Skip to content

Next release#1711

Merged
jokob-sk merged 3 commits into
mainfrom
next_release
Jul 12, 2026
Merged

Next release#1711
jokob-sk merged 3 commits into
mainfrom
next_release

Conversation

@jokob-sk

@jokob-sk jokob-sk commented Jul 12, 2026

Copy link
Copy Markdown
Collaborator

Summary by CodeRabbit

  • Improvements

    • Refined plugin page spacing and table layout (including DataTables sizing).
    • Fixed plugin sync progress numbering.
    • Improved language fallback using cached English core/plugin strings.
    • Log access now retains only recent entries more efficiently.
    • Accelerated vendor identification via in-memory OUI caching.
    • Added case-insensitive indexes for improved lookup behavior.
  • Security / Bug Fixes

    • Config replacement endpoint now requires authentication, validates allowlisted filenames, writes safely with backups, and uses stricter error handling.
    • Hardened scan/stat handling, port parsing, and non-string settings conversions.

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 72d56946-ca1b-456b-9187-45198c6376de

📥 Commits

Reviewing files that changed from the base of the PR and between c88cf76 and e294a18.

📒 Files selected for processing (2)
  • server/api_server/graphql_endpoint.py
  • server/helper.py

📝 Walkthrough

Walkthrough

The changes update plugin presentation and synchronization reporting, secure configuration writes, API language and log handling, request validation, database indexes, and scan-time value and vendor lookup behavior.

Changes

Plugin interface updates

Layer / File(s) Summary
Plugin layout and synchronization
front/css/app.css, front/pluginsCore.php, front/plugins/sync/sync.py
Plugin spacing and table sizing are adjusted, while synchronization logs now report cumulative progress.

Configuration replacement endpoint

Layer / File(s) Summary
Secure configuration writes
front/php/server/query_replace_config.php
Authentication, allowlisted filenames, strict decoding, backups, locked writes, and HTTP error handling are added.

API runtime handling

Layer / File(s) Summary
Configurable language fallback
server/api_server/graphql_endpoint.py
Language files use INSTALL_PATH, and English fallback values are indexed once for reuse.
Request and log handling
server/api_server/openapi/validation.py, server/api_server/mcp_endpoint.py
HEAD requests bypass validation, and log resources retain only the last 500 lines.
MCP routing adjustments
server/api_server/mcp_endpoint.py
Formatting and section-boundary changes are applied around MCP routing and resource handling.

Database and scan robustness

Layer / File(s) Summary
Case-insensitive MAC indexes
server/db/db_upgrade.py
Lower-case MAC indexes are added for sessions, events, devices, and parent devices.
Defensive value handling
server/helper.py, server/models/device_instance.py
Non-string conversion inputs and malformed port values are handled without attribute or conversion errors.
Scan statistics and vendor cache
server/scan/device_handling.py
Empty statistics receive defaults, and MAC vendor data is cached with file path and modification-time refresh handling.
🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 60.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check ❓ Inconclusive The title is too generic and does not describe the specific code changes in this pull request. Use a concise, specific title that reflects the main change, such as the security and stability updates made in this release.
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch next_release

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
server/helper.py (1)

318-319: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Unguarded .lower() on the boolean branch.

Line 319 calls set_value.lower() without an isinstance(set_value, str) check — the same class of bug fixed on line 305. If set_value is a bool or int (e.g., True or 1), this will raise AttributeError.

🛡️ Proposed fix
     # boolean handling
     elif dataType == "boolean" and elementType == "input":
-        value = set_value.lower() in ["true", "1"]
+        if isinstance(set_value, str):
+            value = set_value.lower() in ["true", "1"]
+        elif isinstance(set_value, bool):
+            value = set_value
+        else:
+            value = str(set_value).lower() in ["true", "1"]
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@server/helper.py` around lines 318 - 319, Update the boolean input branch in
the set_value handling to guard the .lower() call with the same string-type
validation used by the earlier boolean path, while preserving true/1 string
parsing and supporting non-string boolean or integer values without raising
AttributeError.
🧹 Nitpick comments (1)
server/scan/device_handling.py (1)

1371-1467: 🩺 Stability & Availability | 🔵 Trivial | 💤 Low value

LGTM! The in-memory vendor cache with mtime-based invalidation is a solid improvement over per-call file I/O. Cache keys and lookup prefix are consistently lowercased.

The static analysis path-traversal warning on line 1417 is a false positive — vendorsPathNewest and vendorsPath are module-level file paths, not request-derived inputs.

One minor note: PermissionError (a subclass of OSError) is not caught by the except FileNotFoundError on line 1427, so a permissions issue would propagate as an unhandled exception. Consider broadening to except OSError for consistency with the mtime check on line 1406.

🛡️ Proposed fix
-    except FileNotFoundError:
+    except OSError:
         mylog("none", [f"[Vendor Check] ⚠ ERROR: Vendors file '{file_path}' not found."])
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@server/scan/device_handling.py` around lines 1371 - 1467, Update the
file-reading exception handling in _load_vendor_cache to catch OSError instead
of only FileNotFoundError, ensuring PermissionError and other filesystem
failures follow the existing vendor-file error logging path.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@server/api_server/graphql_endpoint.py`:
- Around line 610-628: Update the English fallback block in the language-loading
function to ensure core English strings are loaded into
_langstrings_cache["core_en_us"] on demand before building en_map, even when the
requested langCode is different. Reuse the existing core-language file-loading
logic and preserve the current non-mutating lookup and fallback behavior.

---

Outside diff comments:
In `@server/helper.py`:
- Around line 318-319: Update the boolean input branch in the set_value handling
to guard the .lower() call with the same string-type validation used by the
earlier boolean path, while preserving true/1 string parsing and supporting
non-string boolean or integer values without raising AttributeError.

---

Nitpick comments:
In `@server/scan/device_handling.py`:
- Around line 1371-1467: Update the file-reading exception handling in
_load_vendor_cache to catch OSError instead of only FileNotFoundError, ensuring
PermissionError and other filesystem failures follow the existing vendor-file
error logging path.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 32405ec0-ef1b-4cfc-8f77-188a3b80e79b

📥 Commits

Reviewing files that changed from the base of the PR and between 90c63cf and c88cf76.

📒 Files selected for processing (11)
  • front/css/app.css
  • front/php/server/query_replace_config.php
  • front/plugins/sync/sync.py
  • front/pluginsCore.php
  • server/api_server/graphql_endpoint.py
  • server/api_server/mcp_endpoint.py
  • server/api_server/openapi/validation.py
  • server/db/db_upgrade.py
  • server/helper.py
  • server/models/device_instance.py
  • server/scan/device_handling.py

Comment thread server/api_server/graphql_endpoint.py
@jokob-sk jokob-sk merged commit d5e9e09 into main Jul 12, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant