From 0220eb71f53a0f3fe3200e27d7875cc693278ec2 Mon Sep 17 00:00:00 2001
From: Sergei Zharinov <zharinov@users.noreply.github.com>
Date: Tue, 20 Aug 2024 05:37:29 -0300
Subject: [PATCH] fix(github): Sanitize mentions in commit bodies (#30842)

---
 lib/modules/platform/github/scm.spec.ts | 35 +++++++++++++++++++++++++
 lib/modules/platform/github/scm.ts      | 10 +++++++
 2 files changed, 45 insertions(+)

diff --git a/lib/modules/platform/github/scm.spec.ts b/lib/modules/platform/github/scm.spec.ts
index 7e25cde834..6242b23d56 100644
--- a/lib/modules/platform/github/scm.spec.ts
+++ b/lib/modules/platform/github/scm.spec.ts
@@ -73,4 +73,39 @@ describe('modules/platform/github/scm', () => {
       platformCommit: 'auto',
     });
   });
+
+  describe('sanitize mentions in commit messages', () => {
+    it('single string', async () => {
+      await githubScm.commitAndPush({
+        ...commitObj,
+        message: 'Use @octokit to irritate @octocat',
+        platformCommit: 'enabled',
+      });
+
+      expect(git.commitFiles).not.toHaveBeenCalled();
+      expect(github.commitFiles).toHaveBeenCalledWith({
+        ...commitObj,
+        message: 'Use @\u{8203}octokit to irritate @\u{8203}octocat',
+        platformCommit: 'enabled',
+      });
+    });
+
+    it('array of string', async () => {
+      await githubScm.commitAndPush({
+        ...commitObj,
+        message: ['Use @octokit', 'It automates the way we irritate @octocat'],
+        platformCommit: 'enabled',
+      });
+
+      expect(git.commitFiles).not.toHaveBeenCalled();
+      expect(github.commitFiles).toHaveBeenCalledWith({
+        ...commitObj,
+        message: [
+          'Use @\u{8203}octokit',
+          'It automates the way we irritate @\u{8203}octocat',
+        ],
+        platformCommit: 'enabled',
+      });
+    });
+  });
 });
diff --git a/lib/modules/platform/github/scm.ts b/lib/modules/platform/github/scm.ts
index cb943b4641..e44daf3eeb 100644
--- a/lib/modules/platform/github/scm.ts
+++ b/lib/modules/platform/github/scm.ts
@@ -1,8 +1,13 @@
+import is from '@sindresorhus/is';
 import * as git from '../../../util/git';
 import type { CommitFilesConfig, LongCommitSha } from '../../../util/git/types';
 import { DefaultGitScm } from '../default-scm';
 import { commitFiles, isGHApp } from './';
 
+export function sanitizeMentions(input: string): string {
+  return input.replaceAll('@', '@\u{8203}');
+}
+
 export class GithubScm extends DefaultGitScm {
   override commitAndPush(
     commitConfig: CommitFilesConfig,
@@ -12,6 +17,11 @@ export class GithubScm extends DefaultGitScm {
       platformCommit = 'enabled';
     }
 
+    const sanitizedMessage = is.array(commitConfig.message)
+      ? commitConfig.message.map(sanitizeMentions)
+      : sanitizeMentions(commitConfig.message);
+    commitConfig.message = sanitizedMessage;
+
     return platformCommit === 'enabled'
       ? commitFiles(commitConfig)
       : git.commitFiles(commitConfig);
-- 
GitLab