fix(vcs): annotate remote operation for validation#19062
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cb3952436e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR makes remote URL validation explicit (and non–opt-in) by requiring callers to annotate each VCS command with the kind of remote operation it performs.
Changes:
- Introduces a
remote_opparameter toRepository.execute()and triggers pull/push URL validation based on it. - Updates Git/Mercurial and various call sites to pass
remote_op="none" | "pull" | "push"for each command. - Extends tests to assert that private/non-public remote URLs are rejected without spawning outbound VCS processes.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| weblate/vcs/base.py | Adds RemoteOperation and makes execute() require remote_op to enforce validation. |
| weblate/vcs/git.py | Propagates remote_op across git operations; shifts validation responsibility into execute(). |
| weblate/vcs/mercurial.py | Propagates remote_op across hg operations; relies on execute() for validation. |
| weblate/vcs/tests/test_vcs.py | Updates tests and adds assertions to ensure private URL validation prevents outbound processes. |
| weblate/trans/tests/test_remote.py | Adds remote_op="none" for local git operations in tests. |
| weblate/trans/tests/test_git_views.py | Adds remote_op="none" for local git operations in tests. |
| weblate/trans/tests/test_component.py | Adds remote_op="none" for local git operations in tests. |
| weblate/trans/component_copy.py | Adds remote_op="none" for local branch checkout operations. |
| weblate/gitexport/views.py | Adds remote_op="none" for local cat-file usage. |
| weblate/gitexport/tests.py | Adds remote_op="none" for local rev-parse usage in tests. |
| weblate/addons/tests.py | Marks fetch --unshallow as remote_op="pull" in tests. |
| weblate/addons/git.py | Marks addon-driven repository operations with appropriate remote_op. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This makes the validation explcitit and not opt-in.
|
The latest updates on your projects. Learn more about Argos notifications ↗︎
|
This makes the validation explcitit and not opt-in.