From 32139f8f178a40e3aff155a5bc035157f2cfca42 Mon Sep 17 00:00:00 2001 From: tilpner Date: Fri, 29 May 2020 10:56:09 +0200 Subject: atom: entity-escape some user-defined input --- Cargo.lock | 1 + Cargo.toml | 1 + src/atom.rs | 45 +++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 57b53a9..e707082 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -530,6 +530,7 @@ dependencies = [ "structopt 0.3.14 (registry+https://github.com/rust-lang/crates.io-index)", "tracing 0.1.14 (registry+https://github.com/rust-lang/crates.io-index)", "tracing-subscriber 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)", + "url 2.1.1 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 592719d..aea95c6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,6 +10,7 @@ serde = "1.0" reqwest = { version = "0.10", features = [ "json" ] } structopt = "0.3" chrono = "0.4" +url = "2.1" futures = "0.3" smol = { version = "0.1", features = [ "tokio02" ] } diff --git a/src/atom.rs b/src/atom.rs index e87901d..f7e96ec 100644 --- a/src/atom.rs +++ b/src/atom.rs @@ -8,6 +8,7 @@ use atom_syndication::*; use anyhow::{ Result, Context }; use futures::{ Stream, StreamExt }; use chrono::{ Utc, TimeZone }; +use url::Url; use tracing::info; @@ -25,6 +26,24 @@ struct Issue { updated_at: i64 } +// Naive implementation of https://www.w3.org/TR/REC-xml/#syntax +fn entity_escape(from: &str) -> String { + let mut escaped = String::with_capacity(from.len()); + + for c in from.chars() { + match c { + '&' => escaped.push_str("&"), + '<' => escaped.push_str("<"), + '>' => escaped.push_str(">"), + '\'' => escaped.push_str("'"), + '"' => escaped.push_str("""), + any => escaped.push(any) + } + } + + escaped +} + async fn query_issues_for_label<'conn>(conn: &'conn mut Conn, repo_id: i64, label: &str) -> impl Stream> + 'conn { sqlx::query_as::<_, Issue>(r#" SELECT issues.number, state, title, body, user_login, html_url, updated_at FROM issues @@ -58,8 +77,8 @@ async fn issue_to_entry(conn: &mut Conn, repo_id: i64, issue: Issue) -> Result Result = query_issues_for_label(&mut conn, repo_id, &label).await .filter_map(|res| async { res.ok() }) -- cgit v1.2.3