@@ -53,42 +53,26 @@ jobs:
5353 STATE=$(echo "$ALERTS" | jq -r '.[0] | .state')
5454
5555 # 5. Send Slack Notification
56- curl -X POST -H 'Content-type: application/json' --data "{
57- \"channel\": \"#docs-devdocs-notifications\",
58- \"username\": \"Dependabot Watchdog\",
59- \"icon_emoji\": \":rotating_light:\",
60- \"attachments\": [
61- {
62- \"color\": \"#D00000\",
63- \"blocks\": [
64- {
65- \"type\": \"section\",
66- \"text\": {
67- \"type\": \"mrkdwn\",
68- \"text\": \":rotating_light: *New Dependabot Alert Detected*\"
69- }
70- },
71- {
72- \"type\": \"section\",
73- \"fields\": [
74- {
75- \"type\": \"mrkdwn\",
76- \"text\": \"*Package:*\n$PACKAGE\"
77- },
78- {
79- \"type\": \"mrkdwn\",
80- \"text\": \"*Severity:*\n$SEVERITY\"
81- }
82- ]
83- },
84- {
85- \"type\": \"section\",
86- \"text\": {
87- \"type\": \"mrkdwn\",
88- \"text\": \"<$URL|View Alert on GitHub>\"
89- }
90- }
91- ]
92- }
93- ]
94- }" "$SLACK_WEBHOOK_URL"
56+ # Build message text using jq to safely handle user input
57+ MESSAGE_TEXT=$(jq -n \
58+ --arg repo "$REPO_NAME" \
59+ --arg title "$ISSUE_TITLE" \
60+ --arg user "$ISSUE_USER" \
61+ --arg url "$ISSUE_URL" \
62+ '*📢 New Dependabot Alert \($repo) 📢*\n\n*Issue Title:* \($title)\n*Opened By:* \($user)\n\n*View Issue:* \($url)')
63+
64+ # Build Slack payload
65+ SLACK_PAYLOAD=$(jq -n \
66+ --arg text "$MESSAGE_TEXT" \
67+ '{
68+ "channel": "#docs-devdocs-notifications",
69+ "username": "Security Vulnerability Slack Notification",
70+ "icon_emoji": ":rotating_light:",
71+ "text": $text
72+ }')
73+
74+ # Send to Slack
75+ curl -X POST \
76+ -H 'Content-type: application/json' \
77+ --data "$SLACK_PAYLOAD" \
78+ "$SLACK_WEBHOOK"
0 commit comments