Sanitize link markup for vulnerability chat messages

Changelog: security EE: true

Sanitize link markup for vulnerability chat messages
Changelog: security EE: true
60913a4b · Andy Soiron · d7c3f9ba · 60913a4b · 60913a4b
Commit 60913a4b authored Jan 19, 2022 by Andy Soiron
2 changed files
--- a/ee/app/models/integrations/chat_message/vulnerability_message.rb
+++ b/ee/app/models/integrations/chat_message/vulnerability_message.rb
@@ -19,7 +19,7 @@ module Integrations

      def attachments
        [{
-          title: title,
+          title: strip_markup(title),
          title_link: vulnerability_url,
          color: attachment_color,
          fields: attachment_fields

--- a/ee/spec/models/integrations/chat_message/vulnerability_message_spec.rb
+++ b/ee/spec/models/integrations/chat_message/vulnerability_message_spec.rb
@@ -31,6 +31,8 @@ RSpec.describe Integrations::ChatMessage::VulnerabilityMessage do
    }
  end

+  it_behaves_like Integrations::ChatMessage
+
  describe '#message' do
    it 'returns the correct message' do
      expect(subject.message).to eq("Vulnerability detected in [Foobar Project](https://git.example.com/random/foobar)")