Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: Ignore other users' comments #332

Merged
merged 1 commit into from
Jun 14, 2021
Merged

Fix: Ignore other users' comments #332

merged 1 commit into from
Jun 14, 2021

Conversation

rcowsill
Copy link
Contributor

Other users can post comments containing the header text that findPreviousComment searches for. Doing so can make this action update/recreate/delete the wrong message. Generally it's not a big problem, but in some cases it can be used to inject arbitrary content into the comment made by the action.

This PR makes findPreviousComment only return comments made by the current user, based on the GITHUB_TOKEN (usually github-actions[bot])

@rcowsill
Fix: Ignore other users' comments
bb98a83 
Make findPreviousComment only return comments made by the current user
(usually github-actions[bot])
@github-actions
Copy link 


> sticky-pull-request-comment@2.0.1 all /home/runner/work/sticky-pull-request-comment/sticky-pull-request-comment
> npm run build && npm run format && npm run lint && npm run package && npm test


> sticky-pull-request-comment@2.0.1 build /home/runner/work/sticky-pull-request-comment/sticky-pull-request-comment
> tsc


> sticky-pull-request-comment@2.0.1 format /home/runner/work/sticky-pull-request-comment/sticky-pull-request-comment
> prettier --write **/*.ts

__tests__/comment.test.ts 335ms
__tests__/config.test.ts 67ms
src/comment.ts 44ms
src/config.ts 25ms
src/main.ts 19ms

> sticky-pull-request-comment@2.0.1 lint /home/runner/work/sticky-pull-request-comment/sticky-pull-request-comment
> eslint src/**/*.ts


> sticky-pull-request-comment@2.0.1 package /home/runner/work/sticky-pull-request-comment/sticky-pull-request-comment
> ncc build --source-map --license licenses.txt

ncc: Version 0.28.6
ncc: Compiling file index.js
 30kB  dist/licenses.txt
 40kB  dist/sourcemap-register.js
219kB  dist/index.js
259kB  dist/index.js.map
289kB  [1739ms] - ncc 0.28.6

> sticky-pull-request-comment@2.0.1 test /home/runner/work/sticky-pull-request-comment/sticky-pull-request-comment
> jest

PASS __tests__/comment.test.ts
  ✓ findPreviousComment (5 ms)
  ✓ deleteComment
  updateComment
    ✓ with comment body (2 ms)
    ✓ without comment body and previous body (1 ms)
  createComment
    ✓ with comment body or previousBody (1 ms)
    ✓ without comment body and previousBody

PASS __tests__/config.test.ts
  ✓ repo (72 ms)
  ✓ header (6 ms)
  ✓ append (9 ms)
  ✓ recreate (4 ms)
  ✓ delete (5 ms)
  ✓ message (5 ms)
  path
    ✓ when exists return content of a file (5 ms)
    ✓ when not exists return null string (6 ms)

Test Suites: 2 passed, 2 total
Tests:       14 passed, 14 total
Snapshots:   0 total
Time:        3.719 s
Ran all test suites.
::error::ENOENT: no such file or directory, open './__tests__/assets/not_exists'

@marocchino marocchino merged commit 65b0a35 into marocchino:main Jun 14, 2021
@marocchino
Copy link
Owner

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rcowsill @marocchino