Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
|
|
- Make response data types non-exported types - Use pointers in response data types to check if fields are missing - Ensure that raw responses are stored to extraData
though this change is semantically benign
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| "created_at": time.Unix(int64(resData.Created), 0).Format(time.RFC3339), | ||
| } | ||
| // lightweight analyze: annotate "standard" fields | ||
| lwa.AugmentExtraData(extraData, lwa.Fields { |
There was a problem hiding this comment.
@bradlarsen A few other fields that would be helpful during remediation:
orgs.data[].description (e.g. Personal org for user@domain)
orgs.data[].name (e.g. company-name-slug)
orgs.data[].title (e.g. CompanyName)
| // lightweight analyze: annotate "standard" fields | ||
| lwa.AugmentExtraData(extraData, lwa.Fields { | ||
| ID: &resData.ID, | ||
| Name: &resData.Name, |
There was a problem hiding this comment.
@bradlarsen something to consider:
name here means FullName and is stored as lwa.name
Then there is first_name in the 11labs detector, which we are also storing as lwa.name.
If we find first_name and last_name do we just concatenate?
4 participants
This draft PR is a PoC for what "lightweight analysis" could look like.
Note
Medium Risk
Changes token verification flows to always capture and store raw HTTP response bodies and additional metadata, which can affect detector behavior and may introduce sensitive-data/PII retention concerns.
Overview
Adds a new
lightweight_analyzehelper (CopyAndCloseResponseBody,AugmentExtraData) to persist verification HTTP responses intoResult.ExtraData(underlwa.response) and to standardize optionallwa.*metadata fields.Updates the
openai,digitaloceanv2, andelevenlabs(v1/v2) detectors to use a logger-awarepkg/contextcontext, unconditionally copy/close response bodies, and enrichExtraDatawith parsed identity fields (id/name/email) when available; ElevenLabs now treatsmissing_permissionserrors as verified but without user metadata.Written by Cursor Bugbot for commit ba782dc. This will update automatically on new commits. Configure here.