Fix contractions in REST API CLI examples (#56178)

heiskr · web-flow · commit 8e99145a3816 · 2025-06-26T21:53:57.000Z
diff --git a/src/rest/components/get-rest-code-samples.ts b/src/rest/components/get-rest-code-samples.ts
@@ -4,6 +4,13 @@ import { stringify } from 'javascript-stringify'
 import type { CodeSample, Operation } from '@/rest/components/types'
 import { type VersionItem } from '@/frame/components/context/MainContext'
 
+// Helper function to escape shell values containing single quotes (contractions)
+// This prevents malformed shell commands when contractions like "there's" are used
+function escapeShellValue(value: string): string {
+  // Replace single quotes with '\'' to properly escape them in shell commands
+  return value.replace(/'/g, "'\\''")
+}
+
 type CodeExamples = Record<string, any>
 
 // If the content type is application/x-www-form-urlencoded the format of
@@ -77,10 +84,12 @@ export function getShellExample(
       if (bodyParameters && typeof bodyParameters === 'object' && !Array.isArray(bodyParameters)) {
         const paramNames = Object.keys(bodyParameters)
         paramNames.forEach((elem) => {
-          requestBodyParams = `${requestBodyParams} ${CURL_CONTENT_TYPE_MAPPING[contentType]} '${elem}=${bodyParameters[elem]}'`
+          const escapedValue = escapeShellValue(String(bodyParameters[elem]))
+          requestBodyParams = `${requestBodyParams} ${CURL_CONTENT_TYPE_MAPPING[contentType]} '${elem}=${escapedValue}'`
         })
       } else {
-        requestBodyParams = `${CURL_CONTENT_TYPE_MAPPING[contentType]} "${bodyParameters}"`
+        const escapedValue = escapeShellValue(String(bodyParameters))
+        requestBodyParams = `${CURL_CONTENT_TYPE_MAPPING[contentType]} "${escapedValue}"`
       }
     }
   }
@@ -210,7 +219,9 @@ function handleSingleParameter(
     separator = ''
   }
   if (typeof value === 'string') {
-    cliLine += ` -f "${keyString}${separator}${value}"`
+    // Escape single quotes in string values to prevent shell command issues with contractions
+    const escapedValue = escapeShellValue(value)
+    cliLine += ` -f '${keyString}${separator}${escapedValue}'`
   } else if (typeof value === 'number' || typeof value === 'boolean' || value === null) {
     cliLine += ` -F "${keyString}${separator}${value}"`
   } else if (Array.isArray(value)) {
diff --git a/src/rest/tests/cli-examples.js b/src/rest/tests/cli-examples.js
@@ -0,0 +1,167 @@
+import { describe, expect, test } from 'vitest'
+
+import { getGHExample, getShellExample } from '../components/get-rest-code-samples.ts'
+
+describe('CLI examples generation', () => {
+  const mockOperation = {
+    verb: 'patch',
+    requestPath: '/repos/{owner}/{repo}/code-scanning/alerts/{alert_number}',
+    serverUrl: 'https://api.github.com',
+    subcategory: 'code-scanning',
+    parameters: [],
+  }
+
+  const mockVersions = {
+    'free-pro-team@latest': {
+      apiVersions: ['2022-11-28'],
+      latestApiVersion: '2022-11-28',
+    },
+  }
+
+  test('GitHub CLI example properly escapes contractions in string values', () => {
+    const codeSample = {
+      request: {
+        parameters: {
+          owner: 'OWNER',
+          repo: 'REPO',
+          alert_number: 'ALERT_NUMBER',
+        },
+        bodyParameters: {
+          state: 'dismissed',
+          dismissed_reason: 'false positive',
+          dismissed_comment:
+            "This alert is not actually correct, because there's a sanitizer included in the library.",
+        },
+      },
+    }
+
+    const result = getGHExample(mockOperation, codeSample, 'free-pro-team@latest', mockVersions)
+
+    // Check that the contraction is properly escaped
+    expect(result).toContain("there'\\''s")
+    // Ensure the command is properly formatted
