Skip to content

rust-guard: delegate parse_integrity to MinIntegrity::from_policy_str + add response_items tests#7422

Merged
lpcox merged 3 commits into
mainfrom
copilot/rust-guard-delegate-parse-integrity
Jun 12, 2026
Merged

rust-guard: delegate parse_integrity to MinIntegrity::from_policy_str + add response_items tests#7422
lpcox merged 3 commits into
mainfrom
copilot/rust-guard-delegate-parse-integrity

Conversation

Copilot AI commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

parse_integrity in lib.rs duplicated a 4-arm match already implemented (case-insensitively, with whitespace trimming) in MinIntegrity::from_policy_str. labels/response_items.rs had zero test coverage despite being on the security-sensitive response-labeling path.

Changes

lib.rs — eliminate duplication in parse_integrity

  • Replace 4-arm match with a single delegation to MinIntegrity::from_policy_str, gaining case-insensitivity and whitespace trimming for free: 
    fn parse_integrity(value: &str) -> Result<MinIntegrity, String> {
    MinIntegrity::from_policy_str(value).ok_or_else(|| {
        format!(
            "AllowOnly.min-integrity must be one of {}",
            policy_integrity::ORDER_LOW_TO_HIGH_PIPED
        )
    })
}
  • Add parse_integrity_accepts_mixed_case test covering "None", "APPROVED", and " merged " to document the newly inherited behaviour.

labels/response_items.rs — add baseline test coverage

Add a #[cfg(test)] module with three tests:

  • unknown_tool_returns_empty_ => {} catch-all returns an empty vec (not a panic)
  • error_response_is_skippedisError=true early-return guard is respected regardless of tool name (security boundary)
  • search_repositories_private_repo_gets_private_label — private repos in search results receive a private: secrecy label

GitHub Advanced Security started work on behalf of lpcox June 12, 2026 13:44 View session
GitHub Advanced Security finished work on behalf of lpcox June 12, 2026 13:45
Delegate parse_integrity to MinIntegrity::from_policy_str and add res…
814df03 
…ponse_items tests

- Replace 4-arm match in parse_integrity with delegation to
  MinIntegrity::from_policy_str, gaining case-insensitivity and
  whitespace trimming at zero extra cost
- Add parse_integrity_accepts_mixed_case test
- Add #[cfg(test)] module to response_items.rs with tests for
  unknown tool, error response skip, and private repo labeling

Closes #7417
Copilot AI changed the title [WIP] Fix parse_integrity duplication with MinIntegrity::from_policy_str rust-guard: delegate parse_integrity to MinIntegrity::from_policy_str + add response_items tests Jun 12, 2026
GitHub Advanced Security started work on behalf of lpcox June 12, 2026 13:50 View session
Copilot AI requested a review from lpcox June 12, 2026 13:50
Copilot finished work on behalf of lpcox June 12, 2026 13:50
GitHub Advanced Security finished work on behalf of lpcox June 12, 2026 13:51
@lpcox lpcox marked this pull request as ready for review June 12, 2026 15:12
Copilot AI review requested due to automatic review settings June 12, 2026 15:12
Copilot AI reviewed Jun 12, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reduces duplication in Rust guard policy parsing by delegating parse_integrity to the canonical MinIntegrity::from_policy_str implementation, and adds initial unit tests for the security-sensitive item-based response-labeling path.

Changes:

  • Refactor parse_integrity to call MinIntegrity::from_policy_str (inheriting trim + case-insensitive parsing).
  • Add a new parse_integrity_accepts_mixed_case test to document the newly accepted inputs.
  • Add baseline label_response_items unit tests for unknown tools, isError=true responses, and private repo labeling in search_repositories.
Show a summary per file
File Description
guards/github-guard/rust-guard/src/lib.rs Simplifies integrity parsing by delegating to MinIntegrity::from_policy_str and adds a test for mixed-case/whitespace inputs.
guards/github-guard/rust-guard/src/labels/response_items.rs Adds initial unit tests covering key response-item labeling behaviors (unknown tool, error response skip, private repo secrecy labeling).

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 1

Comment thread guards/github-guard/rust-guard/src/labels/response_items.rs
@lpcox
Potential fix for pull request finding
ba7be6d 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
GitHub Advanced Security started work on behalf of lpcox June 12, 2026 15:20 View session
GitHub Advanced Security finished work on behalf of lpcox June 12, 2026 15:21
@lpcox lpcox merged commit a126c53 into main Jun 12, 2026
27 checks passed
@lpcox lpcox deleted the copilot/rust-guard-delegate-parse-integrity branch June 12, 2026 15:23
@github-actions github-actions Bot mentioned this pull request Jun 15, 2026
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@lpcox lpcox Awaiting requested review from lpcox

Assignees

@lpcox lpcox

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lpcox