Issue 543 error displaying username with underscore (lnp2pBot#586)

* Escape underscore on dispute message for admin solver and add unit tests

* Update TG id for translation

* Resolve linter errors

* Updated package-json with proxiquiry module

* Fix error UnknownArrayOrTuple

* Test QL security fix

* 2nd attempt CodeQL issue

* 3rd attempt CodeQL issue

* 4th attempt CodeQL issue

* Update the MD sanitize with implemented method and fix the issue in the translation file

* Update other languages translations

---------

Co-authored-by: Daniel Candia Flores <[email protected]>

Author: danfercf1

bot/modules/dispute/messages.js

@@ -1,4 +1,4 @@
-const { getDisputeChannel, getDetailedOrder } = require('../../../util');
+const { getDisputeChannel, getDetailedOrder, sanitizeMD } = require('../../../util');
 const { logger } = require('../../../logger');
 
 exports.beginDispute = async (ctx, initiator, order, buyer, seller) => {
@@ -87,11 +87,18 @@ exports.disputeData = async (
     }
 
     const detailedOrder = getDetailedOrder(ctx.i18n, order, buyer, seller);
+
+    // Fix Issue 543: Escape underscores in usernames
+    const escapedInitiatorUsername = sanitizeMD(initiatorUser.username);
+    const escapedCounterPartyUsername = sanitizeMD(counterPartyUser.username);
+    
     await ctx.telegram.sendMessage(
       solver.tg_id,
       ctx.i18n.t('dispute_started_channel', {
-        initiatorUser,
-        counterPartyUser,
+        initiatorUser: { ...initiatorUser, username: escapedInitiatorUsername },
+        initiatorTgId: initiatorUser.tg_id,
+        counterPartyUser: { ...counterPartyUser, username: escapedCounterPartyUsername },
+        counterPartyUserTgId: counterPartyUser.tg_id,
         buyer,
         seller,
         buyerDisputes,
@@ -108,14 +115,14 @@ exports.disputeData = async (
     await ctx.telegram.sendMessage(
       buyer.tg_id,
       ctx.i18n.t('dispute_solver', {
-        solver: solver.username,
+        solver: sanitizeMD(solver.username),
         token: order.buyer_dispute_token,
       })
     );
     await ctx.telegram.sendMessage(
       seller.tg_id,
       ctx.i18n.t('dispute_solver', {
-        solver: solver.username,
+        solver: sanitizeMD(solver.username),
         token: order.seller_dispute_token,
       })
     );

locales/de.yaml

@@ -202,8 +202,8 @@ order_detail: |
 seller: Käufer
 buyer: Verkäufer
 dispute_started_channel: |
-  Benutzer ${type} @${initiatorUser.username} 
-  hat einen Streitfall mit @${counterPartyUser.username} für den folgenden Auftrag eröffnet 
+  Benutzer ${type} @${initiatorUser.username} TG ID: ${initiatorTgId} 
+  hat einen Streitfall mit @${counterPartyUser.username} TG ID: ${counterPartyUserTgId} für den folgenden Auftrag eröffnet 
 
   ${detailedOrder}
 

locales/en.yaml

@@ -204,8 +204,8 @@ order_detail: |
 seller: seller
 buyer: buyer
 dispute_started_channel: |
-  User ${type} @${initiatorUser.username} 
-  has started a dispute with @${counterPartyUser.username} for the order
+  User ${type} @${initiatorUser.username} TG ID: ${initiatorTgId}
+  has started a dispute with @${counterPartyUser.username} TG ID: ${counterPartyUserTgId} for the order
 
   ${detailedOrder}
 

locales/es.yaml

@@ -202,16 +202,16 @@ order_detail: |
 seller: vendedor
 buyer: comprador
 dispute_started_channel: |
-  El ${type} @${initiatorUser.username}
-  ha iniciado una disputa con @${counterPartyUser.username} en la orden:
+  El ${type} @${initiatorUser.username} TG ID: ${initiatorTgId}
+  ha iniciado una disputa con @${counterPartyUser.username} TG ID: ${counterPartyUserTgId} en la orden:
 
