From 0c6acc5382b69231f1be0df260dc95132ad090ea Mon Sep 17 00:00:00 2001
From: Barry O'Neill <barra.oneill@gmail.com>
Date: Thu, 26 May 2022 22:45:39 -0400
Subject: [PATCH] sanitizedText

---
 .../io/laserdisc/slack4s/slack/package.scala  | 20 +++++++++++----
 .../slack/SlashCommandPayloadOpsSpec.scala    | 25 +++++++++++++++++++
 2 files changed, 40 insertions(+), 5 deletions(-)
 create mode 100644 src/test/scala/io/laserdisc/slack4s/slack/SlashCommandPayloadOpsSpec.scala

diff --git a/src/main/scala/io/laserdisc/slack4s/slack/package.scala b/src/main/scala/io/laserdisc/slack4s/slack/package.scala
index 9bcdbef..7c74a3f 100644
--- a/src/main/scala/io/laserdisc/slack4s/slack/package.scala
+++ b/src/main/scala/io/laserdisc/slack4s/slack/package.scala
@@ -8,6 +8,7 @@ import com.slack.api.model.block.element._
 import io.laserdisc.slack4s.slashcmd.URL
 
 import scala.jdk.CollectionConverters._
+import scala.util.matching.Regex
 
 package object slack {
 
@@ -117,16 +118,25 @@ package object slack {
 
   implicit class SlashCommandPayloadOps(val p: SlashCommandPayload) extends AnyVal {
 
-    /* Trying a hack to get a (relatively) unique & short request ID using triggerID
-     * Trigger IDs are a period-separated sequence of alphanumerics of which the third
-     * appears distinctly random.  We'll try just using the last few chars, and see if
-     * it's random _enough_ to differentiate a slackbot's requests */
+    /** A hack to get a (relatively) unique & short request ID using triggerID Trigger IDs are a period-separated sequence of alphanumerics
+      * of which the third appears distinctly random. We'll try just using the last few chars, and see if it's random _enough_ to
+      * differentiate a slackbot's requests
+      */
     def requestId: String =
       Option(p.getTriggerId)
         .map(_.trim.takeRight(8))
-        .filter(!_.isEmpty)
+        .filter(_.nonEmpty)
         .getOrElse("n/a")
 
+    /** Load the sanitized payload text, where all characters not matching the regex are dropped
+      * @param regex
+      *   Match 'safe' characters. Default is alphanumeric, dashes and spaces: `"[^A-Za-z0-9\\-\\s]"`
+      */
+    def sanitizedText(regex: Regex = "[^A-Za-z0-9\\-\\s]".r): String =
+      Option(p.getText)
+        .map(_.trim)
+        .map(_.replaceAll(regex.regex, ""))
+        .getOrElse("")
   }
 
 }
diff --git a/src/test/scala/io/laserdisc/slack4s/slack/SlashCommandPayloadOpsSpec.scala b/src/test/scala/io/laserdisc/slack4s/slack/SlashCommandPayloadOpsSpec.scala
new file mode 100644
index 0000000..e35c860
--- /dev/null
+++ b/src/test/scala/io/laserdisc/slack4s/slack/SlashCommandPayloadOpsSpec.scala
@@ -0,0 +1,25 @@
+package io.laserdisc.slack4s.slack
+
+import com.slack.api.app_backend.slash_commands.payload.SlashCommandPayload
+import munit.FunSuite
+
+class SlashCommandPayloadOpsSpec extends FunSuite {
+
+  test("SlashCommandPayloadOps should properly sanitize input text") {
+
+    assertEquals(mkCmd("hello there").sanitizedText(), "hello there")
+    assertEquals(mkCmd("pt *234234*").sanitizedText(), "pt 234234")
+    assertEquals(mkCmd("pt `234234`").sanitizedText(), "pt 234234")
+    assertEquals(mkCmd("pt `234234`   ").sanitizedText(), "pt 234234")
+    assertEquals(mkCmd("  pt 234234  ").sanitizedText(), "pt 234234")
+
+  }
+
+  def mkCmd(txt: String): SlashCommandPayload = {
+    // the slack SDK forces mutability..
+    val cmd = new SlashCommandPayload()
+    cmd.setText(txt)
+    cmd
+  }
+
+}