aboutsummaryrefslogtreecommitdiffstats
path: root/util
diff options
context:
space:
mode:
authorMichael Muré <batolettre@gmail.com>2021-04-17 17:40:11 +0200
committerMichael Muré <batolettre@gmail.com>2021-04-17 17:40:11 +0200
commit51a2c85954e77068c6afbb4ca54159086220aefd (patch)
tree9b424181369a67f69502a27186bd266a19a28506 /util
parent62fb09a53cc626ac581f33b466a1cdf14eb6ed89 (diff)
downloadgit-bug-51a2c85954e77068c6afbb4ca54159086220aefd.tar.gz
make sure every text input is safe and validated
fix #630
Diffstat (limited to 'util')
-rw-r--r--util/text/transform.go30
-rw-r--r--util/text/validate.go12
2 files changed, 39 insertions, 3 deletions
diff --git a/util/text/transform.go b/util/text/transform.go
index 59dc4e03..395a57be 100644
--- a/util/text/transform.go
+++ b/util/text/transform.go
@@ -8,7 +8,7 @@ import (
"golang.org/x/text/transform"
)
-func Cleanup(text string) (string, error) {
+func Cleanup(text string) string {
// windows new line, Github, really ?
text = strings.Replace(text, "\r\n", "\n", -1)
@@ -23,9 +23,33 @@ func Cleanup(text string) (string, error) {
}))
sanitized, _, err := transform.String(t, text)
if err != nil {
- return "", err
+ // transform.String should never return an error as our transformer doesn't returns one.
+ // Confirmed with fuzzing.
+ panic(err)
}
// trim extra new line not displayed in the github UI but still present in the data
- return strings.TrimSpace(sanitized), nil
+ return strings.TrimSpace(sanitized)
+}
+
+func CleanupOneLine(text string) string {
+ // remove all unicode control characters *including*
+ // '\n', '\r' and '\t'
+ t := runes.Remove(runes.Predicate(unicode.IsControl))
+ sanitized, _, err := transform.String(t, text)
+ if err != nil {
+ // transform.String should never return an error as our transformer doesn't returns one.
+ // Confirmed with fuzzing.
+ panic(err)
+ }
+
+ // trim extra new line not displayed in the github UI but still present in the data
+ return strings.TrimSpace(sanitized)
+}
+
+func CleanupOneLineArray(texts []string) []string {
+ for i := range texts {
+ texts[i] = CleanupOneLine(texts[i])
+ }
+ return texts
}
diff --git a/util/text/validate.go b/util/text/validate.go
index 51e94fb4..4c3f7065 100644
--- a/util/text/validate.go
+++ b/util/text/validate.go
@@ -33,6 +33,18 @@ func Safe(s string) bool {
return true
}
+// Safe will tell if a character in the string is considered unsafe
+// Currently trigger on all unicode control character
+func SafeOneLine(s string) bool {
+ for _, r := range s {
+ if unicode.IsControl(r) {
+ return false
+ }
+ }
+
+ return true
+}
+
// ValidUrl will tell if the string contains what seems to be a valid URL
func ValidUrl(s string) bool {
if strings.Contains(s, "\n") {