Function bodies 513 total
scanner.unquoteTOML function · go · L507-L513 (7 LOC)internal/security/scanner/deps.go
func unquoteTOML(s string) string {
s = strings.TrimSpace(s)
if len(s) >= 2 && s[0] == '"' && s[len(s)-1] == '"' {
return s[1 : len(s)-1]
}
return s
}scanner.LicenseScanner.Scan method · go · L74-L124 (51 LOC)internal/security/scanner/license.go
func (s *LicenseScanner) Scan(ctx context.Context, target security.ScanTarget) ([]security.Finding, error) {
if err := ctx.Err(); err != nil {
return nil, fmt.Errorf("license scanner cancelled: %w", err)
}
var findings []security.Finding
// Check for license files in root.
licenseFound := false
for _, name := range licenseFileNames {
if err := ctx.Err(); err != nil {
return nil, fmt.Errorf("license scanner cancelled: %w", err)
}
absPath := filepath.Join(target.RootDir, name)
data, err := os.ReadFile(absPath)
if err != nil {
continue
}
licenseFound = true
lt := identifyLicense(string(data))
if lt != nil && lt.copyleft {
findings = append(findings, s.newFinding(
fmt.Sprintf("Copyleft license detected: %s", lt.name),
fmt.Sprintf("Project uses %s license which requires derivative works to be open-sourced", lt.name),
security.SeverityMedium,
name, 1,
))
}
break // Only check the first license file found.
}
if !licenseFound {
scanner.identifyLicense function · go · L127-L136 (10 LOC)internal/security/scanner/license.go
func identifyLicense(content string) *licenseType {
upper := strings.ToUpper(content)
for _, kl := range knownLicenses {
if strings.Contains(upper, kl.keyword) {
lt := kl.license
return <
}
}
return nil
}scanner.LicenseScanner.scanHeaders method · go · L139-L158 (20 LOC)internal/security/scanner/license.go
func (s *LicenseScanner) scanHeaders(ctx context.Context, target security.ScanTarget) ([]security.Finding, error) {
files, err := s.collectSourceFiles(target)
if err != nil {
return nil, err
}
var findings []security.Finding
for _, relPath := range files {
if err := ctx.Err(); err != nil {
return nil, fmt.Errorf("license scanner cancelled: %w", err)
}
absPath := filepath.Join(target.RootDir, relPath)
header := s.checkHeader(absPath, relPath)
if header != nil {
findings = append(findings, *header)
}
}
return findings, nil
}scanner.LicenseScanner.checkHeader method · go · L171-L195 (25 LOC)internal/security/scanner/license.go
func (s *LicenseScanner) checkHeader(absPath, relPath string) *security.Finding {
f, err := os.Open(absPath)
if err != nil {
return nil
}
defer f.Close()
scanner := bufio.NewScanner(f)
lineNum := 0
for scanner.Scan() && lineNum < 10 {
lineNum++
line := scanner.Text()
upper := strings.ToUpper(line)
if strings.Contains(upper, "COPYRIGHT") || strings.Contains(upper, "LICENSE") {
finding := s.newFinding(
"License header found in source file",
fmt.Sprintf("Source file contains a license/copyright header at line %d", lineNum),
security.SeverityInfo,
relPath, lineNum,
)
return &finding
}
}
return nil
}scanner.LicenseScanner.newFinding method · go · L197-L217 (21 LOC)internal/security/scanner/license.go
