fix: link invalid uploads to fallback group (#108)#113
Conversation
|
Ready to review this PR? Stage has broken it down into 2 individual chapters for you:
Chapters generated by Stage for commit 4df2e9f on Jun 24, 2026 6:29am UTC. |
|
Warning Review limit reached
More reviews will be available in 37 minutes and 19 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
agent-p1p
left a comment
agent-p1p
left a comment
There was a problem hiding this comment.
Pip adversarial review — PR #113 (goggles#108)
Verdict: APPROVE — 0 blocking, 1 suggestion, 2 nitpicks.
The fix is correct, minimal, and exactly mirrors the prescribed remedy and the create_events() precedent: a single audit_file.groups.add(fallback_group) inside the transaction.atomic() block, guarded by fallback_group is not None, alongside the existing updated_at bump. Wholesale-quarantined uploads now appear in groups_for_audit_file (API response + detail page), audit_files_for_group (Files tab), and the group file_count. groups.add is idempotent, so the fallback_group is None path and the dedup races are unaffected. All 156 forensics tests pass. The regression test meaningfully exercises both helper paths and the API group/groups shape on the real non-UTF-8 byte path. No security/privacy regression — linking only attaches the file to the same fallback group its FK already pointed at, and nothing sensitive is logged.
🔴 BLOCKING
none
💡 SUGGESTION
except Exceptionquarantine path is uncovered for the M2M link —forensics/ingest.py:323-325.save_invalid_uploadhas two callers: the non-UTF-8 decode path (ingest.py:159) and the defense-in-depthexcept Exceptionquarantine (ingest.py:251). The new test (tests.py:1097) exercises only the non-UTF-8 path. The existingexcept Exceptiontest (test_unexpected_ingest_error_quarantines_upload_not_500,tests.py:2118) posts to the no-group endpoint, sofallback_group is Noneand the newgroups.addbranch is never hit there. Consider a quarantine-path upload to a group endpoint asserting the fallback-group link, since #108 names both as in-scope. (Same code line is shared, so this is coverage, not correctness.)
🔧 NITPICK
- Dedup early-returns still skip the M2M link —
forensics/ingest.py:289-291and327-329. Re-uploading identical invalid bytes with a different fallback group than the original returnscreated=Falseand never adds the new group. This is pre-existing, matches the valid path's identical behavior (ingest.py:178-180), is keyed on file-content hash (arguably correct dedup semantics), and is out of scope for #108. Flagging only so it's an explicit, conscious non-goal. No change requested. groups_for_audit_file(...) == [fallback_group]assertion relies on pk-based__eq__—forensics/tests.py:1117-1118. The annotatedaudit_files_for_grouprow equals the plain instance via Django pk comparison; works and is fine, just non-obvious.
Sensitive paths touched: none.
Adversarial review delegated to Cursor CLI (claude-opus-4-8-xhigh), findings verified independently against the checked-out branch. CI: Django tests pending; pip-audit pass; CodeRabbit rate-limited (no findings).
agent-p1p
force-pushed
the
pip/goggles-108
branch
from
e08c142 to
4df2e9f
Compare
|
Address-review update: rebased onto current master and addressed the adversarial review suggestion with |
1 participant
Summary
AuditGrouponAuditFile.groupsfor wholesale-quarantined uploadsTest Plan
DJANGO_DEBUG=1 uv run python manage.py test forensics.tests.AuditLogIngestionTests.test_invalid_utf8_group_upload_links_file_to_fallback_group -v 2failed withNone != 'mobile-qa'DJANGO_DEBUG=1 uv run python manage.py test forensics.tests.AuditLogIngestionTests.test_invalid_utf8_group_upload_links_file_to_fallback_group -v 2DJANGO_DEBUG=1 uv run python manage.py test forensics.tests.AuditLogIngestionTests.test_invalid_utf8_group_upload_links_file_to_fallback_group forensics.tests.AuditLogIngestionTests.test_invalid_utf8_upload_file_sha256_race_returns_existing_audit_file forensics.tests.AuditLogIngestionTests.test_absent_group_ref_with_fallback_group_still_uses_fallback forensics.tests.AuditLogIngestionTests.test_non_string_group_ref_with_fallback_group_is_not_rebucketed forensics.tests.AuditLogIngestionTests.test_malformed_string_group_ref_with_fallback_group_is_not_rebucketed -v 2DJANGO_DEBUG=1 uv run python manage.py testDJANGO_DEBUG=1 uv run python manage.py checkuv run ruff check .uv run ruff format --check .DJANGO_DEBUG=1 uv run python manage.py makemigrations --check --dry-runCloses #108