fix(pipeline): quote YAML scalar fields in buildFrontmatter to prevent injection

ingestion/internal/pipeline/build.go

@@ -48,7 +48,7 @@ func buildPage(rp RawPage, sourceSlug, date string) wiki.Page {
 func buildFrontmatter(rp RawPage, date string) string {
 	var sb strings.Builder
 	sb.WriteString("---\n")
-	fmt.Fprintf(&sb, "title: %s\n", rp.Title)
+	fmt.Fprintf(&sb, "title: %s\n", yamlScalar(rp.Title))
 
 	switch rp.Type {
 	case "source":
@@ -56,33 +56,37 @@ func buildFrontmatter(rp RawPage, date string) string {
 		if subtype == "" {
 			subtype = "article"
 		}
-		fmt.Fprintf(&sb, "type: %s\n", subtype)
+		fmt.Fprintf(&sb, "type: %s\n", yamlScalar(subtype))
 		if rp.Domain != "" {
-			fmt.Fprintf(&sb, "domain: %s\n", rp.Domain)
+			fmt.Fprintf(&sb, "domain: %s\n", yamlScalar(rp.Domain))
 		}
 		fmt.Fprintf(&sb, "date_ingested: %s\n", date)
 		fmt.Fprintf(&sb, "last_updated: %s\n", date)
 	case "concept":
 		if rp.Domain != "" {
-			fmt.Fprintf(&sb, "domain: %s\n", rp.Domain)
+			fmt.Fprintf(&sb, "domain: %s\n", yamlScalar(rp.Domain))
 		}
 		fmt.Fprintf(&sb, "last_updated: %s\n", date)
 	case "entity":
 		if rp.Subtype != "" {
-			fmt.Fprintf(&sb, "type: %s\n", rp.Subtype)
+			fmt.Fprintf(&sb, "type: %s\n", yamlScalar(rp.Subtype))
 		}
 		if rp.Domain != "" {
-			fmt.Fprintf(&sb, "domain: %s\n", rp.Domain)
+			fmt.Fprintf(&sb, "domain: %s\n", yamlScalar(rp.Domain))
 		}
 		fmt.Fprintf(&sb, "last_updated: %s\n", date)
 	default:
 		if rp.Domain != "" {
-			fmt.Fprintf(&sb, "domain: %s\n", rp.Domain)
+			fmt.Fprintf(&sb, "domain: %s\n", yamlScalar(rp.Domain))
 		}
 		fmt.Fprintf(&sb, "last_updated: %s\n", date)
 	}
 
-	fmt.Fprintf(&sb, "aliases:\n  - %s\n", rp.Title)
+	fmt.Fprintf(&sb, "aliases:\n  - %s\n", yamlScalar(rp.Title))
 	sb.WriteString("---\n")
 	return sb.String()
 }
+
+func yamlScalar(s string) string {
+	return "'" + strings.ReplaceAll(s, "'", "''") + "'"
+}