Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

escape or sanitize inputs #115

Closed
drrobotnik opened this issue Sep 26, 2017 · 3 comments
Closed

escape or sanitize inputs #115

drrobotnik opened this issue Sep 26, 2017 · 3 comments

Comments

@drrobotnik
Copy link

drrobotnik commented Sep 26, 2017
edited
Loading

Fields to and from Jira can have any type of formatting. These fields should be escaped before being placed in the YAML templates.

For example:

fields:
  assignee:
    name: user
  description: As a visitor, I want clear information about XYZ^M
^M
Design updates located in assets^M
^M
*Notes:*^M
* XXXXXXXXXXX^M
* XXXXXXX ^M
* XXXXXXXXXX ^M
^M
_*Acceptance Criteria*_^M
1. XXXXXXXX^M

  customfield_13624: "."
transition:
  id: 21
  name: In Progress

Results in:

ERROR yaml: line 7: could not find expected ':'
? Invalid YAML syntax, edit again? (Y/n)

In this case the description should be wrapped in parenthesis and if the story includes any special characters they should be escaped. Having to do this manually is cumbersome.

This is also true for custom commands and arguments.

For example:

  - name: release
    help: display stories related to a release
    script: |-
       {{jira}} list --template=list-stories --query "project = $JIRA_PROJECT AND status in (resolved, closed) and {{args.fixversion}}"
    args:
      - name: fixversion
        required: false

$ jira release fixversion="2016.52.00 10.17.2017"

Invalid Usage: Error in the JQL Query: Expecting either 'OR' or 'AND' but got '10.17.2017'. (line 1, character 77)
@coryb
Copy link
Contributor

coryb commented Sep 26, 2017
edited
Loading

The transition template is bad for the description field. This is the current template section:

{{if .meta.fields.description}}
  description: {{or .overrides.description .fields.description }}
{{- end -}}

It needs to use the multiline block yaml notation like:

{{if .meta.fields.description}}
  description: |~
    {{ or .fields.description "" | indent 4 }}
{{- end -}}

I will get this change in.

For the JQL issue, that is hard to do the escaping generically. I would argue that it is a problem with your query string rather than an issue with jira.

I would rewrite you command like:

- name: release
    help: display stories related to a release
    script: |-
       {{jira}} list --template=list-stories --query "project = $JIRA_PROJECT AND status in (resolved, closed) {{if options.fixversion}}and fixversion=\"{{options.fixversion}}\"{{end}}"
    options:
      - name: fixversion

then the usage would be jira release or jira release --fixversion="2016.52.00 10.17.2017"

@drrobotnik
Copy link
Author

Great.

I like the solution for the custom command options.

Thanks!

coryb added a commit that referenced this issue Sep 27, 2017
@coryb
[#115] fix transition template for description
986cc78
@coryb
Copy link
Contributor

coryb commented Sep 27, 2017

I have updated the default template and cut a release:
https://github.com/Netflix-Skunkworks/go-jira/releases/tag/v1.0.11

Hopefully that fixes your escaping issues with the description field.

@coryb coryb closed this as completed Oct 3, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coryb @drrobotnik