Skip to content

File filtering rework + bugfix for loading cli arg environment variables from .env + workflow Python version pin #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SimonGurney merged 10 commits into from
Nov 7, 2025
Merged

File filtering rework + bugfix for loading cli arg environment variables from .env + workflow Python version pin #65

SimonGurney merged 10 commits into from
Nov 7, 2025

Conversation

@kathamer
Copy link
Contributor

@kathamer kathamer commented Nov 7, 2025
edited
Loading

This pull request introduces the following features:

  • Complete rework of utils.filtering to introduce:
    • .gitignore style pattern matching for include/exclude rules: Inclusion/exclusion rules are now parsed using gitignore_parser, which makes them fully spec-compliant with .gitignore rules for more advanced file filtering
    • Command line file filtering arguments: The --exclude and --include CLI arguments can now be passed to SAIST to include extra file filtering rules on the fly, which are also parsed in .gitignore format and are appended to any rules gathered from saist.ignore/saist.include. (fixes Add command line file filtering #63)
    • Maximum line length checking: files or diffs with lines longer than the maximum line length, configurable via --max-line-length (default: 1000), are filtered out from analysis to avoid formatting issues with PDF generation and to avoid wasting tokens on processing minified code. This filter rule can be disabled for all files using --skip-line-length-check (fixes Truncate file lines greater than n characters #31)
    • Dry-run parameter and debug logging for included files: The --dry-run CLI argument can be used to load filtering rules and gather files to analyse, but exit before any analysis is done, which is useful in combination with verbose debug logging to see which files would be included for analysis in order to validate rule configuration.

And includes fixes for the following bugs:

  • Run load_dotenv() in utils.argparser to ensure command line arguments that can be alternatively supplied using an environment variable, such as SAIST_LLM_API_KEY can be loaded from the .env file
  • Pin Python version in SAIST workflow to 3.13 to fix failing check

kathamer added 10 commits November 6, 2025 17:00
@kathamer
bugfix: Load .env file within util.argparsing so env vars used as alt…
85570e6 
…ernatives to CLI arguments are properly populated
@kathamer
feat: Ignore files containing lines longer than a maximum length (def…
829e701 
…ault 1000) with cli flags --skip-line-length-check and --max-line-length
@kathamer
chore: Update README with new flags
ced8cca
@kathamer
feat: Add command line file include/ignore patterns --exclude and --i…
b21e8f7 
…nclude + refactor filtering into FilterRules class
@kathamer
feat: removed debug code and added --dry-run + debug logging for incl…
8087152 
…uded files
@kathamer
chore: Update README
b7a6f79
@kathamer
chore: Add docstrings + type hints in FilterRules
af6d920
@kathamer
feat: refactor FilterRules to use gitignore patterns for exclusion/in…
b7238da 
…clusion rules
@kathamer
chore: Update README
8510454
@kathamer
chore: fix Python version in workflow
188de2c
@kathamer kathamer linked an issue Nov 7, 2025 that may be closed by this pull request
Truncate file lines greater than n characters #31
Closed
github-actions[bot]
github-actions bot previously requested changes Nov 7, 2025
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Application Security Assessment Summary

Critical Security Issues

Environment File Security
We identified a critical vulnerability in the saist/util/argparsing.py file where the application loads environment variables from a hardcoded '.env' file without proper security validation. This implementation fails to verify the file source or check file permissions, creating a significant security exposure. Attackers could potentially inject malicious environment variables by modifying or replacing the .env file, leading to system compromise or unauthorized access.

Immediate remediation is required to implement proper file path validation, enforce strict file permission checks, and provide users with configurable environment file paths that include appropriate security controls.

@ThatPunkJohn ThatPunkJohn dismissed github-actions[bot]’s stale review November 7, 2025 09:48

It's complaining about using .env, this is irrelevant and not a security risk

SimonGurney
SimonGurney approved these changes Nov 7, 2025
View reviewed changes
Copy link
Contributor

@SimonGurney SimonGurney left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🏆

@SimonGurney SimonGurney merged commit a2fd224 into main Nov 7, 2025
2 checks passed
@SimonGurney SimonGurney deleted the feat-cli-file-filtering branch November 7, 2025 10:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SimonGurney SimonGurney SimonGurney approved these changes

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add command line file filtering Truncate file lines greater than n characters

2 participants

@kathamer @SimonGurney