From 53b63205171cc266d3294ac4f654177fd9039679 Mon Sep 17 00:00:00 2001 From: dessant Date: Sat, 19 Jan 2019 13:44:47 +0200 Subject: [PATCH] fix: apply stricter config validation --- README.md | 2 +- assets/app-description.md | 2 +- src/lock.js | 10 +++++++--- src/schema.js | 34 +++++++++++++++++++++++++++++----- 4 files changed, 38 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index fe4b62b..56c4e9e 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ daysUntilLock: 365 # follow ISO 8601 (`YYYY-MM-DD`). Set to `false` to disable skipCreatedBefore: false -# Issues and pull requests with these labels will not be locked. Set to `[]` to disable +# Issues and pull requests with these labels will be ignored. Set to `[]` to disable exemptLabels: [] # Label to add before locking, such as `outdated`. Set to `false` to disable diff --git a/assets/app-description.md b/assets/app-description.md index 1e903ca..63f27bb 100644 --- a/assets/app-description.md +++ b/assets/app-description.md @@ -24,7 +24,7 @@ daysUntilLock: 365 # follow ISO 8601 (`YYYY-MM-DD`). Set to `false` to disable skipCreatedBefore: false -# Issues and pull requests with these labels will not be locked. Set to `[]` to disable +# Issues and pull requests with these labels will be ignored. Set to `[]` to disable exemptLabels: [] # Label to add before locking, such as `outdated`. Set to `false` to disable diff --git a/src/lock.js b/src/lock.js index 1216104..0238633 100644 --- a/src/lock.js +++ b/src/lock.js @@ -76,7 +76,7 @@ module.exports = class Lock { } if (skipCreatedBefore) { - query += ` created:>${skipCreatedBefore}`; + query += ` created:>${this.getISOTimestamp(skipCreatedBefore)}`; } if (type === 'issues') { @@ -93,14 +93,18 @@ module.exports = class Lock { per_page: 30 })).data.items; - // `is:unlocked` search qualifier is undocumented, skip wrong results + // `is:unlocked` search qualifier is undocumented, skip locked issues return results.filter(issue => !issue.locked); } getUpdatedTimestamp(days) { const ttl = days * 24 * 60 * 60 * 1000; const date = new Date(new Date() - ttl); - return date.toISOString().replace(/\.\d{3}\w$/, ''); + return this.getISOTimestamp(date); + } + + getISOTimestamp(date) { + return date.toISOString().split('.')[0] + 'Z'; } getConfigValue(type, key) { diff --git a/src/schema.js b/src/schema.js index 482b649..1c399cd 100644 --- a/src/schema.js +++ b/src/schema.js @@ -9,7 +9,13 @@ const fields = { ), skipCreatedBefore: Joi.alternatives() - .try(Joi.string(), Joi.boolean().only(false)) + .try( + Joi.date() + .iso() + .min('1970-01-01T00:00:00Z') + .max('2970-12-31T23:59:59Z'), + Joi.boolean().only(false) + ) .description( 'Skip issues and pull requests created before a given timestamp. Timestamp ' + 'must follow ISO 8601 (`YYYY-MM-DD`). Set to `false` to disable' @@ -17,19 +23,33 @@ const fields = { exemptLabels: Joi.array() .single() - .items(Joi.string()) + .items( + Joi.string() + .trim() + .max(50) + ) .description( 'Issues and pull requests with these labels will not be locked. Set to `[]` to disable' ), lockLabel: Joi.alternatives() - .try(Joi.string(), Joi.boolean().only(false)) + .try( + Joi.string() + .trim() + .max(50), + Joi.boolean().only(false) + ) .description( 'Label to add before locking, such as `outdated`. Set to `false` to disable' ), lockComment: Joi.alternatives() - .try(Joi.string(), Joi.boolean().only(false)) + .try( + Joi.string() + .trim() + .max(10000), + Joi.boolean().only(false) + ) .description('Comment to post before locking. Set to `false` to disable'), setLockReason: Joi.boolean().description( @@ -49,11 +69,15 @@ const schema = Joi.object().keys({ ), setLockReason: fields.setLockReason.default(true), only: Joi.string() + .trim() .valid('issues', 'pulls') .description('Limit to only `issues` or `pulls`'), pulls: Joi.object().keys(fields), issues: Joi.object().keys(fields), - _extends: Joi.string().description('Repository to extend settings from'), + _extends: Joi.string() + .trim() + .max(260) + .description('Repository to extend settings from'), perform: Joi.boolean().default(!process.env.DRY_RUN) });