WuYanBo
/
CodeReview
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
CodeReview/semgrep_results.json

2 lines
29 KiB
JSON
Raw Normal View History

feat(agent): enhance streaming with in-memory event manager and fallback polling - Implement dual-mode streaming: prioritize in-memory EventManager for running tasks with thinking_token support - Add fallback to database polling for completed tasks without thinking_token replay capability - Introduce SSE event formatter utility for consistent event serialization across streaming modes - Add 10ms micro-delay for thinking_token events to ensure proper TCP packet separation and frontend incremental rendering - Refactor stream_agent_with_thinking endpoint to support both runtime and historical event streaming - Update event filtering logic to handle both in-memory and database event sources - Improve logging with debug markers for thinking_token tracking and stream mode selection - Optimize polling intervals: 0.3s for running tasks, 2.0s for completed tasks - Reduce idle timeout from 10 minutes to 1 minute for completed task streams - Update frontend useAgentStream hook to handle unified event format from dual-mode streaming - Enhance AgentAudit UI to properly display streamed events from both sources
2025-12-12 10:39:32 +08:00
{"version":"1.145.0","results":[{"check_id":"dockerfile.security.missing-user.missing-user","path":"/Users/lintsinghua/XCodeReviewer/backend/Dockerfile","start":{"line":57,"col":1,"offset":1424},"end":{"line":57,"col":71,"offset":1494},"extra":{"message":"By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.","fix":"USER non-root\nCMD [\"uvicorn\", \"app.main:app\", \"--host\", \"0.0.0.0\", \"--port\", \"8000\"]","metadata":{"cwe":["CWE-250: Execution with Unnecessary Privileges"],"category":"security","technology":["dockerfile"],"confidence":"MEDIUM","owasp":["A04:2021 - Insecure Design"],"references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Authorization"],"source":"https://semgrep.dev/r/dockerfile.security.missing-user.missing-user","shortlink":"https://sg.run/Gbvn"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.sqlalchemy.performance.performance-improvements.len-all-count","path":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py","start":{"line":624,"col":34,"offset":23582},"end":{"line":626,"col":36,"offset":23719},"extra":{"message":"Using QUERY.count() instead of len(QUERY.all()) sends less data to the client since the SQLAlchemy method is performed server-side.","metadata":{"category":"performance","technology":["sqlalchemy"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","source":"https://semgrep.dev/r/python.sqlalchemy.performance.performance-improvements.len-all-count","shortlink":"https://sg.run/4y8g"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.sqlalchemy.performance.performance-improvements.len-all-count","path":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py","start":{"line":628,"col":31,"offset":23767},"end":{"line":630,"col":36,"offset":23910},"extra":{"message":"Using QUERY.count() instead of len(QUERY.all()) sends less data to the client since the SQLAlchemy method is performed server-side.","metadata":{"category":"performance","technology":["sqlalchemy"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","source":"https://semgrep.dev/r/python.sqlalchemy.performance.performance-improvements.len-all-count","shortlink":"https://sg.run/4y8g"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.sqlalchemy.performance.performance-improvements.len-all-count","path":"/Users/lintsinghua/XCodeReviewer/backend/app/api/v1/endpoints/database.py","start":{"line":632,"col":34,"offset":23961},"end":{"line":634,"col":36,"offset":24113},"extra":{"message":"Using QUERY.count() instead of len(QUERY.all()) sends less data to the client since the SQLAlchemy method is performed server-side.","metadata":{"category":"performance","technology":["sqlalchemy"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","source":"https://semgrep.dev/r/python.sqlalchemy.performance.performance-improvements.len-all-count","shortlink":"https://sg.run/4y8g"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.fastapi.security.wildcard-cors.wildcard-cors","path":"/Users/lintsinghua/XCodeReviewer/backend/app/main.py","start":{"line":59,"col":19,"offset":1793},"end":{"line":59,"col":24,"offset":1798},"extra":{"message":"CORS policy allows any