Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc62afc9

Browse files
MajorLiftgithub-advanced-security[bot]Copilot
authored
fix(security): Incomplete multi-character sanitization in GitHub Actions script (#36072)
Potential fix for[https://github.com/MetaMask/metamask-extension/security/code-scanning/202](https://github.com/MetaMask/metamask-extension/security/code-scanning/202)To fix this incomplete multi-character sanitization, apply thereplacement repeatedly until no more changes are made. This ensures thatall HTML comments, including any introduced as replacements expose newtags, are fully removed. The best approach in this setting is to wrapthe replace operation in a do-while loop, repeatedly removing HTMLcomments until the string remains unchanged. This will not affect otheruses of the string and preserves current functionality, ensuring robustremoval of all comment tags.All changes are confined to the `hasChangelogEntry` function in`.github/scripts/check-template-and-add-labels.ts`, specifically line412. No additional imports or new dependencies are needed.---_Suggested fixes powered by Copilot Autofix. Review carefully beforemerging._<!-- CURSOR_SUMMARY -->---> [!NOTE]> Harden `hasChangelogEntry` to repeatedly remove HTML comments untilstable (with a 100-iteration safety cap) before validating the changelogline.> > - **GitHub Actions script**(`.github/scripts/check-template-and-add-labels.ts`)> - **Changelog parsing**: Update `hasChangelogEntry` to iterativelystrip HTML comments until no further changes, capped at 100 iterationswith a warning.> - Maintains existing logic for extracting and validating the`CHANGELOG entry:` line after comment removal.> > <sup>Written by [CursorBugbot](https://cursor.com/dashboard?tab=bugbot) for commit72711dd. This will update automaticallyon new commits. Configure[here](https://cursor.com/dashboard?tab=bugbot).</sup><!-- /CURSOR_SUMMARY -->---------Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
1 parent5957159 commitc62afc9

File tree

1 file changed

+13
-1
lines changed

1 file changed

+13
-1
lines changed

‎.github/scripts/check-template-and-add-labels.ts‎

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -409,7 +409,19 @@ async function userBelongsToMetaMaskOrg(
409409
// This function checks if the PR description has a changelog entry
410410
functionhasChangelogEntry(body:string):boolean{
411411
// Remove HTML comments (including multiline)
412-
constuncommentedBody=body.replace(/<!--[\s\S]*?-->/g,"");
412+
letuncommentedBody=body;
413+
letprevBody;
414+
letiterationCount=0;
415+
constMAX_ITERATIONS=100;
416+
do{
417+
prevBody=uncommentedBody;
418+
uncommentedBody=uncommentedBody.replace(/<!--[\s\S]*?-->/g,"");
419+
iterationCount++;
420+
if(iterationCount>=MAX_ITERATIONS){
421+
console.warn(`Reached maximum HTML comment removal iterations (${MAX_ITERATIONS}). Input may be malformed or malicious.`);
422+
break;
423+
}
424+
}while(uncommentedBody!==prevBody);
413425

414426
// Split body into lines
415427
constlines=uncommentedBody.split(/\r?\n/);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp