprehensive unit tests for diagram sanitization
Handle missing closing fence and invalid diagram formats
Diagram Walkthrough
File Walkthrough
pr_description.py
Extract and enhance diagram sanitization logicpr_agent/tools/pr_description.py
sanitize_diagram()function
removes backticks from node labels
_prepare_data()to use new sanitization function instead ofinline logic
markers
test_pr_description.py
Add unit tests for diagram sanitizationtests/unittest/test_pr_description.py
sanitization
fences, and backtick removal
edge labels
prefix