From 042b4394229e265b252f5ce58efa32abb2dec746 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Danilo=20Je=C5=A1i=C4=87?=
<34022788+djesic@users.noreply.github.com>
Date: Mon, 17 Jul 2023 12:14:18 +0200
Subject: [PATCH 1/4] Sanitize CI
---
frontend/js/ci.js | 18 +++++++++---------
frontend/js/helpers/main.js | 12 ++++++++++++
frontend/js/index.js | 2 +-
3 files changed, 22 insertions(+), 10 deletions(-)
diff --git a/frontend/js/ci.js b/frontend/js/ci.js
index 5411bba60..da81f62ef 100644
--- a/frontend/js/ci.js
+++ b/frontend/js/ci.js
@@ -254,13 +254,13 @@ const displayCITable = (runs, url_params) => {
const label = el[4]
const duration = el[7]
- li_node.innerHTML = `
${value} | \
- ${label} | \
- ${run_link_node} | \
- ${dateToYMD(new Date(created_at))} | \
- ${short_hash} | \
- ${cpu} | \
- ${duration} seconds | `;
+ li_node.innerHTML = `${sanitize(value)} | \
+ ${sanitize(label)} | \
+ ${sanitize(run_link_node)} | \
+ ${dateToYMD(new Date(sanitize(created_at)))} | \
+ ${sanitize(short_hash)} | \
+ ${sanitize(cpu)} | \
+ ${sanitize(duration)} seconds | `;
document.querySelector("#ci-table").appendChild(li_node);
});
$('table').tablesort();
@@ -326,8 +326,8 @@ $(document).ready((e) => {
//${repo_link}
const repo_link_node = `${url_params.get('repo')}`
document.querySelector('#ci-data').insertAdjacentHTML('afterbegin', `Repository: | ${repo_link_node} |
`)
- document.querySelector('#ci-data').insertAdjacentHTML('afterbegin', `Branch: | ${url_params.get('branch')} |
`)
- document.querySelector('#ci-data').insertAdjacentHTML('afterbegin', `Workflow: | ${url_params.get('workflow')} |
`)
+ document.querySelector('#ci-data').insertAdjacentHTML('afterbegin', `Branch: | ${sanitize(url_params.get('branch'))} |
`)
+ document.querySelector('#ci-data').insertAdjacentHTML('afterbegin', `Workflow: | ${sanitize(url_params.get('workflow'))} |
`)
displayCITable(badges_data.data, url_params);
chart_instance = displayGraph(badges_data.data)
diff --git a/frontend/js/helpers/main.js b/frontend/js/helpers/main.js
index 6100db7de..80853c8d3 100644
--- a/frontend/js/helpers/main.js
+++ b/frontend/js/helpers/main.js
@@ -32,6 +32,18 @@ class GMTMenu extends HTMLElement {
}
customElements.define('gmt-menu', GMTMenu);
+function sanitize(string) {
+ const map = {
+ '&': '&',
+ '<': '<',
+ '>': '>',
+ '"': '"',
+ "'": '''
+ };
+ const reg = /[&<>"']/ig;
+ return string.replace(reg, (match) => map[match]);
+ }
+
const replaceRepoIcon = (uri) => {
if (uri.startsWith("https://www.github.com") || uri.startsWith("https://github.com")) {
uri = uri.replace("https://www.github.com", '');
diff --git a/frontend/js/index.js b/frontend/js/index.js
index 1ddaf0a8e..3f5cea25a 100644
--- a/frontend/js/index.js
+++ b/frontend/js/index.js
@@ -5,7 +5,7 @@ const compareButton = () => {
checkedBoxes.forEach(checkbox => {
link = `${link}${checkbox.value},`;
});
- window.location = link.substr(0,link.length-1);
+ window.location = encodeURIComponent(link.substr(0, link.length - 1));
}
const updateCompareCount = () => {
const countButton = document.getElementById('compare-button');
From a9eefde49ff16519715781ab046cdb7d09d0549c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Danilo=20Je=C5=A1i=C4=87?=
<34022788+djesic@users.noreply.github.com>
Date: Mon, 17 Jul 2023 12:25:22 +0200
Subject: [PATCH 2/4] Sanitize repo
---
frontend/js/ci.js | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/frontend/js/ci.js b/frontend/js/ci.js
index da81f62ef..82270a6e5 100644
--- a/frontend/js/ci.js
+++ b/frontend/js/ci.js
@@ -318,10 +318,10 @@ $(document).ready((e) => {
let repo_link = ''
if(badges_data.data[0][8] == 'github') {
- repo_link = `https://github.com/${url_params.get('repo')}`;
+ repo_link = `https://github.com/${sanitize(url_params.get('repo'))}`;
}
else if(badges_data.data[0][8] == 'gitlab') {
- repo_link = `https://gitlab.com/${url_params.get('repo')}`;
+ repo_link = `https://gitlab.com/${sanitize(url_params.get('repo'))}`;
}
//${repo_link}
const repo_link_node = `${url_params.get('repo')}`
