Skip to content

Fix security scanner findings: XSS, SSRF, and unsafe jQuery pattern#724

Merged
openshift-merge-bot[bot] merged 1 commit intoopenshift:mainfrom
AlexNPavel:fix-security-scanner-findings
Feb 10, 2026
Merged

Fix security scanner findings: XSS, SSRF, and unsafe jQuery pattern#724
openshift-merge-bot[bot] merged 1 commit intoopenshift:mainfrom
AlexNPavel:fix-security-scanner-findings

Conversation

@AlexNPavel
Copy link
Copy Markdown
Contributor

@AlexNPavel AlexNPavel commented Feb 10, 2026

  • Use html.EscapeString instead of template.HTMLEscapeString for user input in http_compare.go (XSS, HIGH)
  • Validate issue_key and comment_id formats before URL interpolation in bot_comments_cleaner.py (SSRF, MEDIUM)
  • Route string selectors through document.querySelectorAll in jquery.dataTables.js to prevent HTML interpretation (LOW)
  • Add pycache/ to .gitignore

@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 10, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Feb 10, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@AlexNPavel
Copy link
Copy Markdown
Contributor Author

AlexNPavel commented Feb 10, 2026

/test security

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 10, 2026
@AlexNPavel AlexNPavel force-pushed the fix-security-scanner-findings branch from b5fb1c3 to 201c7a1 Compare February 10, 2026 18:34
@AlexNPavel
Copy link
Copy Markdown
Contributor Author

AlexNPavel commented Feb 10, 2026

/test security

@AlexNPavel
Copy link
Copy Markdown
Contributor Author

AlexNPavel commented Feb 10, 2026

/test all

@AlexNPavel AlexNPavel marked this pull request as ready for review February 10, 2026 19:08
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 10, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Feb 10, 2026

@AlexNPavel: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Feb 10, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Feb 10, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: AlexNPavel, bradmwilliams

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:
  • OWNERS [AlexNPavel,bradmwilliams]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot Bot merged commit 2e607fe into openshift:main Feb 10, 2026
8 checks passed
@AlexNPavel AlexNPavel deleted the fix-security-scanner-findings branch February 10, 2026 22:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bradmwilliams bradmwilliams bradmwilliams approved these changes

@hoxhaeris hoxhaeris Awaiting requested review from hoxhaeris

Assignees

@bradmwilliams bradmwilliams

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AlexNPavel @bradmwilliams