Open
Conversation
Contributor
📝 WalkthroughWalkthroughThe change modifies the Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
loks0n
approved these changes
Mar 9, 2026
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/Appwrite/Vcs/Comment.php`:
- Around line 253-254: The current code in Comment.php treats any json_decode
failure as an empty builds list, which can silently drop corrupted state; update
parseComment() (where $this->builds is set) to special-case only a truly empty
payload (e.g., trim($json) === '') and set $this->builds = []; otherwise attempt
json_decode and if json_last_error() !== JSON_ERROR_NONE or the decoded value is
not an array, fail fast (throw an exception or return an error) instead of
defaulting to []; ensure callers like addBuild() and updateComment() will
receive the error rather than silently overwriting builds.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: ad1de0f6-16ec-4e95-80cd-a1e728f8573e
📒 Files selected for processing (1)
src/Appwrite/Vcs/Comment.php
Comment on lines
253
to
+254
| $builds = \json_decode($json, true); | ||
| $this->builds = $builds; | ||
| $this->builds = \is_array($builds) ? $builds : []; |
Contributor
There was a problem hiding this comment.
Avoid treating malformed state as an empty build list.
Line 254 fixes the empty-comment case, but it also turns any decode failure into []. In the current call flow, parseComment() is followed by addBuild() and then updateComment() in src/Appwrite/Platform/Modules/Functions/Workers/Builds.php:1492-1495 and src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php:172-181,464-469, so a corrupted non-empty state will silently drop all previously recorded builds when the comment is rewritten. Please special-case only the truly empty payload and fail fast on malformed serialized state instead of defaulting it to an empty array.
🛠️ Suggested direction
- $json = \base64_decode($state);
-
- $builds = \json_decode($json, true);
- $this->builds = \is_array($builds) ? $builds : [];
+ if ($state === '') {
+ $this->builds = [];
+ return $this;
+ }
+
+ $json = \base64_decode($state, true);
+ if ($json === false) {
+ throw new \RuntimeException('Invalid VCS comment state encoding');
+ }
+
+ $builds = \json_decode($json, true);
+ if (!\is_array($builds)) {
+ throw new \RuntimeException('Invalid VCS comment state payload');
+ }
+
+ $this->builds = $builds;🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@src/Appwrite/Vcs/Comment.php` around lines 253 - 254, The current code in
Comment.php treats any json_decode failure as an empty builds list, which can
silently drop corrupted state; update parseComment() (where $this->builds is
set) to special-case only a truly empty payload (e.g., trim($json) === '') and
set $this->builds = []; otherwise attempt json_decode and if json_last_error()
!== JSON_ERROR_NONE or the decoded value is not an array, fail fast (throw an
exception or return an error) instead of defaulting to []; ensure callers like
addBuild() and updateComment() will receive the error rather than silently
overwriting builds.
Security Scan Results for PRDocker Image Scan Results
Source Code Scan Results🎉 No vulnerabilities found! |
🔄 PHP-Retry SummaryFlaky tests detected across commits: Commit
|
| Test | Retries | Total Time | Details |
|---|---|---|---|
UsageTest::testDatabaseStatsCollectionsAPI |
1 | 10.26s | Logs |
LegacyCustomServerTest::testTimeout |
1 | 120.73s | Logs |
TablesDBConsoleClientTest::testAttributeResponseModels |
1 | 120.21s | Logs |
TablesDBConsoleClientTest::testInvalidDocumentStructure |
1 | 240.84s | Logs |
TablesDBTransactionsCustomServerTest::testUpsertDocument |
1 | 240.21s | Logs |
✨ Benchmark results
⚡ Benchmark Comparison
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fallback to an empty array for type safety