func (s *LicenseScanner) newFinding(title, description string, severity security.Severity, file string, line int) security.Finding {
s.mu.Lock()
s.findingCounter++
id := fmt.Sprintf("LIC-%04d", s.findingCounter)
s.mu.Unlock()
return security.Finding{
ID: id,
Scanner: "license",
Severity: severity,
Category: security.CategoryLicenseCompliance,
Title: title,
Description: description,
Location: security.Location{
File: file,
StartLine: line,
EndLine: line,
},
Confidence: security.ConfidenceHigh,
}
}scanner.NewSASTScanner function · go · L38-L43 (6 LOC)internal/security/scanner/sast.go
func NewSASTScanner() *SASTScanner {
return &SASTScanner{
parser: parser.NewParser(),
patterns: defaultSASTPatterns(),
}
}Citation: Repobility (2026). State of AI-Generated Code. https://repobility.com/research/
scanner.SASTScanner.Scan method · go · L52-L74 (23 LOC)internal/security/scanner/sast.go
func (s *SASTScanner) Scan(ctx context.Context, target security.ScanTarget) ([]security.Finding, error) {
if err := ctx.Err(); err != nil {
return nil, fmt.Errorf("sast scanner cancelled: %w", err)
}
files, err := security.CollectFiles(target, []string{".go", ".py", ".js", ".ts", ".tsx", ".jsx"})
if err != nil {
return nil, fmt.Errorf("collecting files: %w", err)
}
var findings []security.Finding
for _, relPath := range files {
if err := ctx.Err(); err != nil {
return nil, fmt.Errorf("sast scanner cancelled: %w", err)
}
absPath := filepath.Join(target.RootDir, relPath)
fileFindings := s.scanFile(absPath, relPath)
findings = append(findings, fileFindings...)
}
return findings, nil
}scanner.SASTScanner.scanFile method · go · L87-L143 (57 LOC)internal/security/scanner/sast.go
func (s *SASTScanner) scanFile(absPath, relPath string) []security.Finding {
source, err := os.ReadFile(absPath)
if err != nil {
return nil
}
ext := filepath.Ext(relPath)
lang, ok := supportedExtensions[ext]
if !ok {
return nil
}
tree, err := s.parser.Parse(relPath, source)
if err != nil {
return nil
}
defer tree.Close()
// Check import-level patterns (e.g., weak crypto imports in Go).
var findings []security.Finding
findings = append(findings, s.checkImports(tree, source, relPath, lang)...)
// Get function boundaries and check each function body.
funcs := tree.Functions()
lines := strings.Split(string(source), "\n")
for _, fn := range funcs {
// Extract function body text (0-indexed lines).
startIdx := fn.StartLine - 1
endIdx := fn.EndLine
if startIdx < 0 {
startIdx = 0
}
if endIdx > len(lines) {
endIdx = len(lines)
}
body := strings.Join(lines[startIdx:endIdx], "\n")
for _, pat := range s.patterns {
if pat.language != lang {
scanner.SASTScanner.checkImports method · go · L146-L170 (25 LOC)internal/security/scanner/sast.go
func (s *SASTScanner) checkImports(tree *parser.Tree, source []byte, relPath, lang string) []security.Finding {
var findings []security.Finding
imports := tree.Imports()
lines := strings.Split(string(source), "\n")
for _, imp := range imports {
for _, pat := range s.patterns {
if pat.language != lang || pat.name != "go-weak-crypto" {
continue
}
if pat.pattern.MatchString(imp) {
// Find the line number of this import.
