fix(github): Sanitize mentions in commit bodies (#30842)

renovatebot · Aug 20, 2024 · 0220eb7 · 0220eb7
1 parent 0b3ba6f
commit 0220eb7
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 0 deletions.
diff --git a/lib/modules/platform/github/scm.spec.ts b/lib/modules/platform/github/scm.spec.ts
@@ -73,4 +73,39 @@ describe('modules/platform/github/scm', () => {
       platformCommit: 'auto',
     });
   });
+
+  describe('sanitize mentions in commit messages', () => {
+    it('single string', async () => {
+      await githubScm.commitAndPush({
+        ...commitObj,
+        message: 'Use @octokit to irritate @octocat',
+        platformCommit: 'enabled',
+      });
+
+      expect(git.commitFiles).not.toHaveBeenCalled();
+      expect(github.commitFiles).toHaveBeenCalledWith({
+        ...commitObj,
+        message: 'Use @\u{8203}octokit to irritate @\u{8203}octocat',
+        platformCommit: 'enabled',
+      });
+    });
+
+    it('array of string', async () => {
+      await githubScm.commitAndPush({
+        ...commitObj,
+        message: ['Use @octokit', 'It automates the way we irritate @octocat'],
+        platformCommit: 'enabled',
+      });
+
+      expect(git.commitFiles).not.toHaveBeenCalled();
+      expect(github.commitFiles).toHaveBeenCalledWith({
+        ...commitObj,
+        message: [
+          'Use @\u{8203}octokit',
+          'It automates the way we irritate @\u{8203}octocat',
+        ],
+        platformCommit: 'enabled',
+      });
+    });
+  });
 });
diff --git a/lib/modules/platform/github/scm.ts b/lib/modules/platform/github/scm.ts
@@ -1,8 +1,13 @@
+import is from '@sindresorhus/is';
 import * as git from '../../../util/git';
 import type { CommitFilesConfig, LongCommitSha } from '../../../util/git/types';
 import { DefaultGitScm } from '../default-scm';
 import { commitFiles, isGHApp } from './';
 
+export function sanitizeMentions(input: string): string {
+  return input.replaceAll('@', '@\u{8203}');
+}
+
 export class GithubScm extends DefaultGitScm {
   override commitAndPush(
     commitConfig: CommitFilesConfig,
@@ -12,6 +17,11 @@ export class GithubScm extends DefaultGitScm {
       platformCommit = 'enabled';
     }
 
+    const sanitizedMessage = is.array(commitConfig.message)
+      ? commitConfig.message.map(sanitizeMentions)
+      : sanitizeMentions(commitConfig.message);
+    commitConfig.message = sanitizedMessage;
+
     return platformCommit === 'enabled'
       ? commitFiles(commitConfig)
       : git.commitFiles(commitConfig);