search

globocom / huskyCI

Performing security tests inside your CI
https://huskyci.opensource.globo.com
BSD 3-Clause "New" or "Revised" License
572 stars 137 forks source link

Sanitize git authors email with invalid characters #543

Closed ragoso closed 1 year ago

ragoso commented 2 years ago

Description

Some commits have authors with user.email in invalid format, including characters like \n causing eventual breaks in the json generation for reading by the API.

$ ./huskyci-client
[HUSKYCI][*] PRJ-staging -> user@gitlab.com:prj/test.git
[HUSKYCI][*] huskyCI analysis started! 5917dde3-8fec-4279-bbbc-c74e216cb5c6
[HUSKYCI][ERROR] Monitoring analysis 5917dde3-8fec-4279-bbbc-c74e216cb5c6: huskyCI encountered an error trying to execute this analysis: invalid character '\n' in string literal

Proposed Changes

This PR proposes to sanitize the user.email so that the output is always a valid json. No break changes

Testing

$ i="user\/n\in;valid@email.com"
$ jsonMiddle="\"${i//[^A-Za-z0-9_\.@-]/}\",$jsonMiddle"
$ echo "{\"authors\":[${jsonMiddle%?}]}"
{"authors":["userninvalid@email.com"]}

Thks @fguisso and @henriporto