diff options
author | Michael Muré <batolettre@gmail.com> | 2021-04-17 17:40:11 +0200 |
---|---|---|
committer | Michael Muré <batolettre@gmail.com> | 2021-04-17 17:40:11 +0200 |
commit | 51a2c85954e77068c6afbb4ca54159086220aefd (patch) | |
tree | 9b424181369a67f69502a27186bd266a19a28506 /util/text | |
parent | 62fb09a53cc626ac581f33b466a1cdf14eb6ed89 (diff) | |
download | git-bug-51a2c85954e77068c6afbb4ca54159086220aefd.tar.gz |
make sure every text input is safe and validated
fix #630
Diffstat (limited to 'util/text')
-rw-r--r-- | util/text/transform.go | 30 | ||||
-rw-r--r-- | util/text/validate.go | 12 |
2 files changed, 39 insertions, 3 deletions
diff --git a/util/text/transform.go b/util/text/transform.go index 59dc4e03..395a57be 100644 --- a/util/text/transform.go +++ b/util/text/transform.go @@ -8,7 +8,7 @@ import ( "golang.org/x/text/transform" ) -func Cleanup(text string) (string, error) { +func Cleanup(text string) string { // windows new line, Github, really ? text = strings.Replace(text, "\r\n", "\n", -1) @@ -23,9 +23,33 @@ func Cleanup(text string) (string, error) { })) sanitized, _, err := transform.String(t, text) if err != nil { - return "", err + // transform.String should never return an error as our transformer doesn't returns one. + // Confirmed with fuzzing. + panic(err) } // trim extra new line not displayed in the github UI but still present in the data - return strings.TrimSpace(sanitized), nil + return strings.TrimSpace(sanitized) +} + +func CleanupOneLine(text string) string { + // remove all unicode control characters *including* + // '\n', '\r' and '\t' + t := runes.Remove(runes.Predicate(unicode.IsControl)) + sanitized, _, err := transform.String(t, text) + if err != nil { + // transform.String should never return an error as our transformer doesn't returns one. + // Confirmed with fuzzing. + panic(err) + } + + // trim extra new line not displayed in the github UI but still present in the data + return strings.TrimSpace(sanitized) +} + +func CleanupOneLineArray(texts []string) []string { + for i := range texts { + texts[i] = CleanupOneLine(texts[i]) + } + return texts } diff --git a/util/text/validate.go b/util/text/validate.go index 51e94fb4..4c3f7065 100644 --- a/util/text/validate.go +++ b/util/text/validate.go @@ -33,6 +33,18 @@ func Safe(s string) bool { return true } +// Safe will tell if a character in the string is considered unsafe +// Currently trigger on all unicode control character +func SafeOneLine(s string) bool { + for _, r := range s { + if unicode.IsControl(r) { + return false + } + } + + return true +} + // ValidUrl will tell if the string contains what seems to be a valid URL func ValidUrl(s string) bool { if strings.Contains(s, "\n") { |