From 22d0c275d773ff7d4993ecd70e591f1902e82810 Mon Sep 17 00:00:00 2001 From: Yochai Lehman Date: Sun, 11 Feb 2024 17:13:59 -0500 Subject: [PATCH] fix PR comments --- Usage.md | 4 +++- pr_agent/git_providers/azuredevops_provider.py | 3 ++- pr_agent/servers/azuredevops_server_webhook.py | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Usage.md b/Usage.md index 59004d20..1969911c 100644 --- a/Usage.md +++ b/Usage.md @@ -450,4 +450,6 @@ For webhook security, configure the webhook username and password on both the se [azuredevops_server] webhook_username = "" webhook_password = "" -``` \ No newline at end of file +``` +> :warning: **Ensure that the webhook endpoint is only accessible over HTTPS** to mitigate the risk of credential interception when using basic authentication. + diff --git a/pr_agent/git_providers/azuredevops_provider.py b/pr_agent/git_providers/azuredevops_provider.py index 3698ca6e..d9c09d3b 100644 --- a/pr_agent/git_providers/azuredevops_provider.py +++ b/pr_agent/git_providers/azuredevops_provider.py @@ -326,7 +326,8 @@ class AzureDevopsProvider(GitProvider): def publish_description(self, pr_title: str, pr_body: str): if len(pr_body) > MEX_PR_DESCRIPTION_LENGTH: - pr_body = pr_body[:MEX_PR_DESCRIPTION_LENGTH] + trunction_message = " ... (description truncated due to length limit)" + pr_body = pr_body[:MEX_PR_DESCRIPTION_LENGTH - len(trunction_message)] + trunction_message get_logger().warning( "PR description exceeds the maximum character limit of 4000. Truncating the description." ) diff --git a/pr_agent/servers/azuredevops_server_webhook.py b/pr_agent/servers/azuredevops_server_webhook.py index 9bcc35e4..e81501e9 100644 --- a/pr_agent/servers/azuredevops_server_webhook.py +++ b/pr_agent/servers/azuredevops_server_webhook.py @@ -91,6 +91,7 @@ async def handle_webhook(background_tasks: BackgroundTasks, request: Request): ) # currently only basic auth is supported with azure webhooks +# for this reason, https must be enabled to ensure the credentials are not sent in clear text def validate_basic_auth(request: Request): auth = request.headers.get("Authorization") if not auth: