Skip to content

Commit

Permalink
Sanitize all user input
Browse files Browse the repository at this point in the history
  • Loading branch information
jodyheavener committed Mar 28, 2024
1 parent ab260c8 commit 8b06239
Show file tree
Hide file tree
Showing 4 changed files with 59 additions and 6 deletions.
4 changes: 4 additions & 0 deletions script/application_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,10 @@ func TestApplication(t *testing.T) {
name: "event",
expectedValid: true,
},
{
name: "project-character-test",
expectedValid: true,
},
{
name: "empty-body",
expectedValid: false,
Expand Down
49 changes: 49 additions & 0 deletions script/test-issues/valid-project-character-test.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"id": 1801650328,
"number": 6,
"state": "open",
"locked": false,
"title": "Application for TestDB",
"body": "### Account URL\n\n`testdb.1password.com`\n\n### Non-commercial confirmation\n\n- [X] No, this account won't be used for commercial activity\n\n### 👨‍💻 Team application\n\n- [X] Yes, this application is for a team\n\n### Event application\n\n- [ ] Yes, this application is for an event\n\n### Project name\n\n`_TestDB_\n\n- test``\n\n### Short description\n\nTestDB is a free and open source, community-based forum software project.```\n\n## **This is a test comment** <img src=\"howdy.png\" />\n\n### Number of team members/core contributors\n\n1\n\n### Homepage URL\n\nhttps://github.com/wendyappleed/test-db\n\n### Repository URL\n\nhttps://github.com/wendyappleed/test-db\n\n### License type\n\nMIT\n\n### License URL\n\nhttps://github.com/wendyappleed/test-db/blob/main/LICENSE.md\n\n### Age confirmation\n\n- [X] Yes, this project is at least 30 days old\n\n### Name\n\nWendy Appleseed\n\n### Email\n\[email protected]\n\n### Project role\n\nCore Maintainer\n\n### Profile or website\n\nhttps://github.com/wendyappleseed/\n\n### Can we contact you?\n\n- [X] Yes, you may contact me\n\n### Additional comments\n\n Thank you!",
"user": {
"login": "wendyappleseed",
"id": 38230737,
"node_id": "MDQ6VXNlcjYzOTIwNDk=",
"avatar_url": "https://avatars.githubusercontent.com/u/38230737?v=4",
"html_url": "https://github.com/wendyappleseed",
"gravatar_id": "",
"type": "User",
"site_admin": false,
"url": "https://api.github.com/users/wendyappleseed",
"events_url": "https://api.github.com/users/wendyappleseed/events{/privacy}",
"following_url": "https://api.github.com/users/wendyappleseed/following{/other_user}",
"followers_url": "https://api.github.com/users/wendyappleseed/followers",
"gists_url": "https://api.github.com/users/wendyappleseed/gists{/gist_id}",
"organizations_url": "https://api.github.com/users/wendyappleseed/orgs",
"received_events_url": "https://api.github.com/users/wendyappleseed/received_events",
"repos_url": "https://api.github.com/users/wendyappleseed/repos",
"starred_url": "https://api.github.com/users/wendyappleseed/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/wendyappleseed/subscriptions"
},
"comments": 11,
"closed_at": "2023-07-13T05:03:51Z",
"created_at": "2023-07-12T19:49:35Z",
"updated_at": "2023-07-13T05:03:51Z",
"url": "https://api.github.com/repos/1Password/1password-teams-open-source/issues/6",
"html_url": "https://github.com/wendyappleseed/1password-teams-open-source/issues/6",
"comments_url": "https://api.github.com/repos/1Password/1password-teams-open-source/issues/6/comments",
"events_url": "https://api.github.com/repos/1Password/1password-teams-open-source/issues/6/events",
"labels_url": "https://api.github.com/repos/1Password/1password-teams-open-source/issues/6/labels{/name}",
"repository_url": "https://api.github.com/repos/1Password/1password-teams-open-source",
"reactions": {
"total_count": 0,
"+1": 0,
"-1": 0,
"laugh": 0,
"confused": 0,
"heart": 0,
"hooray": 0,
"url": "https://api.github.com/repos/1Password/1password-teams-open-source/issues/6/reactions"
},
"node_id": "I_kwDOJ6JE6M5rYwCY"
}
10 changes: 5 additions & 5 deletions script/validator.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,18 +69,18 @@ func ParseInput(value string) (bool, string, string) {
return true, "", ""
}

return true, value, ""
}

func ParsePlainString(value string) (bool, string, string) {
// strip all formattig, except for newlines
// strip all formatting, except for newlines
html := blackfriday.Run([]byte(value))
doc, err := goquery.NewDocumentFromReader(bytes.NewReader(html))
if err != nil {
return false, value, err.Error()
}
value = strings.TrimSpace(doc.Text())

return true, value, ""
}

func ParsePlainString(value string) (bool, string, string) {
if urlRegex.MatchString(value) {
return false, value, "cannot contain URLs"
}
Expand Down
2 changes: 1 addition & 1 deletion script/validator_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ func TestParseInput(t *testing.T) {
{"_No response_", true, "", ""},
{"None", true, "", ""},
{"hello", true, "hello", ""},
{"Testing <b>formatting</b> and <a href=\"#\">link</a> stripping", true, "Testing formatting and link stripping", ""},
}
runValidationTests(t, testCases, ParseInput, "ParseInput")
}
Expand All @@ -39,7 +40,6 @@ func TestParsePlainString(t *testing.T) {
{"", true, "", ""},
{"Hello world", true, "Hello world", ""},
{"👋 howdy", false, "👋 howdy", "cannot contain emoji characters"},
{"Testing <b>formatting</b> and <a href=\"#\">link</a> stripping", true, "Testing formatting and link stripping", ""},
}
runValidationTests(t, testCases, ParsePlainString, "ParsePlainString")
}
Expand Down

0 comments on commit 8b06239

Please sign in to comment.