From 288ef904f69aebac0d5c042414fb075f81276362 Mon Sep 17 00:00:00 2001 From: Ryan Rivest Date: Tue, 8 Oct 2024 19:05:06 -0700 Subject: [PATCH] add logic to escape pull request title when rendering JSON templates --- prdeploy-webhooks/src/services/template-service.ts | 4 ++++ prdeploy-webhooks/templates/deploy-completed.json | 2 +- prdeploy-webhooks/templates/deploy-released.json | 2 +- .../templates/pull-request-merge-conflicts.json | 2 +- prdeploy-webhooks/test/services/template-service.spec.ts | 8 +++++++- 5 files changed, 14 insertions(+), 4 deletions(-) diff --git a/prdeploy-webhooks/src/services/template-service.ts b/prdeploy-webhooks/src/services/template-service.ts index 2596b6d..f4edcc7 100644 --- a/prdeploy-webhooks/src/services/template-service.ts +++ b/prdeploy-webhooks/src/services/template-service.ts @@ -6,6 +6,10 @@ Handlebars.registerHelper('jsonEncode', (text: string) => { return JSON.stringify(text); }); +Handlebars.registerHelper('jsonEncodeUnquoted', (text: string) => { + return JSON.stringify(text).slice(1, -1); +}); + Handlebars.registerHelper('color', hexValue => (hexValue ? hexValue.replace(/^#/, '') : '')); export type TemplateNames = diff --git a/prdeploy-webhooks/templates/deploy-completed.json b/prdeploy-webhooks/templates/deploy-completed.json index 3884302..9df52ae 100644 --- a/prdeploy-webhooks/templates/deploy-completed.json +++ b/prdeploy-webhooks/templates/deploy-completed.json @@ -18,7 +18,7 @@ "type": "section", "text": { "type": "mrkdwn", - "text": "<{{pull.html_url}}|#{{pull.number}}> {{{pull.title}}}" + "text": "<{{pull.html_url}}|#{{pull.number}}> {{{jsonEncodeUnquoted pull.title}}}" } }, { diff --git a/prdeploy-webhooks/templates/deploy-released.json b/prdeploy-webhooks/templates/deploy-released.json index 6bedefa..a9df4eb 100644 --- a/prdeploy-webhooks/templates/deploy-released.json +++ b/prdeploy-webhooks/templates/deploy-released.json @@ -18,7 +18,7 @@ "type": "section", "text": { "type": "mrkdwn", - "text": "<{{pull.html_url}}|#{{pull.number}}> {{{pull.title}}}" + "text": "<{{pull.html_url}}|#{{pull.number}}> {{{jsonEncodeUnquoted pull.title}}}" } }, { diff --git a/prdeploy-webhooks/templates/pull-request-merge-conflicts.json b/prdeploy-webhooks/templates/pull-request-merge-conflicts.json index 01c78f7..90f188a 100644 --- a/prdeploy-webhooks/templates/pull-request-merge-conflicts.json +++ b/prdeploy-webhooks/templates/pull-request-merge-conflicts.json @@ -18,7 +18,7 @@ "type": "section", "text": { "type": "mrkdwn", - "text": "<{{pull.html_url}}|#{{pull.number}}> {{{pull.title}}}" + "text": "<{{pull.html_url}}|#{{pull.number}}> {{{jsonEncodeUnquoted pull.title}}}" } } ] diff --git a/prdeploy-webhooks/test/services/template-service.spec.ts b/prdeploy-webhooks/test/services/template-service.spec.ts index fbe3d1d..9d738a0 100644 --- a/prdeploy-webhooks/test/services/template-service.spec.ts +++ b/prdeploy-webhooks/test/services/template-service.spec.ts @@ -17,7 +17,7 @@ describe('renderQueueTable', () => { expect(result).not.toBeFalsy(); expect(result).toMatch(`| Position | 1 | 2 | 3 | |----------|---------|---------|---------| -| [dev queue](https://awssite/deployments/greggbjensen/prdeploy-example-repo?environment=dev) | [2987](https://github.com/greggbjensen/prdeploy-example-repo/pull/2987) | [2549](https://github.com/greggbjensen/prdeploy-example-repo/pull/2549) | [2391](https://github.com/greggbjensen/prdeploy-example-repo/pull/2391) |`); +| [dev queue](https://awssite/deployments/greggbjensen/prdeploy-example-repo/deployments?environment=dev) | [2987](https://github.com/greggbjensen/prdeploy-example-repo/pull/2987) | [2549](https://github.com/greggbjensen/prdeploy-example-repo/pull/2549) | [2391](https://github.com/greggbjensen/prdeploy-example-repo/pull/2391) |`); }); }); @@ -71,6 +71,11 @@ Pull request with fix and feature. it('renders JSON template with escaping', async () => { const service = container.resolve(TemplateService); + const pull = { + html_url: 'https://github.com/greggbjensen/prdeploy-example-repo/pull/2987', + number: 2987, + title: 'This pull request title has some "special" characters' + }; const slackPullBody = ` This pull request body includes multiple new lines and " these things... @@ -78,6 +83,7 @@ Oh and another one" `; const result = await service.render('deploy-released.json', { + pull, slackPullBody });