Skip to content

fix: sanitize URL path before database lookup#3193

Open
aaniya22 wants to merge 1 commit into
Priyanshu-byte-coder:mainfrom
aaniya22:fix/repo-analytics-utils-sanitize-url-path
Open

fix: sanitize URL path before database lookup#3193
aaniya22 wants to merge 1 commit into
Priyanshu-byte-coder:mainfrom
aaniya22:fix/repo-analytics-utils-sanitize-url-path

Conversation

@aaniya22

Copy link
Copy Markdown

Summary

Fixes parseRepoParam in repo-analytics-utils.ts to normalise leading and consecutive slashes in "owner/repo" input before validating, instead of silently returning null for inputs like /owner/repo or owner//repo.

Closes #3032


Type of Change

  • 🐛 Bug fix (non-breaking change that fixes an issue)
  • ✨ New feature (non-breaking change that adds functionality)
  • 💥 Breaking change (fix or feature that changes existing behavior)
  • 📝 Documentation update
  • ♻️ Refactor / code cleanup (no functional change)
  • ⚡ Performance improvement
  • 🔒 Security fix
  • 🧪 Tests only

What Changed

  • src/lib/repo-analytics-utils.ts: parseRepoParam now strips a single leading slash and collapses consecutive slashes via regex before running the existing owner/repo validation regex
  • test/repo-analytics-utils-sanitize.test.ts (new): covers leading slash, double slashes, mixed slashes + surrounding spaces, and unchanged normal input

How to Test

  1. Checkout this branch
  2. Run npx vitest run test/repo-analytics-utils-sanitize.test.ts test/repo-analytics-utils.test.ts
  3. Confirm all 23 tests pass (19 pre-existing + 4 new)

Expected result: parseRepoParam("/owner/repo") and parseRepoParam("owner//repo") both return { owner: "owner", repo: "repo" } instead of null, while all pre-existing valid/invalid cases still behave the same.


Screenshots / Recordings

Not applicable — no UI impact, logic-only change.


Checklist

  • Linked the related issue above
  • Self-reviewed my own diff
  • No unnecessary console.log, debug code, or commented-out blocks
  • npm run lint passes locally
  • No TypeScript errors (npm run type-check)
  • Added or updated tests where applicable
  • Updated documentation / comments if behavior changed

Accessibility (UI changes only)

Not applicable — no UI impact.


Additional Context

None.

@github-actions github-actions Bot added gssoc26 GSSoC 2026 contribution type:bug GSSoC type bonus: bug fix type:testing GSSoC type bonus: tests (+10 pts) labels Jul 13, 2026
@github-actions github-actions Bot added type:feature GSSoC type bonus: new feature type:performance GSSoC type bonus: performance (+15 pts) labels Jul 13, 2026
@github-actions

Copy link
Copy Markdown

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

  • level:beginner — 20 pts
  • level:intermediate — 35 pts
  • level:advanced — 55 pts
  • level:critical — 80 pts

Quality (optional):

  • quality:clean — ×1.2 multiplier
  • quality:exceptional — ×1.5 multiplier

Validation (required to score):

  • gssoc:approved — counts for points
  • gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gssoc26 GSSoC 2026 contribution type:bug GSSoC type bonus: bug fix type:feature GSSoC type bonus: new feature type:performance GSSoC type bonus: performance (+15 pts) type:testing GSSoC type bonus: tests (+10 pts)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

fix : sanitize URL path before database lookup in repo-analytics-utils.ts

1 participant