Skip to content

Commit 07c010b

Browse files
mgukovmgukov
committed
fix: TestValidateConfig, email content injection issue
1 parent a26460c commit 07c010b

File tree

3 files changed

+10
-8
lines changed

3 files changed

+10
-8
lines changed

pkg/task_logger/task_logger.go

+4-3
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ package task_logger
22

33
import (
44
"os/exec"
5-
"strings"
65
"time"
76
)
87

@@ -53,9 +52,11 @@ func (s TaskStatus) Format() (res string) {
5352
res += "⏹️"
5453
case TaskWaitingConfirmation:
5554
res += "⚠️"
55+
default:
56+
res += "❓"
5657
}
57-
res += strings.ToUpper(string(s))
58-
58+
// to avoid email content injection issue
59+
//res += strings.ToUpper(string(s))
5960
return
6061
}
6162

services/tasks/alert.go

+4-5
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ import (
44
"bytes"
55
"embed"
66
"fmt"
7-
"html"
87
"net/http"
98
"strconv"
109
"text/template"
@@ -48,15 +47,15 @@ func (t *TaskRunner) sendMailAlert() {
4847
author, version := t.alertInfos()
4948

5049
alert := Alert{
51-
Name: html.EscapeString(t.Template.Name),
50+
Name: t.Template.Name,
5251
Author: author,
5352
Color: t.alertColor("email"),
5453
Task: alertTask{
5554
ID: strconv.Itoa(t.Task.ID),
5655
URL: t.taskLink(),
57-
Result: html.EscapeString(t.Task.Status.Format()),
56+
Result: t.Task.Status.Format(),
5857
Version: version,
59-
Desc: html.EscapeString(t.Task.Message),
58+
Desc: t.Task.Message,
6059
},
6160
}
6261

@@ -100,7 +99,7 @@ func (t *TaskRunner) sendMailAlert() {
10099
util.Config.EmailPassword,
101100
util.Config.EmailSender,
102101
user.Email,
103-
fmt.Sprintf("Task '%s' failed", html.EscapeString(t.Template.Name)),
102+
fmt.Sprintf("Task '%s' failed", t.Template.Name),
104103
body.String(),
105104
); err != nil {
106105
util.LogError(err)

util/config_test.go

+2
Original file line numberDiff line numberDiff line change
@@ -388,6 +388,7 @@ func TestValidateConfig(t *testing.T) {
388388
var testDbDialect = DbDriverBolt
389389
var testCookieHash = "0Sn+edH3doJ4EO4Rl49Y0KrxjUkXuVtR5zKHGGWerxQ="
390390
var testMaxParallelTasks = 0
391+
var testEmailTlsMinVersion = "1.2"
391392

392393
Config.Port = testPort
393394
Config.Dialect = testDbDialect
@@ -396,6 +397,7 @@ func TestValidateConfig(t *testing.T) {
396397
Config.GitClientId = GoGitClientId
397398
Config.CookieEncryption = testCookieHash
398399
Config.AccessKeyEncryption = testCookieHash
400+
Config.EmailTlsMinVersion = testEmailTlsMinVersion
399401
validateConfig()
400402

401403
Config.Port = "INVALID"

0 commit comments

Comments
 (0)