Merge pull request #632 from MichaelMure/data-input-cleanup

make sure every text input is safe and validated
author: Michael Muré <batolettre@gmail.com> 2021-04-17 19:40:01 +0200
committer: GitHub <noreply@github.com> 2021-04-17 19:40:01 +0200
commit: 6d1c9346cc5ff892f808a7e3dd3e01291e49a16d (patch)
tree: 9b424181369a67f69502a27186bd266a19a28506 /api
parent: 62fb09a53cc626ac581f33b466a1cdf14eb6ed89 (diff)
parent: 51a2c85954e77068c6afbb4ca54159086220aefd (diff)
download: git-bug-6d1c9346cc5ff892f808a7e3dd3e01291e49a16d.tar.gz
1 files changed, 33 insertions, 6 deletions
diff --git a/api/graphql/resolvers/mutation.go b/api/graphql/resolvers/mutation.go
index 9cd936a6..00c9e3c1 100644
--- a/api/graphql/resolvers/mutation.go
+++ b/api/graphql/resolvers/mutation.go
@@ -5,11 +5,12 @@ import (
 	"time"
 
 	"github.com/MichaelMure/git-bug/api/auth"
-	"github.com/MichaelMure/git-bug/entity"
 	"github.com/MichaelMure/git-bug/api/graphql/graph"
 	"github.com/MichaelMure/git-bug/api/graphql/models"
 	"github.com/MichaelMure/git-bug/bug"
 	"github.com/MichaelMure/git-bug/cache"
+	"github.com/MichaelMure/git-bug/entity"
+	"github.com/MichaelMure/git-bug/util/text"
 )
 
 var _ graph.MutationResolver = &mutationResolver{}
@@ -50,7 +51,12 @@ func (r mutationResolver) NewBug(ctx context.Context, input models.NewBugInput)
 		return nil, err
 	}
 
-	b, op, err := repo.NewBugRaw(author, time.Now().Unix(), input.Title, input.Message, input.Files, nil)
+	b, op, err := repo.NewBugRaw(author,
+		time.Now().Unix(),
+		text.CleanupOneLine(input.Title),
+		text.Cleanup(input.Message),
+		input.Files,
+		nil)
 	if err != nil {
 		return nil, err
 	}
@@ -73,7 +79,11 @@ func (r mutationResolver) AddComment(ctx context.Context, input models.AddCommen
 		return nil, err
 	}
 
-	op, err := b.AddCommentRaw(author, time.Now().Unix(), input.Message, input.Files, nil)
+	op, err := b.AddCommentRaw(author,
+		time.Now().Unix(),
+		text.Cleanup(input.Message),
+		input.Files,
+		nil)
 	if err != nil {
 		return nil, err
 	}
@@ -101,7 +111,13 @@ func (r mutationResolver) EditComment(ctx context.Context, input models.EditComm
 		return nil, err
 	}
 
-	op, err := b.EditCommentRaw(author, time.Now().Unix(), entity.Id(input.Target), input.Message, nil)
+	op, err := b.EditCommentRaw(
+		author,
+		time.Now().Unix(),
+		entity.Id(input.Target),
+		text.Cleanup(input.Message),
+		nil,
+	)
 	if err != nil {
 		return nil, err
 	}
@@ -129,7 +145,13 @@ func (r mutationResolver) ChangeLabels(ctx context.Context, input *models.Change
 		return nil, err
 	}
 
-	results, op, err := b.ChangeLabelsRaw(author, time.Now().Unix(), input.Added, input.Removed, nil)
+	results, op, err := b.ChangeLabelsRaw(
+		author,
+		time.Now().Unix(),
+		text.CleanupOneLineArray(input.Added),
+		text.CleanupOneLineArray(input.Removed),
+		nil,
+	)
 	if err != nil {
 		return nil, err
 	}
@@ -219,7 +241,12 @@ func (r mutationResolver) SetTitle(ctx context.Context, input models.SetTitleInp
 		return nil, err
 	}
 
-	op, err := b.SetTitleRaw(author, time.Now().Unix(), input.Title, nil)
+	op, err := b.SetTitleRaw(
+		author,
+		time.Now().Unix(),
+		text.CleanupOneLine(input.Title),
+		nil,
+	)
 	if err != nil {
 		return nil, err
 	}
author	Michael Muré <batolettre@gmail.com>	2021-04-17 19:40:01 +0200
committer	GitHub <noreply@github.com>	2021-04-17 19:40:01 +0200
commit	6d1c9346cc5ff892f808a7e3dd3e01291e49a16d (patch)
tree	9b424181369a67f69502a27186bd266a19a28506 /api
parent	62fb09a53cc626ac581f33b466a1cdf14eb6ed89 (diff)
parent	51a2c85954e77068c6afbb4ca54159086220aefd (diff)
download	git-bug-6d1c9346cc5ff892f808a7e3dd3e01291e49a16d.tar.gz