contribute.py lacks token validation, exposes token in error messages, and has no rate limiting #288
Description
@pradeeban
contribute.py uses a GitHub bot token (CONCORE_BOT_TOKEN) with several security and robustness issues:
1.Empty token proceeds to API calls: If CONCORE_BOT_TOKEN is not set, BOT_TOKEN is empty string '', and the script still attempts GitHub authentication, producing confusing error messages instead of failing fast.
2. No token format validation: The script accepts any string as a token without checking if it's a valid GitHub token format.
3.decode_token() function for base64 decoding, but it's never used — the raw environment variable is passed directly to the GitHub API.
4.Generic exception handling hides errors: Multiple except Exception blocks with generic messages like "Authentication failed" and "Some error Occured" make debugging impossible.
5. printPR function has a bug: It constructs URLs with pulls/{pr.number} (plural) instead of pull/{pr.number} (singular), creating invalid GitHub URLs.
6. No retry logic for API calls: GitHub API has rate limits, but the script has no retry/backoff logic except for printPRStatus.