in src/github/api/graphql-data-fetcher.ts [137:176]
async fetchIssueData(owner: string, repo: string, issueNumber: number, triggerTime?: string) {
const response = await this.executeGraphQLWithRetry<IssueQueryResponse>(
ISSUE_QUERY,
{
owner,
repo,
number: issueNumber
}
);
const issue = response.repository.issue;
// Filter timeline comments to trigger time
const filteredTimelineNodes = filterCommentsToTriggerTime(
issue.timelineItems.nodes,
triggerTime
);
// Check if body is safe to use
const bodyIsSafe = isBodySafeToUse(issue, triggerTime);
if (!bodyIsSafe) {
console.warn(
`Security: Issue #${issueNumber} body was edited after the trigger event. ` +
`Excluding body content to prevent potential injection attacks.`
);
}
// Create filtered issue object
const filteredIssue: GraphQLIssue = {
...issue,
body: bodyIsSafe ? issue.body : "",
timelineItems: {
nodes: filteredTimelineNodes
}
};
return {
issue: filteredIssue
};
}