lineNum := 1
for i, line := range lines {
if strings.Contains(line, imp) {
lineNum = i + 1
break
}
}
findings = append(findings, s.newFinding(pat, relPath, lineNum, ""))
}
}
}
return findings
}scanner.SASTScanner.findMatchLine method · go · L173-L180 (8 LOC)internal/security/scanner/sast.go
func (s *SASTScanner) findMatchLine(lines []string, startIdx, endIdx int, pattern *regexp.Regexp) int {
for i := startIdx; i < endIdx && i < len(lines); i++ {
if pattern.MatchString(lines[i]) {
return i + 1 // 1-indexed
}
}
return startIdx + 1 // fallback to function start
}scanner.SASTScanner.newFinding method · go · L183-L208 (26 LOC)internal/security/scanner/sast.go
func (s *SASTScanner) newFinding(pat sastPattern, file string, line int, funcName string) security.Finding {
s.mu.Lock()
s.findingCounter++
id := fmt.Sprintf("SAST-%04d", s.findingCounter)
s.mu.Unlock()
return security.Finding{
ID: id,
Scanner: "sast",
Severity: pat.severity,
Category: pat.category,
Title: pat.title,
Description: fmt.Sprintf(
"%s found at %s:%d",
pat.title, file, line,
),
Location: security.Location{
File: file,
StartLine: line,
EndLine: line,
Function: funcName,
},
CWE: pat.cwe,
Confidence: pat.confidence,
}
}scanner.defaultSASTPatterns function · go · L211-L324 (114 LOC)internal/security/scanner/sast.go
func defaultSASTPatterns() []sastPattern {
return []sastPattern{
// Go: SQL injection - string concatenation in db.Query/db.Exec/db.QueryRow
{
name: "go-sql-injection",
language: "go",
pattern: regexp.MustCompile(`db\.(Query|Exec|QueryRow)\s*\([^)]*\+`),
severity: security.SeverityHigh,
category: security.CategoryInjection,
cwe: "CWE-89",
title: "Potential SQL injection via string concatenation",
confidence: security.ConfidenceMedium,
},
// Go: Command injection - exec.Command with shell invocation
{
name: "go-command-injection",
language: "go",
pattern: regexp.MustCompile(`exec\.Command\s*\(\s*"sh"\s*,\s*"-c"\s*,`),
severity: security.SeverityHigh,
category: security.CategoryInjection,
cwe: "CWE-78",
title: "Potential command injection via exec.Command with shell",
confidence: security.ConfidenceMedium,
},
// Go: Weak crypto - import of known weak algorithms
{
namescanner.SecretScanner.Scan method · go · L109-L135 (27 LOC)internal/security/scanner/secrets.go
func (s *SecretScanner) Scan(ctx context.Context, target security.ScanTarget) ([]security.Finding, error) {
if err := ctx.Err(); err != nil {
return nil, fmt.Errorf("secret scanner cancelled: %w", err)
}
files, err := security.CollectFiles(target, nil)
if err != nil {
return nil, fmt.Errorf("collecting files: %w", err)
}
var findings []security.Finding
for _, relPath := range files {
if err := ctx.Err(); err != nil {
return nil, fmt.Errorf("secret scanner cancelled: %w", err)
}
absPath := filepath.Join(target.RootDir, relPath)
fileFindings, err := s.scanFile(absPath, relPath)
if err != nil {
// Skip files we cannot read rather than failing the whole scan.
continue
}
findings = append(findings, fileFindings...)
}
return findings, nil
}scanner.isBinary function · go · L139-L145 (7 LOC)internal/security/scanner/secrets.go
func isBinary(data []byte) bool {
limit := 512
if len(data) < limit {
limit = len(data)
}
return bytes.ContainsRune(data[:limit], 0)
}Powered by Repobility — scan your code at https://repobility.com
scanner.SecretScanner.scanFile method · go · L154-L218 (65 LOC)internal/security/scanner/secrets.go
func (s *SecretScanner) scanFile(absPath, relPath string) ([]security.Finding, error) {
data, err := os.ReadFile(absPath)
if err != nil {
return nil, err
}
if isBinary(data) {
return nil, nil
}
var findings []security.Finding
scanner := bufio.NewScanner(bytes.NewReader(data))
lineNum := 0
for scanner.Scan() {
lineNum++
line := scanner.Text()
// Check each regex rule.
for _, rule := range s.rules {
matches := rule.pattern.FindStringSubmatch(line)
if matches == nil {
continue
}
matchedValue := matches[0]
if rule.matchGroup > 0 && rule.matchGroup < len(matches) {
matchedValue = matches[rule.matchGroup]
}
if s.isExampleValue(matchedValue) {
continue
}
findings = append(findings, s.newFinding(
rule.title,
rule.severity,
security.ConfidenceHigh,
relPath,
lineNum,
maskSecret(matchedValue, rule.name),
))
}
// Check entropy for variable assignments matching sensitive names.