+    expect(result).toContain('gh api')
+    expect(result).toContain('--method PATCH')
+    expect(result).toContain("-f 'dismissed_comment=")
+  })
+
+  test('cURL example properly escapes contractions in JSON body', () => {
+    const codeSample = {
+      request: {
+        parameters: {
+          owner: 'OWNER',
+          repo: 'REPO',
+          alert_number: 'ALERT_NUMBER',
+        },
+        bodyParameters: {
+          state: 'dismissed',
+          dismissed_reason: 'false positive',
+          dismissed_comment:
+            "This alert is not actually correct, because there's a sanitizer included in the library.",
+        },
+        contentType: 'application/json',
+      },
+    }
+
+    const result = getShellExample(mockOperation, codeSample, 'free-pro-team@latest', mockVersions)
+
+    // Check that the JSON string is properly escaped
+    expect(result).toContain("there'\\''s")
+    expect(result).toContain('curl -L')
+    expect(result).toContain('-X PATCH')
+  })
+
+  test('GitHub CLI example handles multiple contractions', () => {
+    const codeSample = {
+      request: {
+        parameters: {
+          owner: 'OWNER',
+          repo: 'REPO',
+        },
+        bodyParameters: {
+          title: "Here's what's wrong with the code",
+          body: "It's not working because there's an issue and we can't fix it",
+        },
+      },
+    }
+
+    const mockSimpleOperation = {
+      verb: 'post',
+      requestPath: '/repos/{owner}/{repo}/issues',
+      serverUrl: 'https://api.github.com',
+      subcategory: 'issues',
+      parameters: [],
+    }
+
+    const result = getGHExample(
+      mockSimpleOperation,
+      codeSample,
+      'free-pro-team@latest',
+      mockVersions,
+    )
+
+    // Check that all contractions are properly escaped
+    expect(result).toContain("Here'\\''s what'\\''s")
+    expect(result).toContain("It'\\''s not working")
+    expect(result).toContain("there'\\''s an issue")
+    expect(result).toContain("can'\\''t fix")
+  })
+
+  test('GitHub CLI example handles values without contractions normally', () => {
+    const codeSample = {
+      request: {
+        parameters: {
+          owner: 'OWNER',
+          repo: 'REPO',
+        },
+        bodyParameters: {
+          state: 'dismissed',
+          dismissed_reason: 'false positive',
+          dismissed_comment:
+            'This alert is not actually correct because there is a sanitizer included in the library.',
+        },
+      },
+    }
+
+    const result = getGHExample(mockOperation, codeSample, 'free-pro-team@latest', mockVersions)
+
+    // Check that normal text is not modified
+    expect(result).toContain('there is a sanitizer')
+    expect(result).not.toContain("'\\''")
+    expect(result).toContain('gh api')
+  })
+
+  test('cURL example with form data properly escapes contractions', () => {
+    const codeSample = {
+      request: {
+        parameters: {
+          owner: 'OWNER',
+          repo: 'REPO',
+        },
+        bodyParameters: {
+          comment: "Here's my feedback on this PR",
+        },
+        contentType: 'application/x-www-form-urlencoded',
+      },
+    }
+
+    const mockSimpleOperation = {
+      verb: 'post',
+      requestPath: '/repos/{owner}/{repo}/pulls/{pull_number}/reviews',
+      serverUrl: 'https://api.github.com',
+      subcategory: 'pulls',
+      parameters: [],
+    }
+
+    const result = getShellExample(
+      mockSimpleOperation,
+      codeSample,
+      'free-pro-team@latest',
+      mockVersions,
+    )
+
+    // Check that form data values are properly escaped
+    expect(result).toContain("Here'\\''s my feedback")
+    expect(result).toContain('--data-urlencode')
+  })
+})
