Skip to content

Commit 5d1aa08

Browse files
committed
Refactor to use same consistent var naming
1 parent 3200a0f commit 5d1aa08

5 files changed

Lines changed: 34 additions & 85 deletions

File tree

pkg/github/gists.go

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -101,13 +101,7 @@ func ListGists(t translations.TranslationHelperFunc) inventory.ServerTool {
101101
}
102102

103103
result := utils.NewToolResultText(string(r))
104-
// Gist contents are user-authored (untrusted); confidentiality is
105-
// the IFC join of each gist's own public/secret flag.
106-
visibilities := make([]bool, 0, len(gists))
107-
for _, g := range gists {
108-
visibilities = append(visibilities, g.GetPublic())
109-
}
110-
result = attachJoinedIFCLabel(ctx, deps, result, visibilities, ifc.LabelGistList)
104+
result = attachStaticIFCLabel(ctx, deps, result, ifc.LabelGistList())
111105
return result, nil, nil
112106
},
113107
)
@@ -167,9 +161,7 @@ func GetGist(t translations.TranslationHelperFunc) inventory.ServerTool {
167161
}
168162

169163
result := utils.NewToolResultText(string(r))
170-
// Gist contents are user-authored (untrusted); confidentiality
171-
// derives from the gist's own public/secret flag.
172-
result = attachStaticIFCLabel(ctx, deps, result, ifc.LabelGist(gist.GetPublic()))
164+
result = attachStaticIFCLabel(ctx, deps, result, ifc.LabelGist())
173165
return result, nil, nil
174166
},
175167
)

pkg/github/ifc_labels.go

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -97,12 +97,11 @@ func attachRepoVisibilityIFCLabelLazy(
9797
}
9898

9999
// attachJoinedIFCLabel attaches an IFC label computed by joining a set of
100-
// per-item visibilities (true == private for repositories, true == public for
101-
// gists) when IFC labels are enabled. joinFn is the lattice join for the
102-
// relevant item kind (e.g. ifc.LabelSearchIssues or ifc.LabelGistList). The
103-
// visibility slice is cheap to build from an already-fetched response, so
104-
// callers may construct it unconditionally and let this helper own the
105-
// feature-flag gate.
100+
// per-item visibilities (true == private) when IFC labels are enabled. joinFn
101+
// is the lattice join for the relevant item kind (e.g. ifc.LabelSearchIssues or
102+
// ifc.LabelGistList). The visibility slice is cheap to build from an
103+
// already-fetched response, so callers may construct it unconditionally and let
104+
// this helper own the feature-flag gate.
106105
func attachJoinedIFCLabel(
107106
ctx context.Context,
108107
deps ToolDependencies,

pkg/github/projects.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -232,9 +232,9 @@ Use this tool to list projects for a user or organization, or list project field
232232
// labels are enabled. Project titles, item content, field
233233
// definitions, and status updates are user-authored free text
234234
// (untrusted); confidentiality is conservatively private since the
235-
// project's public flag is not available across every sub-result.
235+
// project's privacy is not available across every sub-result.
236236
attachIFC := func(r *mcp.CallToolResult) *mcp.CallToolResult {
237-
return attachStaticIFCLabel(ctx, deps, r, ifc.LabelProject(false))
237+
return attachStaticIFCLabel(ctx, deps, r, ifc.LabelProject(true))
238238
}
239239

240240
switch method {
@@ -349,9 +349,9 @@ Use this tool to get details about individual projects, project fields, and proj
349349
// attachIFC adds the IFC label to a successful result when IFC
350350
// labels are enabled. Project data is user-authored free text
351351
// (untrusted); confidentiality is conservatively private since the
352-
// project's public flag is not available across every sub-result.
352+
// project's privacy is not available across every sub-result.
353353
attachIFC := func(r *mcp.CallToolResult) *mcp.CallToolResult {
354-
return attachStaticIFCLabel(ctx, deps, r, ifc.LabelProject(false))
354+
return attachStaticIFCLabel(ctx, deps, r, ifc.LabelProject(true))
355355
}
356356

357357
// Handle get_project_status_update early — it only needs status_update_id

pkg/ifc/ifc.go

Lines changed: 13 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -285,32 +285,21 @@ func LabelRepositorySecurityAdvisory(isPrivate bool, allPublished bool) Security
285285
// LabelGist returns the IFC label for gist content.
286286
//
287287
// Integrity is untrusted: gist contents are arbitrary user-authored text.
288-
// Confidentiality derives from the gist's own visibility rather than any
289-
// repository — public gists are universally readable, while secret gists are
290-
// restricted to those who hold the gist URL (modeled with the opaque "private"
291-
// marker).
292-
func LabelGist(isPublic bool) SecurityLabel {
293-
if isPublic {
294-
return PublicUntrusted()
295-
}
296-
return PrivateUntrusted()
288+
// Confidentiality is public because secret gists are URL-accessible and cannot
289+
// be modeled as private to a GitHub reader set.
290+
func LabelGist() SecurityLabel {
291+
return PublicUntrusted()
297292
}
298293

