From b293337fc7b72f8144dba6ab623ac328b9862782 Mon Sep 17 00:00:00 2001 From: Filipe Brandenburger Date: Mon, 7 Jan 2019 16:40:59 -0800 Subject: [PATCH] Restrict User/Org object to only include whitelisted fields --- lib/jekyll-github-metadata/repository.rb | 56 +++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/lib/jekyll-github-metadata/repository.rb b/lib/jekyll-github-metadata/repository.rb index 243c980..d56595f 100644 --- a/lib/jekyll-github-metadata/repository.rb +++ b/lib/jekyll-github-metadata/repository.rb @@ -62,8 +62,62 @@ def repo_pages_info_opts end end + # Whitelisted keys for Organizations and Users + WHITELISTED_ORGANIZATION_KEYS = Set.new([ + :login, + :id, + :node_id, + :url, + :avatar_url, + :description, + :name, + :company, + :blog, + :location, + :email, + :is_verified, + :has_organization_projects, + :has_repository_projects, + :public_repos, + :public_gists, + :followers, + :following, + :html_url, + :created_at, + :type, + :collaborators, + ]) + + WHITELISTED_USER_KEYS = Set.new([ + :login, + :id, + :node_id, + :avatar_url, + :html_url, + :type, + :site_admin, + :name, + :company, + :blog, + :location, + :bio, + :public_repos, + :public_gists, + :followers, + :following, + :created_at, + :updated_at, + ]) + def owner_metadata - memoize_value :@owner_metadata, Value.new(proc { |c| c.organization(owner) || c.user(owner) }) + memoize_value :@owner_metadata, Value.new(proc { |c| + org = c.organization(owner) + if org + org.to_h.select { |k, _| WHITELISTED_ORGANIZATION_KEYS.include? k } + else + c.user(owner).to_h.select { |k, _| WHITELISTED_USER_KEYS.include? k } + end + }) end def owner_url