FIX: escape ``` in diff

FIX: escape ``` in diff

previously if a commit contains ``` we could cause diff to leak out
of the dedicated section

From b72ac8a090b73b029b5fc2049fecc75eabc02865 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Mon, 3 Dec 2018 11:03:48 +1100
Subject: [PATCH] FIX: escape ``` in diff

previously if a commit contains ``` we could cause diff to leak out
of the dedicated section

diff --git a/lib/discourse_code_review/importer.rb b/lib/discourse_code_review/importer.rb
index 234ec60..70e2f28 100644
--- a/lib/discourse_code_review/importer.rb
+++ b/lib/discourse_code_review/importer.rb
@@ -30,40 +30,47 @@ module DiscourseCodeReview
     def import_commits
       github_repo.commits_since.each do |commit|
 
-        link = <<~LINK
-          [<small>GitHub</small>](https://github.com/#{github_repo.name}/commit/#{commit[:hash]})
-        LINK
-
-        title = commit[:subject]
-        raw = commit[:body] + "\n\n```diff\n#{commit[:diff]}\n```\n#{link}"
-
-        user = ensure_user(
-          email: commit[:email],
-          name: commit[:name],
-          github_login: commit[:author_login],
-          github_id: commit[:author_id]
-        )
+      end
+    end
 
-        if !TopicCustomField.exists?(name: DiscourseCodeReview::CommitHash, value: commit[:hash])
+    def import_commit(commit)
+      link = <<~LINK
+        [<small>GitHub</small>](https://github.com/#{github_repo.name}/commit/#{commit[:hash]})
+      LINK
 
-          post = PostCreator.create!(
-            user,
-            raw: raw,
-            title: title,
-            created_at: commit[:date],
-            category: category_id,
-            tags: [SiteSetting.code_review_pending_tag],
-            skip_validations: true,
-          )
+      title = commit[:subject]
+      # we add a unicode zero width joiner so code block is not corrupted
+      diff = commit[:diff].gsub('```', "`\u200d``")
+      raw = commit[:body] + "\n\n```diff\n#{diff}\n```\n#{link}"
 
-          TopicCustomField.create!(
-            topic_id: post.topic_id,
-            name: DiscourseCodeReview::CommitHash,
-            value: commit[:hash]
-          )
+      user = ensure_user(
+        email: commit[:email],
+        name: commit[:name],
+        github_login: commit[:author_login],
+        github_id: commit[:author_id]
+      )
 
-          github_repo.last_commit = commit[:hash]
-        end
+      if !TopicCustomField.exists?(name: DiscourseCodeReview::CommitHash, value: commit[:hash])
+
+        post = PostCreator.create!(
+          user,
+          raw: raw,
+          title: title,
+          created_at: commit[:date],
+          category: category_id,
+          tags: [SiteSetting.code_review_pending_tag],
+          skip_validations: true,
+        )
+
+        TopicCustomField.create!(
+          topic_id: post.topic_id,
+          name: DiscourseCodeReview::CommitHash,
+          value: commit[:hash]
+        )
+
+        github_repo.last_commit = commit[:hash]
+
+        post
       end
     end
 
diff --git a/spec/discourse_code_review/lib/importer_spec.rb b/spec/discourse_code_review/lib/importer_spec.rb
index 0810de7..7e78814 100644
--- a/spec/discourse_code_review/lib/importer_spec.rb
+++ b/spec/discourse_code_review/lib/importer_spec.rb
@@ -13,5 +13,26 @@ module DiscourseCodeReview
       expect(id).to be > 0
       expect(Importer.new(repo).category_id).to eq(id)
     end
+
+    it "can escape diff ```" do
+
+      repo = GithubRepo.new("discourse/discourse", Octokit::Client.new)
+
+      diff = "```\nwith a diff"
+
+      commit = {
+        subject: "hello world",
+        body: "this is the body",
+        email: "sam@sam.com",
+        github_login: "sam",
+        github_id: "111",
+        date: 1.day.ago,
+        diff: diff
+      }
+
+      post = Importer.new(repo).import_commit(commit)
+
+      expect(post.cooked.scan("code").length).to eq(2)
+    end
   end
 end

GitHub

1 Like