Update WebHookLog URL sanitisation to support masked segments (!130664) · Merge requests · GitLab.org / GitLab

James Nutt requested to merge jnutt/testhooks into master Aug 31, 2023

What does this MR do and why?

This MR attempts to address #424339 (closed) by refactoring the WebHookLog model to rely on the sanitisation provided by UrlSanitizer rather than SafeUrl and adding support for masked segments in URLs.

This resolves an issue where a user creates a webhook with masked URL portions and encounters an unhandled exception when attempting to test it.

How to set up and validate locally

Open a project.
Go to Settings -> Webhooks and create a hook.
Enter http://example.com/hook in the URL field.
Enable masking, with example.com -> domain.
Enable the hook for issue events. I don't think the specific choice matters.
Save the hook, click 'Test' and select 'Issues events'

Before: Invalid character in host: '{domain}'

After: "Hook executed successfully but returned HTTP 404"

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Sep 06, 2023 by James Nutt

Update WebHookLog URL sanitisation to support masked segments

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports