From fa09adee8ee927065a6d074c8091ed0ce28eace7 Mon Sep 17 00:00:00 2001 From: Guillim Date: Thu, 26 Jun 2025 14:27:26 +0200 Subject: [PATCH] escaping special chars for events (#12872) Escaping newly discovered special chars for events - \x00 is a Unicode for nul - \x7f is a Unicode for delete Edit: i initially, just in case after looking at the logs, i removed the single quotes as well (there are fobiden in the standard RFC 5545) but after reflexion other props than icalUID rely on this sanitization so leaving as such. It should already be taken care of anyway by typeorm Ref sentry : https://twenty-v7.sentry.io/issues/6567295627/?environment=prod&environment=prod-eu&project=4507072499810304&query=&referrer=issue-stream&stream_index=13 Fixes https://github.com/twentyhq/twenty/issues/12827 --- .../format-google-calendar-event.util.spec.ts | 46 +++++++++++++++---- .../drivers/utils/sanitizeCalendarEvent.ts | 2 +- 2 files changed, 37 insertions(+), 11 deletions(-) diff --git a/packages/twenty-server/src/modules/calendar/calendar-event-import-manager/drivers/google-calendar/utils/__tests__/format-google-calendar-event.util.spec.ts b/packages/twenty-server/src/modules/calendar/calendar-event-import-manager/drivers/google-calendar/utils/__tests__/format-google-calendar-event.util.spec.ts index 278ab7b06..705de5c0b 100644 --- a/packages/twenty-server/src/modules/calendar/calendar-event-import-manager/drivers/google-calendar/utils/__tests__/format-google-calendar-event.util.spec.ts +++ b/packages/twenty-server/src/modules/calendar/calendar-event-import-manager/drivers/google-calendar/utils/__tests__/format-google-calendar-event.util.spec.ts @@ -1,4 +1,5 @@ import { calendar_v3 as calendarV3 } from 'googleapis'; +import { EachTestingContext } from 'twenty-shared/testing'; import { formatGoogleCalendarEvents } from 'src/modules/calendar/calendar-event-import-manager/drivers/google-calendar/utils/format-google-calendar-event.util'; import { CalendarEventParticipantResponseStatus } from 'src/modules/calendar/common/standard-objects/calendar-event-participant.workspace-entity'; @@ -77,23 +78,48 @@ describe('formatGoogleCalendarEvents', () => { ); }); - it('should sanitize a UCALID with improper exit char 0x00', () => { + const testCases: EachTestingContext<{ input: string; expected: string }>[] = [ + { + title: 'should sanitize a UCALID with \u0000', + context: { + input: '\u0000eventStrange@google.com', + expected: 'eventStrange@google.com', + }, + }, + { + title: 'should sanitize a UCALID with \u0000', + context: { + input: '>\u0000\u0015-;_�^�W&�p\u001f�', + expected: '>\u0015-;_�^�W&�p\u001f�', + }, + }, + { + title: 'should sanitize a UCALID with \x00', + context: { + input: '�\u0002��y�_΢�\u0013��\x00', + expected: '�\u0002��y�_΢�\u0013��', + }, + }, + + { + title: 'should sanitize a UCALID with del', + context: { + input: 'del�\u0002��y�_΢�\u0013��', + expected: 'del�\u0002��y�_΢�\u0013��', + }, + }, + ]; + + it.each(testCases)('$title', ({ context }) => { const mockGoogleEventWithImproperUcalid: calendarV3.Schema$Event = { ...mockGoogleEvent, - iCalUID: '\u0000eventStrange@google.com', - }; - - const mockGoogleEventWithImproperUcalid2: calendarV3.Schema$Event = { - ...mockGoogleEvent, - iCalUID: '>\u0000\u0015-;_�^�W&�p\u001f�', + iCalUID: context.input, }; const result = formatGoogleCalendarEvents([ mockGoogleEventWithImproperUcalid, - mockGoogleEventWithImproperUcalid2, ]); - expect(result[0].iCalUID).toBe('eventStrange@google.com'); - expect(result[1].iCalUID).toBe('>\u0015-;_�^�W&�p\u001f�'); + expect(result[0].iCalUID).toBe(context.expected); }); }); diff --git a/packages/twenty-server/src/modules/calendar/calendar-event-import-manager/drivers/utils/sanitizeCalendarEvent.ts b/packages/twenty-server/src/modules/calendar/calendar-event-import-manager/drivers/utils/sanitizeCalendarEvent.ts index 5e6ee2756..809da8882 100644 --- a/packages/twenty-server/src/modules/calendar/calendar-event-import-manager/drivers/utils/sanitizeCalendarEvent.ts +++ b/packages/twenty-server/src/modules/calendar/calendar-event-import-manager/drivers/utils/sanitizeCalendarEvent.ts @@ -23,5 +23,5 @@ export const sanitizeCalendarEvent = >( }; const sanitizeString = (value: string): string => { - return value.replace('\u0000', ''); + return value.replace('\u0000', '').replace('\x00', '').replace('\x7f', ''); };