   ${detailedOrder}
 
   Seller Token: ${sellerToken}
   Buyer Token: ${buyerToken}
 
-  @${buyer.username} ya tiene ${buyerDisputes} disputas
-  @${seller.username} ya tiene ${sellerDisputes} disputas
+  @${initiatorUser.username} ya tiene ${buyerDisputes} disputas
+  @${counterPartyUser.username} ya tiene ${sellerDisputes} disputas
 you_started: '🥴 Has iniciado una disputa en tu orden con Id: ${orderId}.'
 counterpart_started: '🥴 Tu contraparte ha iniciado una disputa en tu orden con Id: ${orderId}.'
 dispute_started: '${who} Un solver te atenderá pronto, cuando él/la solver sea asignado a tu disputa el bot te dirá su username, solo él/ella podrá atenderte. Puedes escribirle directamente, pero si él/ella te contacta primero, debes pedirle que te diga cuál es el token de tu disputa, tu token es: ${token}.'

locales/fa.yaml

@@ -204,8 +204,8 @@ order_detail: |
 seller: seller
 buyer: buyer
 dispute_started_channel: |
-  کاربر ${type} @${initiatorUser.username} 
-  بابت سفارش زیر یک مشاجره را با کاربر @${counterPartyUser.username}آغاز کرده 
+  کاربر ${type} @${initiatorUser.username} TG ID: ${initiatorTgId} 
+  بابت سفارش زیر یک مشاجره را با کاربر @${counterPartyUser.username} TG ID: ${counterPartyUserTgId} آغاز کرده 
 
   ${detailedOrder}
 

locales/fr.yaml

@@ -204,8 +204,8 @@ order_detail: |
 seller: vendeur
 buyer: acheteur
 dispute_started_channel: |
-  L'utilisateur ${type} @${initiatorUser.username} 
-  à déclenché un litige avec @${counterPartyUser.username} concernant l'offre 
+  L'utilisateur ${type} @${initiatorUser.username} TG ID: ${initiatorTgId} 
+  à déclenché un litige avec @${counterPartyUser.username} TG ID: ${counterPartyUserTgId} concernant l'offre 
 
   ${detailedOrder}
 

locales/it.yaml

@@ -202,8 +202,8 @@ order_detail: |
 seller: venditore
 buyer: acquirente
 dispute_started_channel: |
-  User ${type} @${initiatorUser.username}
-  ha iniziato una disputa con @${counterPartyUser.username} per l'ordine
+  User ${type} @${initiatorUser.username} TG ID: ${initiatorTgId}
+  ha iniziato una disputa con @${counterPartyUser.username} TG ID: ${counterPartyUserTgId} per l'ordine
 
   ${detailedOrder}
 

locales/ko.yaml

@@ -203,8 +203,8 @@ order_detail: |
 seller: 판매자
 buyer: 구매자
 dispute_started_channel: |
-  사용자 ${type} @${initiatorUser.username} 
-  님께서 @${counterPartyUser.username}와의 분쟁 조정을 시작하였습니다. 주문 상세 내역은 다음과 같습니다.
+  사용자 ${type} @${initiatorUser.username} TG ID: ${initiatorTgId} 
+  님께서 @${counterPartyUser.username} TG ID: ${counterPartyUserTgId} 와의 분쟁 조정을 시작하였습니다. 주문 상세 내역은 다음과 같습니다.
 
   ${detailedOrder}
 

locales/pt.yaml

@@ -201,8 +201,8 @@ order_detail: |
 seller: vendedora
 buyer: compradora
 dispute_started_channel: |
-  Usuário ${type} @${initiatorUser.username} 
-  iniciou uma disputa com @${counterPartyUser.username} para o pedido
+  Usuário ${type} @${initiatorUser.username} TG ID: ${initiatorTgId} 
+  iniciou uma disputa com @${counterPartyUser.username} TG ID: ${counterPartyUserTgId} para o pedido
 
   ${detailedOrder}
 

locales/ru.yaml

@@ -201,8 +201,8 @@ order_detail: |
 seller: продавец
 buyer: покупатель
 dispute_started_channel: |
-  ${type} @${initiatorUser.username}
-  инициировал разбирательство с @${counterPartyUser.username} относительно заявки:
+  ${type} @${initiatorUser.username} TG ID: ${initiatorTgId} 
+  инициировал разбирательство с @${counterPartyUser.username} TG ID: ${counterPartyUserTgId} относительно заявки:
 
   ${detailedOrder}
 

locales/uk.yaml

@@ -201,8 +201,8 @@ order_detail: |
 seller: продавець
 buyer: покупець
 dispute_started_channel: |
-  ${type} @${initiatorUser.username}
-  ініціював диспут з @${counterPartyUser.username} щодо заявки:
+  ${type} @${initiatorUser.username} TG ID: ${initiatorTgId} 
+  ініціював диспут з @${counterPartyUser.username} TG ID: ${counterPartyUserTgId} щодо заявки:
 
   ${detailedOrder}