From a7238b9d8dfc5c2afd06cc2d476a814f0e0ec02a Mon Sep 17 00:00:00 2001 From: Jeremy Rudman Date: Thu, 17 Dec 2020 23:50:13 -0500 Subject: [PATCH 1/5] fix(hakiri): corrected unescaped model attribute --- app/views/doorkeeper/authorizations/error.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/doorkeeper/authorizations/error.html.haml b/app/views/doorkeeper/authorizations/error.html.haml index e96f0e7a5..a6172a71a 100644 --- a/app/views/doorkeeper/authorizations/error.html.haml +++ b/app/views/doorkeeper/authorizations/error.html.haml @@ -6,5 +6,5 @@ %p = @pre_auth.error_response.body[:error_description] %p - = raw t('doorkeeper.errors.messages.get_help', hackathon_name: content_tag(:strong, class: 'text-info') { HackathonConfig['name'] }) + = t('doorkeeper.errors.messages.get_help', hackathon_name: content_tag(:strong, class: 'text-info') { HackathonConfig['name'] }) From b549a7b224912670e24a69e5085b749a270534f8 Mon Sep 17 00:00:00 2001 From: Jeremy Rudman Date: Fri, 18 Dec 2020 00:10:13 -0500 Subject: [PATCH 2/5] fix(hakiri): added html_safe to show proper output --- app/views/doorkeeper/authorizations/error.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/doorkeeper/authorizations/error.html.haml b/app/views/doorkeeper/authorizations/error.html.haml index a6172a71a..adcc19217 100644 --- a/app/views/doorkeeper/authorizations/error.html.haml +++ b/app/views/doorkeeper/authorizations/error.html.haml @@ -6,5 +6,5 @@ %p = @pre_auth.error_response.body[:error_description] %p - = t('doorkeeper.errors.messages.get_help', hackathon_name: content_tag(:strong, class: 'text-info') { HackathonConfig['name'] }) + = t('doorkeeper.errors.messages.get_help', hackathon_name: content_tag(:strong, class: 'text-info') { HackathonConfig['name'] }).html_safe From 4a6334bcc91beb76959013e70e8cda98d86ddf1d Mon Sep 17 00:00:00 2001 From: Jeremy Rudman Date: Fri, 18 Dec 2020 00:42:23 -0500 Subject: [PATCH 3/5] fix(hakiri): added \A \z to regex --- app/models/questionnaire.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/questionnaire.rb b/app/models/questionnaire.rb index 380370264..0c39962fc 100644 --- a/app/models/questionnaire.rb +++ b/app/models/questionnaire.rb @@ -43,7 +43,7 @@ class Questionnaire < ApplicationRecord validates :portfolio_url, url: { allow_blank: true } validates :vcs_url, url: { allow_blank: true } - validates_format_of :vcs_url, with: %r{((github.com\/\w+\/?)|(gitlab.com\/\w+\/?)|(bitbucket.org\/\w+\/?))}, allow_blank: true, message: "Must be a GitHub, GitLab or Bitbucket url" + validates_format_of :vcs_url, with: %r{\A((github.com\/\w+\/?)|(gitlab.com\/\w+\/?)|(bitbucket.org\/\w+\/?))\z}, allow_blank: true, message: "Must be a GitHub, GitLab or Bitbucket url" strip_attributes From 01f1ddd280bdea5cbd7d2a70e96229839f6101d2 Mon Sep 17 00:00:00 2001 From: Jeremy Rudman Date: Fri, 18 Dec 2020 13:25:24 -0500 Subject: [PATCH 4/5] fix(questionnaire): fixed hakiri error with vcs link regex --- app/models/questionnaire.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/app/models/questionnaire.rb b/app/models/questionnaire.rb index 0c39962fc..41c4a9b10 100644 --- a/app/models/questionnaire.rb +++ b/app/models/questionnaire.rb @@ -43,8 +43,7 @@ class Questionnaire < ApplicationRecord validates :portfolio_url, url: { allow_blank: true } validates :vcs_url, url: { allow_blank: true } - validates_format_of :vcs_url, with: %r{\A((github.com\/\w+\/?)|(gitlab.com\/\w+\/?)|(bitbucket.org\/\w+\/?))\z}, allow_blank: true, message: "Must be a GitHub, GitLab or Bitbucket url" - + validates_format_of :vcs_url, with: /\A(((https?:\/\/)?(www\.)?github\.com\/\w+\/?)|((https?:\/\/)?(www\.)?gitlab\.com\/\w+\/?)|((https?:\/\/)?(www\.)?bitbucket\.org\/\w+\/?))\z/, allow_blank: true, message: "Must be a GitHub, GitLab or Bitbucket url" strip_attributes POSSIBLE_EXPERIENCES = { @@ -135,7 +134,7 @@ def portfolio_url=(value) end def vcs_url=(value) - value = "http://" + value if !value.blank? && !value.include?("http://") && !value.include?("https://") + value = "https://" + value if !value.blank? && !value.include?("http://") && !value.include?("https://") super value end From 2dff98898578a9e4c0482cb89db2d789ab517037 Mon Sep 17 00:00:00 2001 From: Jeremy Rudman Date: Fri, 18 Dec 2020 13:27:31 -0500 Subject: [PATCH 5/5] fix(questionnaire): fixed houndci commplaint --- app/models/questionnaire.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/questionnaire.rb b/app/models/questionnaire.rb index 41c4a9b10..5407edf57 100644 --- a/app/models/questionnaire.rb +++ b/app/models/questionnaire.rb @@ -43,7 +43,7 @@ class Questionnaire < ApplicationRecord validates :portfolio_url, url: { allow_blank: true } validates :vcs_url, url: { allow_blank: true } - validates_format_of :vcs_url, with: /\A(((https?:\/\/)?(www\.)?github\.com\/\w+\/?)|((https?:\/\/)?(www\.)?gitlab\.com\/\w+\/?)|((https?:\/\/)?(www\.)?bitbucket\.org\/\w+\/?))\z/, allow_blank: true, message: "Must be a GitHub, GitLab or Bitbucket url" + validates_format_of :vcs_url, with: %r{\A(((https?:\/\/)?(www\.)?github\.com\/\w+\/?)|((https?:\/\/)?(www\.)?gitlab\.com\/\w+\/?)|((https?:\/\/)?(www\.)?bitbucket\.org\/\w+\/?))\z}, allow_blank: true, message: "Must be a GitHub, GitLab or Bitbucket url" strip_attributes POSSIBLE_EXPERIENCES = {