From 4ee030a5abccaea7169d8cce6bf594b9b9587c96 Mon Sep 17 00:00:00 2001
From: Rakesh Tembhurne <rakeshtembhurne@users.noreply.github.com>
Date: Wed, 14 Aug 2019 13:35:02 +0530
Subject: [PATCH] fix(html-sanitize): Sanitize HTML comments in PR (#4285)

Sanitizes HTML comments inside PR body for BitBucket server.
Includes snapshots for the tests.

Closes #3715
---
 lib/platform/bitbucket-server/index.ts        |  1 +
 .../__snapshots__/index.spec.ts.snap          | 28 +++++++++++++++++++
 test/platform/bitbucket-server/index.spec.ts  | 15 ++++++++++
 3 files changed, 44 insertions(+)

diff --git a/lib/platform/bitbucket-server/index.ts b/lib/platform/bitbucket-server/index.ts
index 9bf3b8249a..3db6783c49 100644
--- a/lib/platform/bitbucket-server/index.ts
+++ b/lib/platform/bitbucket-server/index.ts
@@ -964,6 +964,7 @@ export function getPrBody(input: string) {
     .replace(/<\/?summary>/g, '**')
     .replace(/<\/?details>/g, '')
     .replace(new RegExp(`\n---\n\n.*?<!-- .*?-rebase -->.*?(\n|$)`), '')
+    .replace(new RegExp('<!--.*?-->', 'g'), '')
     .substring(0, 30000);
 }
 
diff --git a/test/platform/bitbucket-server/__snapshots__/index.spec.ts.snap b/test/platform/bitbucket-server/__snapshots__/index.spec.ts.snap
index 33177c798e..7a53c606cb 100644
--- a/test/platform/bitbucket-server/__snapshots__/index.spec.ts.snap
+++ b/test/platform/bitbucket-server/__snapshots__/index.spec.ts.snap
@@ -921,6 +921,20 @@ exports[`platform/bitbucket-server endpoint with no path getPr() returns null fo
 
 exports[`platform/bitbucket-server endpoint with no path getPrBody() returns diff files 1`] = `"**foo**bartext"`;
 
+exports[`platform/bitbucket-server endpoint with no path getPrBody() sanitizes HTML comments in the body 1`] = `
+"---
+
+- [ ] If you want to rebase/retry this PR, check this box
+- [ ] <a href=\\"/some/link\\">Update renovate/renovate to 16.1.2</a>
+
+---
+
+Empty comment.
+
+Followed by some information.
+"
+`;
+
 exports[`platform/bitbucket-server endpoint with no path getPrFiles() returns one file 1`] = `
 Array [
   Array [
@@ -2381,6 +2395,20 @@ exports[`platform/bitbucket-server endpoint with path getPr() returns null for n
 
 exports[`platform/bitbucket-server endpoint with path getPrBody() returns diff files 1`] = `"**foo**bartext"`;
 
+exports[`platform/bitbucket-server endpoint with path getPrBody() sanitizes HTML comments in the body 1`] = `
+"---
+
+- [ ] If you want to rebase/retry this PR, check this box
+- [ ] <a href=\\"/some/link\\">Update renovate/renovate to 16.1.2</a>
+
+---
+
+Empty comment.
+
+Followed by some information.
+"
+`;
+
 exports[`platform/bitbucket-server endpoint with path getPrFiles() returns one file 1`] = `
 Array [
   Array [
diff --git a/test/platform/bitbucket-server/index.spec.ts b/test/platform/bitbucket-server/index.spec.ts
index 7935bc6edf..dfd8d36a2b 100644
--- a/test/platform/bitbucket-server/index.spec.ts
+++ b/test/platform/bitbucket-server/index.spec.ts
@@ -684,6 +684,21 @@ describe('platform/bitbucket-server', () => {
             )
           ).toMatchSnapshot();
         });
+
+        it('sanitizes HTML comments in the body', () => {
+          const prBody = bitbucket.getPrBody(`---
+
+- [ ] <!-- renovate-rebase -->If you want to rebase/retry this PR, check this box
+- [ ] <!-- recreate-branch=renovate/docker-renovate-renovate-16.x --><a href="/some/link">Update renovate/renovate to 16.1.2</a>
+
+---
+<!---->
+Empty comment.
+<!-- This is another comment -->
+Followed by some information.
+<!-- followed by some more comments -->`);
+          expect(prBody).toMatchSnapshot();
+        });
       });
 
       describe('getCommitMessages()', () => {
-- 
GitLab