Skip to content

Commit ec6b4e0

Browse files
ci(security): fix codeql alerts and lockfile drift (#107)
1 parent 0c70d89 commit ec6b4e0

File tree

6 files changed

+85
-38
lines changed

6 files changed

+85
-38
lines changed

.github/workflows/ci.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,9 @@ on:
1818
- ".codex/**"
1919
- ".opencode/**"
2020

21+
permissions:
22+
contents: read
23+
2124
concurrency:
2225
group: ci-${{ github.ref }}
2326
cancel-in-progress: true

.github/workflows/org-required-checks.yml

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,18 +10,19 @@ on:
1010
- ready_for_review
1111
deployment_status:
1212

13+
permissions:
14+
checks: read
15+
contents: read
16+
pull-requests: read
17+
statuses: read
18+
1319
jobs:
1420
verify:
1521
name: Check
1622
if: |
1723
github.event_name == 'pull_request' ||
1824
(github.event_name == 'deployment_status' && github.event.deployment_status.state == 'success')
1925
runs-on: ubuntu-latest
20-
permissions:
21-
checks: read
22-
contents: read
23-
pull-requests: read
24-
statuses: read
2526
steps:
2627
- name: Wait for merge gates
2728
uses: actions/github-script@v8

bun.lock

Lines changed: 18 additions & 18 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/shopify-cable-source/src/source.ts

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
import { cleanText, normalizeWhitespace } from "./text";
12
import type {
23
ShopifyCableSourceTemplate,
34
ShopifyEvidencePointer,
@@ -189,21 +190,6 @@ const UNKNOWN_BRAND_TOKENS = new Set([
189190
"null",
190191
]);
191192

192-
const stripTags = (value: string): string => {
193-
return value.replace(/<[^>]+>/g, " ");
194-
};
195-
196-
const normalizeWhitespace = (value: string): string => {
197-
return value.replace(/\s+/g, " ").trim();
198-
};
199-
200-
const cleanText = (value: string | undefined | null): string => {
201-
if (typeof value !== "string") {
202-
return "";
203-
}
204-
return normalizeWhitespace(stripTags(value));
205-
};
206-
207193
const combineUniqueText = (...segments: Array<string | undefined>): string => {
208194
const seen = new Set<string>();
209195
const unique: string[] = [];
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
import { describe, expect, it } from "bun:test";
2+
import { cleanText } from "./text";
3+
4+
describe("cleanText", () => {
5+
it("strips balanced HTML tags and normalizes whitespace", () => {
6+
expect(cleanText(" <p>Hello <strong>world</strong></p> ")).toBe(
7+
"Hello world"
8+
);
9+
});
10+
11+
it("preserves unmatched angle brackets instead of truncating the remainder", () => {
12+
expect(cleanText("prefix <<<<<<<<<< trailing")).toBe(
13+
"prefix <<<<<<<<<< trailing"
14+
);
15+
});
16+
17+
it("returns an empty string for non-string input", () => {
18+
expect(cleanText(undefined)).toBe("");
19+
expect(cleanText(null)).toBe("");
20+
});
21+
});
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
const stripBalancedTags = (value: string): string => {
2+
let cursor = 0;
3+
let output = "";
4+
5+
while (cursor < value.length) {
6+
const tagStart = value.indexOf("<", cursor);
7+
if (tagStart === -1) {
8+
output += value.slice(cursor);
9+
break;
10+
}
11+
12+
const tagEnd = value.indexOf(">", tagStart + 1);
13+
if (tagEnd === -1) {
14+
output += value.slice(cursor);
15+
break;
16+
}
17+
18+
output += value.slice(cursor, tagStart);
19+
output += " ";
20+
cursor = tagEnd + 1;
21+
}
22+
23+
return output;
24+
};
25+
26+
export const normalizeWhitespace = (value: string): string => {
27+
return value.replace(/\s+/g, " ").trim();
28+
};
29+
30+
export const cleanText = (value: string | undefined | null): string => {
31+
if (typeof value !== "string") {
32+
return "";
33+
}
34+
35+
return normalizeWhitespace(stripBalancedTags(value));
36+
};

0 commit comments

Comments
 (0)