diff --git a/.github/scripts/helpers/validation.js b/.github/scripts/helpers/validation.js index d29d098ea..3679e9176 100644 --- a/.github/scripts/helpers/validation.js +++ b/.github/scripts/helpers/validation.js @@ -32,7 +32,7 @@ function isNonNegativeInteger(value) { * @returns {boolean} */ function isSafeSearchToken(value) { - return typeof value === 'string' && /^[a-zA-Z0-9._/-]+$/.test(value); + return typeof value === 'string' && /^[a-zA-Z0-9._/-]+(\[bot\])?$/.test(value); } /** diff --git a/.github/scripts/tests/test-api.js b/.github/scripts/tests/test-api.js index e8786d0e6..43a637905 100644 --- a/.github/scripts/tests/test-api.js +++ b/.github/scripts/tests/test-api.js @@ -15,6 +15,7 @@ const { hasLabel, } = require('../helpers/api'); const { LABELS } = require('../helpers/constants'); +const { isSafeSearchToken } = require('../helpers/validation'); // ============================================================================= // MOCK FACTORY @@ -457,6 +458,34 @@ const unitTests = [ return calls.labelsRemoved.length === 0 && calls.labelsAdded.length === 0; }, }, + + // --------------------------------------------------------------------------- + // SafeSearchToken + // --------------------------------------------------------------------------- + { + name: 'isSafeSearchToken: dependabot[bot] → true', + test: () => isSafeSearchToken('dependabot[bot]') === true, + }, + { + name: 'isSafeSearchToken: string with spaces → false', + test: () => isSafeSearchToken('bad username') === false, + }, + { + name: 'isSafeSearchToken: string with bad characters → false', + test: () => isSafeSearchToken('bad') === false, + }, + { + name: 'isSafeSearchToken: string with bad characters → false', + test: () => isSafeSearchToken('bad;username') === false, + }, + { + name: 'isSafeSearchToken: string with brackets but not bot inside → false', + test: () => isSafeSearchToken('bad[admin]') === false, + }, + { + name: 'isSafeSearchToken: string with multiple brackets → false', + test: () => isSafeSearchToken('bad[[admin]') === false, + }, ]; // =============================================================================