refactor: handle unknown permissions safely

zapdev360 · zapdev360 · commit 8c2ff5aeab93 · 2025-12-26T13:07:23.000+05:30
Add fallback handling for unknown permissions, effectively handle empty permission sets, and refine label notes and categories.
diff --git a/backend/src/routes/label.js b/backend/src/routes/label.js
@@ -11,6 +11,10 @@ router.get("/app/:slug/label", async (_req, res) => {
       ([name, access]) => ({ name, access })
     );
 
+    if (perms.length === 0) {
+      return res.json(buildLabel([]));
+    }
+
     res.json(buildLabel(perms));
   } catch (err) {
     console.error(err.response?.data || err.message);
diff --git a/backend/src/services/privacyLabel.js b/backend/src/services/privacyLabel.js
@@ -6,7 +6,10 @@ function buildLabel(perms) {
 
   perms.forEach(({ name }) => {
     const perm = permissions[name];
-    if (!perm) return;
+    if (!perm) {
+      used.add("unknown");
+      return;
+    }
 
     const key = perm.category;
     used.add(key);
@@ -26,8 +29,8 @@ function buildLabel(perms) {
     overall_sensitivity: sensitivity,
     permissions: perms,
     notes: [
-      "Based on publicly available GitHub App permission metadata.",
-      "Does not inspect runtime behavior or private repositories.",
+      "Derived from declared GitHub App permissions.",
+      "Based on public metadata only; no runtime inspection.",
     ],
   };
 }
diff --git a/shared/categories.json b/shared/categories.json
@@ -28,5 +28,10 @@
     "label": "Organization-level access",
     "sensitivity": "high",
     "description": "Permissions that apply across an organization rather than individual repositories."
+  },
+  "unknown": {
+    "label": "Unknown data access",
+    "sensitivity": "moderate",
+    "description": "Permissions not yet classified by PermLens."
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -28,5 +28,10 @@`
`28`	`28`	`"label": "Organization-level access",`
`29`	`29`	`"sensitivity": "high",`
`30`	`30`	`"description": "Permissions that apply across an organization rather than individual repositories."`
	`31`	`+ },`
	`32`	`+ "unknown": {`
	`33`	`+ "label": "Unknown data access",`
	`34`	`+ "sensitivity": "moderate",`
	`35`	`+ "description": "Permissions not yet classified by PermLens."`
`31`	`36`	`}`
`32`	`37`	`}`