bf9395e022
CI / license-header (push) Has been skipped
CI / e2e-dry-run (push) Has been skipped
CI / fast-gate (push) Failing after 0s
Test PR Label Logic / test-pr-labels (push) Failing after 1s
Skill Format Check / check-format (push) Failing after 2s
CI / security (push) Failing after 5s
CI / unit-test (push) Has been skipped
CI / lint (push) Has been skipped
CI / script-test (push) Has been skipped
CI / deterministic-gate (push) Has been skipped
CI / coverage (push) Has been skipped
CI / results (push) Has been cancelled
CI / deadcode (push) Has been cancelled
CI / e2e-live (push) Has been cancelled
60 lines
1.6 KiB
Go
60 lines
1.6 KiB
Go
// Copyright (c) 2026 Lark Technologies Pte. Ltd.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package output
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"strings"
|
|
|
|
"github.com/larksuite/cli/errs"
|
|
extcs "github.com/larksuite/cli/extension/contentsafety"
|
|
)
|
|
|
|
// ScanResult holds the output of ScanForSafety.
|
|
type ScanResult struct {
|
|
Alert *extcs.Alert
|
|
Blocked bool
|
|
BlockErr error
|
|
}
|
|
|
|
// ScanForSafety runs content-safety scanning on the given data.
|
|
// cmdPath is the raw cobra CommandPath().
|
|
// When MODE=off, no provider registered, or the command is not allowlisted,
|
|
// returns a zero ScanResult.
|
|
func ScanForSafety(cmdPath string, data any, errOut io.Writer) ScanResult {
|
|
alert, csErr := runContentSafety(cmdPath, data, errOut)
|
|
if errors.Is(csErr, errBlocked) {
|
|
return ScanResult{
|
|
Alert: alert,
|
|
Blocked: true,
|
|
BlockErr: wrapBlockError(alert),
|
|
}
|
|
}
|
|
return ScanResult{Alert: alert}
|
|
}
|
|
|
|
// wrapBlockError creates a typed error for content-safety block.
|
|
func wrapBlockError(alert *extcs.Alert) error {
|
|
var matchedRules []string
|
|
if alert != nil {
|
|
matchedRules = alert.MatchedRules
|
|
}
|
|
return errs.NewContentSafetyError(errs.SubtypeContentSafety,
|
|
"content safety violation detected (rules: %s)", strings.Join(matchedRules, ", ")).
|
|
WithRules(matchedRules...).
|
|
WithCause(errBlocked)
|
|
}
|
|
|
|
// WriteAlertWarning writes a human-readable content-safety warning to w.
|
|
// Used by non-JSON output paths (pretty, table, csv) in warn mode.
|
|
func WriteAlertWarning(w io.Writer, alert *extcs.Alert) {
|
|
if alert == nil {
|
|
return
|
|
}
|
|
fmt.Fprintf(w, "warning: content safety alert from %s (rules: %s)\n",
|
|
alert.Provider, strings.Join(alert.MatchedRules, ", "))
|
|
}
|