From 9ad620af53f9bded4588513f4378b0bc76068744 Mon Sep 17 00:00:00 2001 From: Vasily Strelyaev Date: Thu, 25 Jan 2024 19:12:41 +0400 Subject: [PATCH] chore: fix code scanning alerts (#26483) --- .github/workflows/codeql.yml | 6 ++++++ packages/devextreme/js/core/utils/string.js | 2 +- packages/devextreme/js/localization/ldml/number.js | 2 +- .../testing/tests/DevExpress.core/utils.string.tests.js | 1 + 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1bea494a7be3..ec9ffd4c6ef9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,6 +28,10 @@ jobs: with: ref: ${{ matrix.branch }} + - name: Get head SHA + id: get-head-sha + run: echo "SHA=$(git rev-parse origin/${{ matrix.branch }})" >> "$GITHUB_OUTPUT" + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v2 @@ -42,6 +46,8 @@ jobs: uses: github/codeql-action/analyze@v2 with: category: "/language:${{matrix.language}}" + ref: refs/heads/${{ matrix.branch }} + sha: ${{ steps.get-head-sha.outputs.SHA }} fetch: runs-on: devextreme-shr2 diff --git a/packages/devextreme/js/core/utils/string.js b/packages/devextreme/js/core/utils/string.js index 0e43bdff1789..846791d0674c 100644 --- a/packages/devextreme/js/core/utils/string.js +++ b/packages/devextreme/js/core/utils/string.js @@ -73,7 +73,7 @@ export function format(template, ...values) { export const replaceAll = (function() { const quote = function(str) { - return (str + '').replace(/([+*?.[^\]$(){}><|=!:])/g, '\\$1'); // lgtm[js/incomplete-sanitization] + return (str + '').replace(/([\\+*?.[^\]$(){}><|=!:])/g, '\\$1'); }; return function(text, searchToken, replacementToken) { diff --git a/packages/devextreme/js/localization/ldml/number.js b/packages/devextreme/js/localization/ldml/number.js index 4407c7af6c93..180e103fa70d 100644 --- a/packages/devextreme/js/localization/ldml/number.js +++ b/packages/devextreme/js/localization/ldml/number.js @@ -210,7 +210,7 @@ function getFormatByValueText(valueText, formatter, isPercent, isNegative) { format = format.replace(/1+/, '1').replace(/1/g, '#'); if(!isPercent) { - format = format.replace('%', '\'%\''); // lgtm[js/incomplete-sanitization] + format = format.replace(/%/g, '\'%\''); } return format; diff --git a/packages/devextreme/testing/tests/DevExpress.core/utils.string.tests.js b/packages/devextreme/testing/tests/DevExpress.core/utils.string.tests.js index 0490ce619620..1672eb308750 100644 --- a/packages/devextreme/testing/tests/DevExpress.core/utils.string.tests.js +++ b/packages/devextreme/testing/tests/DevExpress.core/utils.string.tests.js @@ -7,6 +7,7 @@ QUnit.test('replace all case insensitive', function(assert) { assert.strictEqual(stringUtils.replaceAll('test sentence', 'test', '$1'), 'test sentence', 'replacement token $1'); assert.strictEqual(stringUtils.replaceAll('Test sentence', 'test', '$1'), 'Test sentence', 'Replacement for different case'); assert.strictEqual(stringUtils.replaceAll('Test sentence test', 'test', '$1'), 'Test sentence test', 'Multiple replacements'); + assert.strictEqual(stringUtils.replaceAll('test sentence', 'test', '\\$1\\'), '\\test\\ sentence', 'backslash escaped correctly'); }); QUnit.test('stringFormat', function(assert) {