Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't use rexml for the JUnit formatter #374

Merged
merged 1 commit into from
Sep 18, 2024

Conversation

Earlopain
Copy link
Contributor

Closes #371
Follows rubocop/rubocop#13165

This leaves the output mostly the same, except that text is no longer wrapped in CDATA. Some things possibly need to be escaped now, and CDATA has different escaping needs. So, just use the same escaping everywhere

@@ -4,7 +4,6 @@
require "spec_utils"
require "erb_lint/cli"
require "erb_lint/cache"
require "pp"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is needed. Somehow the load order is now different, so this now runs into fakefs/fakefs#215

Copy link
Member

@etiennebarrie etiennebarrie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, a few comments about escaping.
What you're doing seems safe but still, let's always escape whole strings.

else
offenses.each do |offense|
type = offense.simple_name
message = "#{type}: #{xml_escape(offense.message)}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we escape the whole string instead?


puts %( <testcase name="#{filename}" file="#{filename}" lineno="#{offense.line_number}">)
puts %( <failure message="#{message}" type="#{type}">)
puts %( #{message} at #{filename}:#{offense.line_number}:#{offense.column})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here, instead of separately escaping message and filename, can we escape the whole string once?

testsuite_element.add_element(create_properties)
puts %( <properties>)
PROPERTIES.each do |key, value|
puts %( <property name="#{key}" value="#{value}"/>)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's little risk but we should still be escaping all the attributes we pass IMO.

Closes Shopify#371
Follows rubocop/rubocop#13165

This leaves the output mostly the same, except that text is no longer wrapped in CDATA.
Some things possibly need to be escaped now, and CDATA has different escaping needs.
So, just use the same escaping everywhere
@Earlopain
Copy link
Contributor Author

What you're doing seems safe but still, let's always escape whole strings.

Yeah, sure. It shouldn't matter much. I just added escaping to pretty much everything now.

@etiennebarrie etiennebarrie merged commit 93a6524 into Shopify:main Sep 18, 2024
6 checks passed
@Earlopain Earlopain deleted the junit-no-rexml branch September 18, 2024 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support RuboCop v1.65.1
2 participants