Security vulnerability question #723

Workflow file for this run

.github/workflows/notifications.yml at 7b5ba17

	name: Send Notifications to Slack
	on:
	pull_request:
	types: [opened, reopened]
	issues:
	types: [opened]
	issue_comment:
	types: [created]

	jobs:
	issue-notifications:
	name: Send Notifications
	runs-on: ubuntu-latest

	steps:
	- uses: actions/github-script@v7
	id: sanitize-title
	with:
	script: \|
	const isPR = !!context.payload.pull_request;
	const isIssue = !!context.payload.issue;
	const item = isPR ? context.payload.pull_request : isIssue ? context.payload.issue : context.payload.issue_comment.issue;

	// Sanitization functions
	const sanitizeTitle = (title) => {
	return title
	// Remove potential markdown formatting
	.replace(/[*_~`]/g, '')
	// Remove potential HTML tags
	.replace(/<[^>]*>/g, '')
	// Remove multiple spaces
	.replace(/\s{2,}/g, ' ')
	// Trim whitespace
	.trim()
	// Enforce max length of 100
	.substring(0, 100);
	};

	// Escape special characters for Slack
	const escapeForSlack = (text) => {
	return text
	.replace(/"/g, '"')
	.replace(/&/g, '&')
	.replace(/</g, '<')
	.replace(/[@]/g, '\\@')
	.replace(/>/g, '>')
	.replace(/&lt;/g, '<')
	.replace(/&gt;/g, '>');
	};

	const sanitizedTitle = escapeForSlack(sanitizeTitle(item.title));
	console.log('Sanitized Title: ', sanitizedTitle);
	core.setOutput('safe-title', sanitizedTitle);
	- name: Send notifications on Pull Request
	if: ${{ github.event_name == 'pull_request'}}
	id: slack_PR
	uses: slackapi/slack-github-action@v1.26.0
	with:
	payload: \|
	{
	"Notification_Type": "Pull Request",
	"Notification_URL":"${{ github.event.pull_request.html_url }}",
	"GitHub_Repo": "${{ github.repository }}",
	"Notification_Title": "${{ steps.sanitize-title.outputs.safe-title }}"
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
	- name: Send notification on new issues
	if: ${{github.event_name == 'issues'}}
	id: slack_issue
	uses: slackapi/slack-github-action@v1.26.0
	with:
	payload: \|
	{
	"Notification_Type": "Issue",
	"Notification_URL":"${{ github.event.issue.html_url }}",
	"GitHub_Repo": "${{ github.repository }}",
	"Notification_Title": "${{ steps.sanitize-title.outputs.safe-title }}"
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
	- name: Send notification on Issues and Pull Requests Comments
	if: ${{github.event_name == 'issue_comment'}}
	id: slack_issue_comment
	uses: slackapi/slack-github-action@v1.26.0
	with:
	payload: \|
	{
	"Notification_Type": "Issue comment",
	"Notification_URL":"${{ github.event.comment.html_url }}",
	"GitHub_Repo": "${{ github.repository }}",
	"Notification_Title": "${{ steps.sanitize-title.outputs.safe-title }}"
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security vulnerability question #723

Workflow file

Security vulnerability question #723

Uh oh!

Jobs

Run details

Workflow file for this run