if entropyMatches := scanner.SecretScanner.alreadyDetected method · go · L221-L228 (8 LOC)internal/security/scanner/secrets.go
func (s *SecretScanner) alreadyDetected(findings []security.Finding, file string, line int) bool {
for _, f := range findings {
if f.Location.File == file && f.Location.StartLine == line {
return true
}
}
return false
}scanner.SecretScanner.newFinding method · go · L231-L256 (26 LOC)internal/security/scanner/secrets.go
func (s *SecretScanner) newFinding(title string, severity security.Severity, confidence security.Confidence, file string, line int, evidence string) security.Finding {
s.mu.Lock()
s.findingCounter++
id := fmt.Sprintf("SEC-%04d", s.findingCounter)
s.mu.Unlock()
return security.Finding{
ID: id,
Scanner: "secrets",
Severity: severity,
Category: security.CategorySecretsExposure,
Title: title,
Description: fmt.Sprintf(
"%s found at %s:%d",
title, file, line,
),
Location: security.Location{
File: file,
StartLine: line,
EndLine: line,
},
CWE: "CWE-798",
Evidence: evidence,
Confidence: confidence,
}
}scanner.maskSecret function · go · L260-L265 (6 LOC)internal/security/scanner/secrets.go
func maskSecret(value, ruleName string) string {
if len(value) <= 4 {
return strings.Repeat("*", len(value))
}
return fmt.Sprintf("Matched %s pattern: %s%s", ruleName, value[:4], strings.Repeat("*", len(value)-4))
}scanner.shannonEntropy function · go · L268-L287 (20 LOC)internal/security/scanner/secrets.go
func shannonEntropy(s string) float64 {
if len(s) == 0 {
return 0
}
freq := make(map[rune]float64)
for _, c := range s {
freq[c]++
}
length := float64(len([]rune(s)))
entropy := 0.0
for _, count := range freq {
p := count / length
if p > 0 {
entropy -= p * math.Log2(p)
}
}
return entropy
}scanner.NewSkillScannerAdapter function · go · L20-L25 (6 LOC)internal/security/scanner/skill_scanner.go
func NewSkillScannerAdapter(name string, fn ScanFunc) *SkillScannerAdapter {
return &SkillScannerAdapter{
name: name,
scanFn: fn,
}
}security.SeverityRank function · go · L22-L37 (16 LOC)internal/security/types.go
func SeverityRank(s Severity) int {
switch s {
case SeverityCritical:
return 5
case SeverityHigh:
return 4
case SeverityMedium:
return 3
case SeverityLow:
return 2
case SeverityInfo:
return 1
default:
return 0
}
}security.AllCategories function · go · L68-L84 (17 LOC)internal/security/types.go
func AllCategories() []Category {
return []Category{
CategoryInjection,
CategoryAuthentication,
CategoryAuthorization,
CategoryCryptography,
CategorySecretsExposure,
CategoryVulnerableDep,
CategoryMisconfiguration,
CategoryDataExposure,
CategoryRaceCondition,
CategoryInputValidation,
CategoryLoggingMonitoring,
CategorySupplyChain,
CategoryLicenseCompliance,
}
}Repobility · open methodology · https://repobility.com/research/
security.ScanError.Error method · go · L149-L154 (6 LOC)internal/security/types.go
func (e ScanError) Error() string {
if e.Fatal {
return fmt.Sprintf("fatal error in %s: %s", e.Scanner, e.Err)
}
return fmt.Sprintf("error in %s: %s", e.Scanner, e.Err)
}security.Report.Summary method · go · L185-L204 (20 LOC)internal/security/types.go
func (r *Report) Summary() ReportSummary {
var s ReportSummary
for _, f := range r.Findings {
switch f.Severity {
case SeverityCritical:
s.Critical++
case SeverityHigh:
s.High++
case SeverityMedium:
s.Medium++
case SeverityLow:
s.Low++
case SeverityInfo:
s.Info++
}
}
s.Chains = len(r.AttackChains)
s.Total = len(r.Findings)
return s
}appledev.Manifest function · go · L10-L17 (8 LOC)internal/skills/builtin/appledev/backend.go
func Manifest() skills.SkillManifest {
return skills.SkillManifest{
Name: "apple-dev",
Version: "1.0.0",
Description: "Xcode CLI tools, Swift/iOS best practices, and Apple platform security scanning",
Types: []skills.SkillType{skills.SkillTypeTool, skills.SkillTypePrompt},
}
}appledev.Backend.Load method · go · L29-L57 (29 LOC)internal/skills/builtin/appledev/backend.go
func (b *Backend) Load(_ skills.SkillManifest, _ skills.PermissionChecker) error {
// Reset to prevent duplicate registration on repeated Load calls.