299294
// LabelGistList returns the IFC label for a list of gists belonging to a user,
300295
// joining the per-gist confidentiality across the result set.
301296
//
302-
// Integrity is untrusted (user-authored content). Confidentiality follows the
303-
// IFC meet: if any gist in the result is secret the joined label is private;
304-
// otherwise public. An empty result is treated as public-untrusted.
297+
// Integrity is untrusted (user-authored content). Confidentiality is public
298+
// because even secret gists are URL-accessible.
305299
//
306300
// See LabelSearchIssues for why list results carry a single joined label
307301
// rather than one label per item.
308-
func LabelGistList(gistVisibilities []bool) SecurityLabel {
309-
for _, isPublic := range gistVisibilities {
310-
if !isPublic {
311-
return PrivateUntrusted()
312-
}
313-
}
302+
func LabelGistList() SecurityLabel {
314303
return PublicUntrusted()
315304
}
316305

@@ -319,13 +308,13 @@ func LabelGistList(gistVisibilities []bool) SecurityLabel {
319308
//
320309
// Integrity is untrusted: project titles, item content, and status update
321310
// bodies are user-authored free text. Confidentiality derives from the
322-
// project's own public flag — public projects are universally readable, while
323-
// private projects restrict the reader set.
324-
func LabelProject(isPublic bool) SecurityLabel {
325-
if isPublic {
326-
return PublicUntrusted()
311+
// project's own privacy — private projects restrict the reader set, while
312+
// public projects are universally readable.
313+
func LabelProject(isPrivate bool) SecurityLabel {
314+
if isPrivate {
315+
return PrivateUntrusted()
327316
}
328-
return PrivateUntrusted()
317+
return PublicUntrusted()
329318
}
330319

331320
// LabelTeam returns the IFC label for organization team membership data

pkg/ifc/ifc_test.go

Lines changed: 10 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ func TestLabelSearchIssues(t *testing.T) {
4747

4848
tests := []struct {
4949
name string
50-
visibilities []bool
50+
visibilities []bool // true == private
5151
wantIntegrity Integrity
5252
wantConfidential Confidentiality
5353
}{
@@ -250,71 +250,40 @@ func TestLabelGist(t *testing.T) {
250250

251251
t.Run("public gist is untrusted and public", func(t *testing.T) {
252252
t.Parallel()
253-
label := LabelGist(true)
253+
label := LabelGist()
254254
assert.Equal(t, IntegrityUntrusted, label.Integrity)
255255
assert.Equal(t, ConfidentialityPublic, label.Confidentiality)
256256
})
257257

258-
t.Run("secret gist is untrusted and private", func(t *testing.T) {
258+
t.Run("secret gist is untrusted and public", func(t *testing.T) {
259259
t.Parallel()
260-
label := LabelGist(false)
260+
label := LabelGist()
261261
assert.Equal(t, IntegrityUntrusted, label.Integrity)
262-
assert.Equal(t, ConfidentialityPrivate, label.Confidentiality)
262+
assert.Equal(t, ConfidentialityPublic, label.Confidentiality)
263263
})
264264
}
265265

266266
func TestLabelGistList(t *testing.T) {
267267
t.Parallel()
268268

269-
tests := []struct {
270-
name string
271-
visibilities []bool // true == public
272-
wantConfidential Confidentiality
273-
}{
274-
{
275-
name: "empty result is treated as public",
276-
wantConfidential: ConfidentialityPublic,
277-
},
278-
{
279-
name: "all public gists stay public",
280-
visibilities: []bool{true, true},
281-
wantConfidential: ConfidentialityPublic,
282-
},
283-
{
284-
name: "any secret gist flips to private",
285-
visibilities: []bool{true, false, true},
286-
wantConfidential: ConfidentialityPrivate,
287-
},
288-
{
289-
name: "all secret gists stay private",
290-
visibilities: []bool{false, false},
291-
wantConfidential: ConfidentialityPrivate,
292-
},
293-
}
294-
295-
for _, tc := range tests {
296-
t.Run(tc.name, func(t *testing.T) {
297-
t.Parallel()
298-
label := LabelGistList(tc.visibilities)
299-
assert.Equal(t, IntegrityUntrusted, label.Integrity)
300-
assert.Equal(t, tc.wantConfidential, label.Confidentiality)
301-
})
302-
}
269+
label := LabelGistList()
270+
assert.Equal(t, IntegrityUntrusted, label.Integrity)
271+
assert.Equal(t, ConfidentialityPublic, label.Confidentiality)
303272
}
304273

305274
func TestLabelProject(t *testing.T) {
306275
t.Parallel()
307276

308277
t.Run("public project is untrusted and public", func(t *testing.T) {
309278
t.Parallel()
310-
label := LabelProject(true)
279+
label := LabelProject(false)
311280
assert.Equal(t, IntegrityUntrusted, label.Integrity)
312281
assert.Equal(t, ConfidentialityPublic, label.Confidentiality)
313282
})
314283

315284
t.Run("private project is untrusted and private", func(t *testing.T) {
316285
t.Parallel()
317-
label := LabelProject(false)
286+
label := LabelProject(true)
318287
assert.Equal(t, IntegrityUntrusted, label.Integrity)
319288
assert.Equal(t, ConfidentialityPrivate, label.Confidentiality)
320289
})

0 commit comments

Comments
 (0)