From 0bf002b5e183ddf0b690bfbd7de90194fb671aa3 Mon Sep 17 00:00:00 2001
From: Arjun Suresh <arjun@gateoverflow.com>
Date: Thu, 4 Sep 2025 16:44:35 +0100
Subject: [PATCH 1/5] Potential fix for code scanning alert no. 12: Incomplete
 URL substring sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 mlc/repo_action.py | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/mlc/repo_action.py b/mlc/repo_action.py
index d626e86b2..3876e3197 100644
--- a/mlc/repo_action.py
+++ b/mlc/repo_action.py
@@ -7,7 +7,7 @@
 import shutil
 from . import utils
 from .logger import logger
-
+from urllib.parse import urlparse
 class RepoAction(Action):
     """
     ####################################################################################################################
@@ -197,12 +197,18 @@ def find(self, run_args):
                 repo_uid = repo_split[1]
         elif "@" in repo:
             repo_name = repo
-        elif "github.com" in repo:
-            result = self.github_url_to_user_repo_format(repo)
-            if result["return"] == 0:
-                repo_name = result["value"]
-            else:
-                return result
+        else:
+            # Check for valid github.com URL using urlparse
+            try:
+                parsed = urlparse(repo)
+            except Exception:
+                parsed = None
+            if parsed and parsed.scheme in ("http", "https") and parsed.hostname == "github.com":
+                result = self.github_url_to_user_repo_format(repo)
+                if result["return"] == 0:
+                    repo_name = result["value"]
+                else:
+                    return result
 
         # Check if repo_name exists in repos.json
         matched_repo_path = None

From a6d2418ebfcc7d4049dfd8cb83243e069f27764c Mon Sep 17 00:00:00 2001
From: Arjun Suresh <arjun@gateoverflow.com>
Date: Thu, 4 Sep 2025 16:45:49 +0100
Subject: [PATCH 2/5] Potential fix for code scanning alert no. 11: Incomplete
 URL substring sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 mlc/repo_action.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mlc/repo_action.py b/mlc/repo_action.py
index d626e86b2..f28b6df26 100644
--- a/mlc/repo_action.py
+++ b/mlc/repo_action.py
@@ -7,6 +7,7 @@
 import shutil
 from . import utils
 from .logger import logger
+from urllib.parse import urlparse
 
 class RepoAction(Action):
     """
@@ -85,7 +86,8 @@ def add(self, run_args):
         if not os.path.exists(i_repo_path):
             #check if its an URL
             if utils.is_valid_url(i_repo_path):
-                if "github.com" in i_repo_path:
+                parsed = urlparse(i_repo_path)
+                if parsed.hostname == "github.com":
                     res = self.github_url_to_user_repo_format(i_repo_path)
                     if res['return'] > 0:
                         return res

From a56ba4d8fc7c72fec2653164fc868001154bfc59 Mon Sep 17 00:00:00 2001
From: Arjun Suresh <arjun@gateoverflow.com>
Date: Thu, 4 Sep 2025 16:47:21 +0100
Subject: [PATCH 3/5] Potential fix for code scanning alert no. 10: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/test-mlc-core-actions.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/test-mlc-core-actions.yaml b/.github/workflows/test-mlc-core-actions.yaml
index 7810ec825..73257d6c6 100644
--- a/.github/workflows/test-mlc-core-actions.yaml
+++ b/.github/workflows/test-mlc-core-actions.yaml
@@ -1,4 +1,6 @@
 name: MLC core actions test
+permissions:
+  contents: read
 
 on:
   pull_request:

From 6e5a2747428150de6e7c98c4e2c20872f3f1d36e Mon Sep 17 00:00:00 2001
From: Arjun Suresh <arjun@gateoverflow.com>
Date: Fri, 5 Sep 2025 13:05:24 +0100
Subject: [PATCH 4/5] Update test-mlc-core-actions.yaml | Fixes #159

---
 .github/workflows/test-mlc-core-actions.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/test-mlc-core-actions.yaml b/.github/workflows/test-mlc-core-actions.yaml
index 73257d6c6..c1a5ea8ae 100644
--- a/.github/workflows/test-mlc-core-actions.yaml
+++ b/.github/workflows/test-mlc-core-actions.yaml
@@ -329,3 +329,8 @@ jobs:
         mlc help rm cache
         mlc help search cache
         mlc help show cache
+    - name: MLC doc script
+      run: |
+        mlc doc script --tags=detect,cpu
+        mlc doc script --all
+       

From 1a852bff834f421981fb67dd2700799c1d9ff123 Mon Sep 17 00:00:00 2001
From: Arjun Suresh <arjun@gateoverflow.com>
Date: Fri, 5 Sep 2025 13:08:08 +0100
Subject: [PATCH 5/5] Update test-mlc-core-actions.yaml

---
 .github/workflows/test-mlc-core-actions.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/test-mlc-core-actions.yaml b/.github/workflows/test-mlc-core-actions.yaml
index c1a5ea8ae..e424b7c95 100644
--- a/.github/workflows/test-mlc-core-actions.yaml
+++ b/.github/workflows/test-mlc-core-actions.yaml
@@ -331,6 +331,7 @@ jobs:
         mlc help show cache
     - name: MLC doc script
       run: |
+        mlc pull repo mlcommons@mlperf-automations
         mlc doc script --tags=detect,cpu
         mlc doc script --all