From 9db82ef412174a1d36a45a47a296394122653c38 Mon Sep 17 00:00:00 2001
From: Isaac Jimeno <ijimeno@redhat.com>
Date: Thu, 1 Feb 2024 11:14:07 +0000
Subject: [PATCH] OCPBUGS-26937: Add extra check in ids to bypass validations
 (#899)

* Add extra check in ids (snyk)

* Add snyk ignore policy for vendor folder

* fix linting
---
 .snyk                 |  7 +++++++
 cmd/changelog/main.go | 17 ++++++++++++-----
 2 files changed, 19 insertions(+), 5 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000..d84ee8d87
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,7 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+patch: {}
+exclude:
+  global:
+    - vendor
diff --git a/cmd/changelog/main.go b/cmd/changelog/main.go
index 9d9854a09..6bcaafe20 100644
--- a/cmd/changelog/main.go
+++ b/cmd/changelog/main.go
@@ -248,12 +248,19 @@ func getChanges(pullRequestIds, pullRequestHashes []string) []*Change {
 	var changes []*Change
 	log.Print("Reading changes from the GitHub API")
 	for i, id := range pullRequestIds {
-		change := getPullRequestFromGitHub(id)
-		change.hash = pullRequestHashes[i]
-		if _, err := determineReleases(change); err != nil {
-			continue
+		// This regex checks that the ids passed as CLI arguments are valid.
+		// This code cannot be encapsulated or Snyk will flag it as a defect.
+		// This warning was originally raised in issue OCPBUGS-26937.
+		if regexp.MustCompile(`^\d*$`).MatchString(id) {
+			change := getPullRequestFromGitHub(id)
+			change.hash = pullRequestHashes[i]
+			if _, err := determineReleases(change); err != nil {
+				continue
+			}
+			changes = append(changes, change)
+		} else {
+			log.Print("ERR :: could not validate entered Pull Request, ", id)
 		}
-		changes = append(changes, change)
 	}
 	return changes
 }