From 2752848441a843f1ca49e8e87465998568b9f4bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Danilo=20Je=C5=A1i=C4=87?=
<34022788+djesic@users.noreply.github.com>
Date: Tue, 18 Jul 2023 10:03:58 +0200
Subject: [PATCH 3/4] Sanitize renamed to escapeString
---
frontend/js/ci.js | 28 ++++++++++++++--------------
frontend/js/helpers/main.js | 2 +-
2 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/frontend/js/ci.js b/frontend/js/ci.js
index 82270a6e5..b2cd13ea9 100644
--- a/frontend/js/ci.js
+++ b/frontend/js/ci.js
@@ -241,10 +241,10 @@ const displayCITable = (runs, url_params) => {
var run_link = ''
if(source == 'github') {
- run_link = `https://github.com/${url_params.get('repo')}/actions/runs/${run_id}`;
+ run_link = `https://github.com/${escapeString(url_params.get('repo'))}/actions/runs/${run_id}`;
}
else if (source == 'gitlab') {
- run_link = `https://gitlab.com/${url_params.get('repo')}/-/pipelines/${run_id}`
+ run_link = `https://gitlab.com/${escapeString(url_params.get('repo'))}/-/pipelines/${run_id}`
}
const run_link_node = `${run_id}`
@@ -254,13 +254,13 @@ const displayCITable = (runs, url_params) => {
const label = el[4]
const duration = el[7]
- li_node.innerHTML = `${sanitize(value)} | \
- ${sanitize(label)} | \
- ${sanitize(run_link_node)} | \
- ${dateToYMD(new Date(sanitize(created_at)))} | \
- ${sanitize(short_hash)} | \
- ${sanitize(cpu)} | \
- ${sanitize(duration)} seconds | `;
+ li_node.innerHTML = `${escapeString(value)} | \
+ ${escapeString(label)} | \
+ ${escapeString(run_link_node)} | \
+ ${dateToYMD(new Date(escapeString(created_at)))} | \
+ ${escapeString(short_hash)} | \
+ ${escapeString(cpu)} | \
+ ${escapeString(duration)} seconds | `;
document.querySelector("#ci-table").appendChild(li_node);
});
$('table').tablesort();
@@ -318,16 +318,16 @@ $(document).ready((e) => {
let repo_link = ''
if(badges_data.data[0][8] == 'github') {
- repo_link = `https://github.com/${sanitize(url_params.get('repo'))}`;
+ repo_link = `https://github.com/${escapeString(url_params.get('repo'))}`;
}
else if(badges_data.data[0][8] == 'gitlab') {
- repo_link = `https://gitlab.com/${sanitize(url_params.get('repo'))}`;
+ repo_link = `https://gitlab.com/${escapeString(url_params.get('repo'))}`;
}
//${repo_link}
- const repo_link_node = `${url_params.get('repo')}`
+ const repo_link_node = `${escapeString(url_params.get('repo'))}`
document.querySelector('#ci-data').insertAdjacentHTML('afterbegin', `Repository: | ${repo_link_node} |
`)
- document.querySelector('#ci-data').insertAdjacentHTML('afterbegin', `Branch: | ${sanitize(url_params.get('branch'))} |
`)
- document.querySelector('#ci-data').insertAdjacentHTML('afterbegin', `Workflow: | ${sanitize(url_params.get('workflow'))} |
`)
+ document.querySelector('#ci-data').insertAdjacentHTML('afterbegin', `Branch: | ${escapeString(url_params.get('branch'))} |
`)
+ document.querySelector('#ci-data').insertAdjacentHTML('afterbegin', `Workflow: | ${escapeString(url_params.get('workflow'))} |
`)
displayCITable(badges_data.data, url_params);
chart_instance = displayGraph(badges_data.data)
diff --git a/frontend/js/helpers/main.js b/frontend/js/helpers/main.js
index 80853c8d3..84029f89b 100644
--- a/frontend/js/helpers/main.js
+++ b/frontend/js/helpers/main.js
@@ -32,7 +32,7 @@ class GMTMenu extends HTMLElement {
}
customElements.define('gmt-menu', GMTMenu);
-function sanitize(string) {
+function escapeString(string) {
const map = {
'&': '&',
'<': '<',
From a4c78401301326be995d6ae98e3f414b72921188 Mon Sep 17 00:00:00 2001
From: dan-mm
Date: Tue, 18 Jul 2023 11:54:36 +0200
Subject: [PATCH 4/4] fix pr workflow
---
.github/workflows/tests-vm-pr.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/tests-vm-pr.yml b/.github/workflows/tests-vm-pr.yml
index 82d03f304..0d859c465 100644
--- a/.github/workflows/tests-vm-pr.yml
+++ b/.github/workflows/tests-vm-pr.yml
@@ -17,7 +17,7 @@ jobs:
submodules: 'true'
- name: Eco CI Energy Estimation - Initialize
- uses: green-coding-berlin/eco-ci-energy-estimation@v1
+ uses: green-coding-berlin/eco-ci-energy-estimation@v2
with:
task: start-measurement