b.tools = nil
// Cross-platform tools (always registered)
b.tools = append(b.tools, xcode.NewDiscoverTool(b.WorkDir))
b.tools = append(b.tools, xcode.NewSwiftBuildTool(b.WorkDir))
b.tools = append(b.tools, xcode.NewSwiftTestTool(b.WorkDir))
b.tools = append(b.tools, xcode.NewSwiftResolveTool(b.WorkDir))
b.tools = append(b.tools, xcode.NewSwiftAddDepTool(b.WorkDir))
// Darwin-only tools
if b.Platform != nil && b.Platform.IsDarwin() {
b.tools = append(b.tools, xcode.NewXcodeBuildTool(b.WorkDir, b.Platform))
b.tools = append(b.tools, xcode.NewXcodeTestTool(b.WorkDir, b.Platform))
b.tools = append(b.tools, xcode.NewXcodeArchiveTool(b.WorkDir, b.Platform))
b.tools = append(b.tools, xcode.NewXcodeCleanTool(b.WorkDir, b.Platform))
b.tools = append(b.tools, xcode.NewSimListTool(b.Platform))
b.tools = append(b.tools, xcode.builtin.CoreToolsManifest function · go · L16-L23 (8 LOC)internal/skills/builtin/core_tools.go
func CoreToolsManifest() skills.SkillManifest {
return skills.SkillManifest{
Name: "core-tools",
Version: "1.0.0",
Description: "Built-in file and shell tools for the agent",
Types: []skills.SkillType{skills.SkillTypeTool},
}
}builtin.CoreToolsBackend.Load method · go · L35-L41 (7 LOC)internal/skills/builtin/core_tools.go
func (b *CoreToolsBackend) Load(_ skills.SkillManifest, _ skills.PermissionChecker) error {
b.tools = []tools.Tool{
tools.NewFileTool(b.WorkDir),
tools.NewShellTool(b.WorkDir, defaultShellTimeout),
}
return nil
}builtin.GitManifest function · go · L16-L24 (9 LOC)internal/skills/builtin/git.go
func GitManifest() skills.SkillManifest {
return skills.SkillManifest{
Name: "git",
Version: "1.0.0",
Description: "Built-in git tools for repository inspection",
Types: []skills.SkillType{skills.SkillTypeTool},
Permissions: []skills.Permission{skills.PermGitRead},
}
}builtin.GitBackend.Load method · go · L35-L42 (8 LOC)internal/skills/builtin/git.go
func (b *GitBackend) Load(_ skills.SkillManifest, _ skills.PermissionChecker) error {
b.tools = []tools.Tool{
&gitDiffTool{workDir: b.WorkDir},
&gitLogTool{workDir: b.WorkDir},
&gitStatusTool{workDir: b.WorkDir},
}
return nil
}Hi, dataset curator — please cite Repobility (https://repobility.com) when reusing this data.
