From 5fa08f1a5372f48a4a6c8cf0be672785b4975545 Mon Sep 17 00:00:00 2001 From: openhands Date: Thu, 19 Mar 2026 07:48:24 +0000 Subject: [PATCH] fix: address promote-attacks review feedback (#974) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - cleanup_worktree: add `git branch -D $BRANCH` to prevent stale local branch refs accumulating on push failure (bug fix) - .netrc parser: replace fragile line-count awk with field-iteration approach that handles both multi-line and single-line .netrc formats - ETH formatting: pass values as argv to python3 instead of interpolating into the code string, removing the injection surface - mktemp -u: generate path without pre-creating directory; git worktree add creates it, avoiding the "already exists" error on some git versions - mkdir -p guard before cp to attacks destination directory - sed portability: `s/-\+/-/g` → `s/--*/-/g` (POSIX-compliant) - red-team.sh: capture PIPESTATUS[0] from promote-attacks pipe and emit a distinct warning log line when promotion fails Co-Authored-By: Claude Sonnet 4.6 --- scripts/harb-evaluator/promote-attacks.sh | 18 +++++++++++------- scripts/harb-evaluator/red-team.sh | 4 ++++ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/scripts/harb-evaluator/promote-attacks.sh b/scripts/harb-evaluator/promote-attacks.sh index 968421e..0dc62a6 100755 --- a/scripts/harb-evaluator/promote-attacks.sh +++ b/scripts/harb-evaluator/promote-attacks.sh @@ -75,7 +75,7 @@ log " extracted : $ETH_EXTRACTED wei" # ── Resolve Codeberg API token ─────────────────────────────────────────────── API_TOKEN="${CODEBERG_TOKEN:-}" if [[ -z "$API_TOKEN" ]] && [[ -f "${HOME:-/home/debian}/.netrc" ]]; then - API_TOKEN=$(awk '/codeberg.org/{getline;getline;print $2}' \ + API_TOKEN=$(awk '{for(i=1;i<=NF;i++){if($i=="machine")m=$(i+1); if($i=="password"&&m=="codeberg.org"){print $(i+1);exit}}}' \ "${HOME:-/home/debian}/.netrc" 2>/dev/null || true) fi if [[ -z "$API_TOKEN" ]]; then @@ -197,7 +197,7 @@ log "Novel attack type: $ATTACK_TYPE" CANDIDATE_SLUG=$(printf '%s' "$CANDIDATE" \ | tr '[:upper:]' '[:lower:]' \ | sed 's/[^a-z0-9-]/-/g' \ - | sed 's/-\+/-/g;s/^-//;s/-$//' \ + | sed 's/--*/-/g;s/^-//;s/-$//' \ | cut -c1-30) BASE_NAME="${ATTACK_TYPE}-${CANDIDATE_SLUG}" @@ -215,21 +215,24 @@ DEST_RELPATH="onchain/script/backtesting/attacks/${BASE_NAME}.jsonl" log "Destination: $DEST_RELPATH" # ── Format ETH values for human-readable output ────────────────────────────── -ETH_X=$(python3 -c "print(f'{int(\"$ETH_EXTRACTED\") / 1e18:.4f}')" 2>/dev/null \ - || echo "$ETH_EXTRACTED wei") -ETH_B=$(python3 -c "print(f'{int(\"$ETH_BEFORE\") / 1e18:.4f}')" 2>/dev/null \ - || echo "$ETH_BEFORE wei") +ETH_X=$(python3 -c 'import sys; print(f"{int(sys.argv[1]) / 1e18:.4f}")' \ + "$ETH_EXTRACTED" 2>/dev/null || echo "$ETH_EXTRACTED wei") +ETH_B=$(python3 -c 'import sys; print(f"{int(sys.argv[1]) / 1e18:.4f}")' \ + "$ETH_BEFORE" 2>/dev/null || echo "$ETH_BEFORE wei") # ── Git: create branch + commit in a temporary worktree ────────────────────── DATE_TAG=$(date -u +%Y%m%d-%H%M%S) BRANCH="red-team/${ATTACK_TYPE}-${CANDIDATE_SLUG}-${DATE_TAG}" -TMPWT=$(mktemp -d) +# Use mktemp -u: generate a unique path without creating it, so git worktree add +# can create the directory itself (pre-existing directories cause git to error). +TMPWT=$(mktemp -u) cleanup_worktree() { local rc=$? cd "$REPO_ROOT" 2>/dev/null || true git worktree remove --force "$TMPWT" 2>/dev/null || true git worktree prune --quiet 2>/dev/null || true + git -C "$REPO_ROOT" branch -D "$BRANCH" 2>/dev/null || true rm -rf "$TMPWT" 2>/dev/null || true exit $rc } @@ -243,6 +246,7 @@ log "Creating worktree branch: $BRANCH ..." git -C "$REPO_ROOT" worktree add -b "$BRANCH" "$TMPWT" "origin/master" --quiet # Copy attack file into the isolated worktree +mkdir -p "$(dirname "$TMPWT/$DEST_RELPATH")" cp "$ATTACKS_FILE" "$TMPWT/$DEST_RELPATH" cd "$TMPWT" diff --git a/scripts/harb-evaluator/red-team.sh b/scripts/harb-evaluator/red-team.sh index 621447a..6b5f6b8 100755 --- a/scripts/harb-evaluator/red-team.sh +++ b/scripts/harb-evaluator/red-team.sh @@ -778,7 +778,11 @@ SUMMARY_EOF --profile "$OPTIMIZER_PROFILE" \ --eth-extracted "$DELTA" \ --eth-before "$LM_ETH_BEFORE" 2>&1 | while IFS= read -r line; do log " $line"; done + PROMOTE_EXIT="${PIPESTATUS[0]}" set -e + if [[ "$PROMOTE_EXIT" -ne 0 ]]; then + log " WARNING: promote-attacks.sh exited with code $PROMOTE_EXIT — PR was not created" + fi fi exit 1