Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Add opt-in filtering for content from users without push access#428

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Draft
Copilot wants to merge5 commits intomain
base:main
Choose a base branch
Loading
fromcopilot/fix-427

Conversation

Copilot
Copy link

@CopilotCopilotAI commentedMay 23, 2025
edited
Loading

Overview

This PR adds an opt-in way to limit issue, comment and PR input from users without push access to a specified repository. This helps mitigate prompt injection attacks when using this repo in headless contexts, especially for coding agents.

Implementation Details

  1. Added a new flag--trusted-repo to the CLI which takes a repository in the formatowner/repo
  2. Created a context-based content filtering system that checks if users have push access to the trusted repository
  3. Updated relevant tools (currentlyGetIssue andGetIssueComments) to filter content based on user permissions
  4. The filtering automatically disables itself for private repositories since all users with access to private repos are already trusted

Usage

To enable content filtering, start the server with the trusted repo flag:

github-mcp-server stdio --trusted-repo="owner/repo"

When filtering is enabled, any content from users without push access to the specified repository will be excluded from the results.

Technical Notes

  • The implementation caches user permission checks to avoid redundant API calls
  • For private repositories, the filter automatically disables itself
  • The design allows for easy extension to other tools that handle user-generated content

Fixes#427.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn moreCopilot coding agent tips in the docs.

CopilotAIand others added3 commitsMay 23, 2025 11:42
Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
@CopilotCopilotAI changed the title[WIP] Add an opt-in way to limit issue, comment and PR input from users without push accessAdd opt-in filtering for content from users without push accessMay 23, 2025
@CopilotCopilotAI requested a review fromSamMorrowDrumsMay 23, 2025 11:48
@SamMorrowDrums
Copy link
Collaborator

@copilot there are some linter errors and also endpoints like search issues and possibly others also need this (remember all pull request body text, comments, issues etc. should be filtered this way.

Also do not filter out content from the logged in user either.

…userCo-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
@CopilotCopilot SWE Agent
Copy link
Author

CopilotAI commentedMay 23, 2025
edited
Loading

@copilot there are some linter errors and also endpoints like search issues and possibly others also need this (remember all pull request body text, comments, issues etc. should be filtered this way.
...

I've fixed the content filtering to extend to more tools and also ensured content from the logged-in user won't be filtered. The changes include:

  1. Added filtering to: SearchIssues, ListIssues, GetPullRequest, ListPullRequests, GetPullRequestComments, GetPullRequestReviews
  2. Modified the content filter to store the authenticated user and exempt them from filtering
  3. Fixed function signatures and updated tests

All code now builds successfully. See commitb34ec6f.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

  • cdn.fwupd.org

If you need me to access, download, or install something from one of these locations, you can either:

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@SamMorrowDrumsSamMorrowDrumsAwaiting requested review from SamMorrowDrums

At least 1 approving review is required to merge this pull request.

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add an opt-in way to limit issue, comment and PR input from users without push access
2 participants
@Copilot@SamMorrowDrums
[8]ページ先頭
©2009-2025 Movatter.jp