EISSWSCN-34439 Actions loaded are missing hyphens (#12)

* Merge branch 'main' of https://github.com/GetTuh/load-available-actions-gettuh

* update main.ts

* update main.ts and utils.ts

* Remove sanitize

* Disable sanitizaiton test

* Uploading as artifact

* switch sanitize to opening/closing tags

* Adjusted tests & bug fix

* Revert testing changes

* Removed redundant logs

* bugfix: replace only one occurence

Author: Jakub N

.github/workflows/testing.yml

@@ -65,7 +65,7 @@ jobs:
             exit 1
           fi
 
-      # upload the second result file as an artefact 
+      # upload the first result file as an artefact 
       - name: Upload result file as artefact
         if: always()
         uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2

__tests__/utils.test.ts

@@ -15,31 +15,31 @@ test(`check parseYAML with normal strings`, () => {
     const content = `
   name: 'test-name'
   author: 'test-author'
-  description: 'testing'
+  description: 'email@testing.com-+-'
   runs:\n    using: 'test'`
     const filePath = 'test'
     const result = parseYAML(filePath, 'test', content)
 
-    expect(result.name).toBe('testname')
-    expect(result.author).toBe('testauthor')
-    expect(result.description).toBe('testing')
+    expect(result.name).toBe('test-name')
+    expect(result.author).toBe('test-author')
+    expect(result.description).toBe('email@testing.com-+-')
     expect(result.using).toBe('test')
   })
 
-test(`check parseYAML with quoted strings`, () => {
+test(`check parseYAML with greater/less than`, () => {
     const content = `
-  name: 'test "name"'
-  author: 'test "author"'
-  description: 'testing "with quotes"'
+  name: '<test script="injection">'
+  author: '<injection test in author>'
+  description: '<injection test in description>'
   runs:\n    using: 'testwithquote"'
   `
 
     const filePath = 'test'
     const result = parseYAML(filePath, 'test', content)
 
-    expect(result.name).toBe('test name')
-    expect(result.author).toBe('test author')
-    expect(result.description).toBe('testing with quotes')
+    expect(result.name).toBe('&#60;test script="injection"&#62;')
+    expect(result.author).toBe('&#60;injection test in author&#62;')
+    expect(result.description).toBe('&#60;injection test in description&#62;')
     expect(result.using).toBe('testwithquote')
   })
 

src/main.ts

@@ -99,27 +99,22 @@ async function run(): Promise<void> {
     core.setFailed(`Error running action: : ${error.message}`)
   }
 }
-
-export class ActionContent {
+class ContentBase{
   name: string | undefined
-  owner: string | undefined
   repo: string | undefined
   downloadUrl: string | undefined
-  author: string | undefined
   description: string | undefined
   forkedfrom: string | undefined
+  isArchived: boolean | undefined
+}
+export class ActionContent extends ContentBase{
+  owner: string | undefined
+  author: string | undefined
   readme: string | undefined
   using: string | undefined
-  isArchived: boolean | undefined
 }
 
-export class WorkflowContent {
-  name: string | undefined
-  repo: string | undefined
-  downloadUrl: string | undefined
-  description: string | undefined
-  forkedfrom: string | undefined
-  isArchived: boolean | undefined
+export class WorkflowContent extends ContentBase{
   visibility: string | undefined
 }
 
@@ -131,6 +126,7 @@ async function getAllActions(
 
   // get all action files (action.yml and action.yaml) from the user or organization
   let actionFiles = await getAllNormalActions(client, user, organization, isEnterpriseServer)
+
   // load the information inside of the action definition files
   actionFiles = await enrichActionFiles(client, actionFiles)
 
@@ -580,7 +576,6 @@ async function getAllActionsUsingSearch(
     const filePath = searchResult[index].path
     const repoName = searchResult[index].repository.name
     const repoOwner = searchResult[index].repository.owner.login
-
     // Push file to action list if filename matches action.yaml or action.yml
     if (fileName == 'action.yaml' || fileName == 'action.yml') {
       core.info(`Found action in ${repoName}/${filePath}`)

src/utils.ts

@@ -22,11 +22,9 @@ export function parseYAML(
 
   try {
     const parsed = YAML.parse(content)
-    name = parsed.name ? sanitize(parsed.name) : defaultValue
-    author = parsed.author ? sanitize(parsed.author) : defaultValue
-    description = parsed.description
-      ? sanitize(parsed.description)
-      : defaultValue
+    name = removeGreaterLessThan(parsed.name) || defaultValue
+    author = removeGreaterLessThan(parsed.author) || defaultValue
+    description = removeGreaterLessThan(parsed.description) ||  defaultValue
 
     if (parsed.runs) {
       using = parsed.runs.using ? sanitize(parsed.runs.using) : defaultValue
@@ -45,6 +43,7 @@ export function parseYAML(
   }
   return {name, author, description, using}
 }
+const removeGreaterLessThan = (item:string) => item.replace(/\>/g,'&#62;').replace(/\</g,'&#60;')
 
 export function sanitize(value: string) {
   return string.sanitize.keepSpace(value)