Merge branch 'issue_325184' into 'master'

Prevent prepending single quote to issue CSV exports See merge request gitlab-org/gitlab!62730

Merge branch 'issue_325184' into 'master'
Prevent prepending single quote to issue CSV exports See merge request gitlab-org/gitlab!62730
8da901cb · Sean McGivern · dcd07428 · b4d1a6ed · 8da901cb · 8da901cb
Commit 8da901cb authored Jun 02, 2021 by Sean McGivern
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 1 deletion

lib/csv_builder.rb lib/csv_builder.rb +1 -1

spec/lib/csv_builder_spec.rb spec/lib/csv_builder_spec.rb +12 -0

No files found.
--- a/lib/csv_builder.rb
+++ b/lib/csv_builder.rb
@@ -16,7 +16,7 @@
 class CsvBuilder
  DEFAULT_ORDER_BY = 'id'
  DEFAULT_BATCH_SIZE = 1000
-  PREFIX_REGEX = /^[=\+\-@;]/.freeze
+  PREFIX_REGEX = /\A[=\+\-@;]/.freeze

  attr_reader :rows_written


--- a/spec/lib/csv_builder_spec.rb
+++ b/spec/lib/csv_builder_spec.rb
@@ -105,5 +105,17 @@ RSpec.describe CsvBuilder do
      expect(csv_data).not_to include "'*safe_desc"
      expect(csv_data).not_to include "'*safe_title"
    end
+
+    context 'when dangerous characters are after a line break' do
+      it 'does not append single quote to description' do
+        fake_object = double(title: "Safe title", description: "With task list\n-[x] todo 1")
+        fake_relation = FakeRelation.new([fake_object])
+        builder = described_class.new(fake_relation, 'Title' => 'title', 'Description' => 'description')
+
+        csv_data = builder.render
+
+        expect(csv_data).to eq("Title,Description\nSafe title,\"With task list\n-[x] todo 1\"\n")
+      end
+    end
  end
 end