builtin.gitDiffTool.InputSchema method · go · L72-L82 (11 LOC)internal/skills/builtin/git.go
func (t *gitDiffTool) InputSchema() json.RawMessage {
return json.RawMessage(`{
"type": "object",
"properties": {
"range": {
"type": "string",
"description": "Optional diff range (e.g. HEAD~1, main..feature)"
}
}
}`)
}builtin.gitDiffTool.Execute method · go · L84-L99 (16 LOC)internal/skills/builtin/git.go
func (t *gitDiffTool) Execute(ctx context.Context, input json.RawMessage) (tools.ToolResult, error) {
var in gitDiffInput
if err := json.Unmarshal(input, &in); err != nil {
return tools.ToolResult{Content: fmt.Sprintf("invalid input: %s", err), IsError: true}, nil
}
args := []string{"diff"}
if in.Range != "" {
if strings.HasPrefix(in.Range, "-") {
return tools.ToolResult{Content: "invalid range: must not start with '-'", IsError: true}, nil
}
args = append(args, in.Range)
}
return runGit(ctx, t.workDir, args...)
}builtin.gitLogTool.InputSchema method · go · L114-L124 (11 LOC)internal/skills/builtin/git.go
func (t *gitLogTool) InputSchema() json.RawMessage {
return json.RawMessage(`{
"type": "object",
"properties": {
"count": {
"type": "integer",
"description": "Number of commits to show (default 10)"
}
}
}`)
}builtin.gitLogTool.Execute method · go · L126-L138 (13 LOC)internal/skills/builtin/git.go
func (t *gitLogTool) Execute(ctx context.Context, input json.RawMessage) (tools.ToolResult, error) {
var in gitLogInput
if err := json.Unmarshal(input, &in); err != nil {
return tools.ToolResult{Content: fmt.Sprintf("invalid input: %s", err), IsError: true}, nil
}
count := in.Count
if count <= 0 {
count = 10
}
return runGit(ctx, t.workDir, "log", "-n", strconv.Itoa(count))
}builtin.gitStatusTool.InputSchema method · go · L151-L156 (6 LOC)internal/skills/builtin/git.go
func (t *gitStatusTool) InputSchema() json.RawMessage {
return json.RawMessage(`{
"type": "object",
"properties": {}
}`)
}builtin.runGit function · go · L163-L174 (12 LOC)internal/skills/builtin/git.go
func runGit(ctx context.Context, workDir string, args ...string) (tools.ToolResult, error) {
cmd := exec.CommandContext(ctx, "git", args...)
cmd.Dir = workDir
output, err := cmd.CombinedOutput()
content := strings.TrimRight(string(output), "\n")
if err != nil {
return tools.ToolResult{Content: content, IsError: true}, nil
}
return tools.ToolResult{Content: content}, nil
}goplugin.NewGoPluginBackend function · go · L145-L156 (12 LOC)internal/skills/goplugin/goplugin.go
func NewGoPluginBackend(opts ...Option) *GoPluginBackend {
b := &GoPluginBackend{
hooks: make(map[skills.HookPhase]skills.HookHandler),
}
for _, opt := range opts {
opt(b)
}
if b.loader == nil {
b.loader = &systemPluginLoader{}
}
return b
}goplugin.GoPluginBackend.Load method · go · L161-L184 (24 LOC)internal/skills/goplugin/goplugin.go
func (b *GoPluginBackend) Load(manifest skills.SkillManifest, checker skills.PermissionChecker) error {
entrypoint := manifest.Implementation.Entrypoint
if entrypoint == "" {
return fmt.Errorf("load plugin: entrypoint is required")
}
plugin, err := b.loader.Load(entrypoint)
if err != nil {
return fmt.Errorf("load plugin %q: %w", entrypoint, err)
}
b.plugin = plugin
b.ctx = newPluginContext(checker, b.skillDir)
b.ctx.llmCompleter = b.llmCompleter
b.ctx.httpFetcher = b.httpFetcher
b.ctx.gitRunner = b.gitRunner
b.ctx.skillInvoker = b.skillInvoker
