diff --git a/.github/issue-assistant/src/security.js b/.github/issue-assistant/src/security.js index 917e8274..a4d3f9b9 100644 --- a/.github/issue-assistant/src/security.js +++ b/.github/issue-assistant/src/security.js @@ -183,6 +183,7 @@ async function validateRequest({ context, maxInputLength, rateLimitPerHour, + maxBotResponses, customInjectionPatterns, customSuspiciousPatterns }) { @@ -226,7 +227,7 @@ async function validateRequest({ errors.push('Rate limit exceeded'); } - if (comment) { + if (comment && maxBotResponses !== undefined) { const { data: comments } = await github.rest.issues.listComments({ owner: context.repo.owner, repo: context.repo.repo, @@ -237,7 +238,7 @@ async function validateRequest({ c.body && c.body.includes('') ); - if (botComments.length >= 3) { + if (botComments.length >= maxBotResponses) { errors.push('Maximum bot responses reached'); } } diff --git a/.github/workflows/issue-assistant.yml b/.github/workflows/issue-assistant.yml index 0e2e6920..9a355f8b 100644 --- a/.github/workflows/issue-assistant.yml +++ b/.github/workflows/issue-assistant.yml @@ -19,7 +19,7 @@ env: MAX_INPUT_LENGTH: 10000 MAX_BOT_RESPONSES: 4 MIN_RESPONSE_INTERVAL_SECONDS: 120 - RATE_LIMIT_PER_USER_PER_HOUR: 10 + RATE_LIMIT_PER_USER_PER_HOUR: 12 jobs: validate-and-triage: @@ -283,6 +283,7 @@ jobs: context, maxInputLength: parseInt(process.env.MAX_INPUT_LENGTH), rateLimitPerHour: parseInt(process.env.RATE_LIMIT_PER_USER_PER_HOUR), + maxBotResponses: parseInt(process.env.MAX_BOT_RESPONSES), customInjectionPatterns: injectionPatterns });