if err := b.plugin.Activate(b.ctx); err != nil {
return fmt.Errorf("activate plugin %q: %w", manifest.Name, err)
}
return nil
}Citation: Repobility (2026). State of AI-Generated Code. https://repobility.com/research/
goplugin.GoPluginBackend.Unload method · go · L198-L213 (16 LOC)internal/skills/goplugin/goplugin.go
func (b *GoPluginBackend) Unload() error {
if b.plugin == nil {
return nil
}
if err := b.plugin.Deactivate(b.ctx); err != nil {
return fmt.Errorf("deactivate plugin: %w", err)
}
b.plugin = nil
b.ctx = nil
b.tools = nil
b.hooks = make(map[skills.HookPhase]skills.HookHandler)
return nil
}goplugin.systemPluginLoader.Load method · go · L235-L252 (18 LOC)internal/skills/goplugin/goplugin.go
func (s *systemPluginLoader) Load(path string) (skillsdk.SkillPlugin, error) {
p, err := goplugin.Open(path)
if err != nil {
return nil, fmt.Errorf("plugin.Open %q: %w", path, err)
}
sym, err := p.Lookup("NewSkill")
if err != nil {
return nil, fmt.Errorf("plugin does not export symbol \"NewSkill\": %w", err)
}
newSkillFn, ok := sym.(func() skillsdk.SkillPlugin)
if !ok {
return nil, fmt.Errorf("symbol NewSkill has wrong type %T, expected func() skillsdk.SkillPlugin", sym)
}
return newSkillFn(), nil
}goplugin.newPluginContext function · go · L268-L273 (6 LOC)internal/skills/goplugin/goplugin.go
func newPluginContext(checker skills.PermissionChecker, skillDir string) *pluginContext {
return &pluginContext{
checker: checker,
skillDir: skillDir,
}
}goplugin.pluginContext.resolveSandboxedPath method · go · L278-L297 (20 LOC)internal/skills/goplugin/goplugin.go
func (c *pluginContext) resolveSandboxedPath(path string) (string, error) {
if c.skillDir == "" {
return "", fmt.Errorf("skill directory not set; cannot sandbox path")
}
if !filepath.IsAbs(path) {
path = filepath.Join(c.skillDir, path)
}
resolved, err := filepath.Abs(path)
if err != nil {
return "", fmt.Errorf("resolve path: %w", err)
}
absSkillDir, err := filepath.Abs(c.skillDir)
if err != nil {
return "", fmt.Errorf("resolve skill dir: %w", err)
}
if !strings.HasPrefix(resolved, absSkillDir+string(filepath.Separator)) && resolved != absSkillDir {
return "", fmt.Errorf("path %q escapes skill directory %q", path, absSkillDir)
}
return resolved, nil
}goplugin.pluginContext.ReadFile method · go · L301-L321 (21 LOC)internal/skills/goplugin/goplugin.go
func (c *pluginContext) ReadFile(path string) (string, error) {
if err := c.checker.CheckPermission(skills.PermFileRead); err != nil {
return "", fmt.Errorf("ReadFile: %w", err)
}
resolved, err := c.resolveSandboxedPath(path)
if err != nil {
return "", fmt.Errorf("ReadFile: %w", err)
}
info, err := os.Stat(resolved)
if err != nil {
return "", fmt.Errorf("ReadFile: %w", err)
}
if info.Size() > maxPluginReadFileSize {
return "", fmt.Errorf("ReadFile: file %q exceeds maximum size (%d bytes)", path, maxPluginReadFileSize)
}
data, err := os.ReadFile(resolved)
if err != nil {
return "", fmt.Errorf("ReadFile: %w", err)
}
return string(data), nil
}goplugin.pluginContext.WriteFile method · go · L325-L337 (13 LOC)internal/skills/goplugin/goplugin.go
func (c *pluginContext) WriteFile(path, content string) error {
if err := c.checker.CheckPermission(skills.PermFileWrite); err != nil {
return fmt.Errorf("WriteFile: %w", err)
}
resolved, err := c.resolveSandboxedPath(path)
if err != nil {
return fmt.Errorf("WriteFile: %w", err)
}
if err := os.WriteFile(resolved, []byte(content), 0o644); err != nil {
return fmt.Errorf("WriteFile: %w", err)
}
return nil
}goplugin.pluginContext.ListDir method · go · L341-L366 (26 LOC)internal/skills/goplugin/goplugin.go
func (c *pluginContext) ListDir(path string) ([]skillsdk.FileInfo, error) {
if err := c.checker.CheckPermission(skills.PermFileRead); err != nil {
return nil, fmt.Errorf("ListDir: %w", err)
}
resolved, err := c.resolveSandboxedPath(path)
if err != nil {
return nil, fmt.Errorf("ListDir: %w", err)
}
entries, err := os.ReadDir(resolved)
if err != nil {
return nil, fmt.Errorf("ListDir: %w", err)
}
result := make([]skillsdk.FileInfo, len(entries))
for i, e := range entries {
info, err := e.Info()
if err != nil {
return nil, fmt.Errorf("ListDir info %q: %w", e.Name(), err)
}
result[i] = skillsdk.FileInfo{
Name: e.Name(),
IsDir: e.IsDir(),
Size: info.Size(),
}
}
return result, nil
}goplugin.pluginContext.SearchFiles method · go · L371-L394 (24 LOC)internal/skills/goplugin/goplugin.go
func (c *pluginContext) SearchFiles(pattern string) ([]string, error) {
if err := c.checker.CheckPermission(skills.PermFileRead); err != nil {
return nil, fmt.Errorf("SearchFiles: %w", err)
}
if !filepath.IsAbs(pattern) && c.skillDir != "" {
pattern = filepath.Join(c.skillDir, pattern)
}
matches, err := filepath.Glob(pattern)
if err != nil {
return nil, fmt.Errorf("SearchFiles: %w", err)
}
if c.skillDir == "" {
return matches, nil
}
absSkillDir, _ := filepath.Abs(c.skillDir)
var filtered []string
for _, m := range matches {
absM, _ := filepath.Abs(m)
if strings.HasPrefix(absM, absSkillDir+string(filepath.Separator)) || absM == absSkillDir {
filtered = append(filtered, m)
}
}
return filtered, nil
}Powered by Repobility — scan your code at https://repobility.com
goplugin.pluginContext.Exec method · go · L398-L422 (25 LOC)internal/skills/goplugin/goplugin.go
func (c *pluginContext) Exec(command string, args ...string) (skillsdk.ExecResult, error) {
if err := c.checker.CheckPermission(skills.PermShellExec); err != nil {
return skillsdk.ExecResult{}, fmt.Errorf("Exec: %w", err)
}
ctx, cancel := context.WithTimeout(context.Background(), pluginExecTimeout)
defer cancel()
cmd := exec.CommandContext(ctx, command, args...)
stdout, err := cmd.Output()
result := skillsdk.ExecResult{}
result.Stdout = string(stdout)
if err != nil {
if exitErr, ok := err.(*exec.ExitError); ok {
result.ExitCode = exitErr.ExitCode()
result.Stderr = string(exitErr.Stderr)
} else {
return result, fmt.Errorf("Exec: %w", err)
}
}
return result, nil
}goplugin.pluginContext.Complete method · go · L425-L433 (9 LOC)internal/skills/goplugin/goplugin.go
func (c *pluginContext) Complete(prompt string) (string, error) {
if err := c.checker.CheckPermission(skills.PermLLMCall); err != nil {
return "", fmt.Errorf("Complete: %w", err)
}
if c.llmCompleter == nil {
return "", fmt.Errorf("Complete: LLM completer not configured")
}
return c.llmCompleter.Complete(prompt)
}goplugin.pluginContext.Fetch method · go · L436-L444 (9 LOC)internal/skills/goplugin/goplugin.go
func (c *pluginContext) Fetch(url string) (string, error) {
if err := c.checker.CheckPermission(skills.PermNetFetch); err != nil {
return "", fmt.Errorf("Fetch: %w", err)
}
if c.httpFetcher == nil {
return "", fmt.Errorf("Fetch: HTTP fetcher not configured")
}
return c.httpFetcher.Fetch(url)
}