Fix bug by encoding security policy URIs (!86082) · Merge requests · GitLab.org / GitLab

Alexander Turinske requested to merge 360482-encode-policy-names-for-url into master Apr 27, 2022

What does this MR do and why?

Fix bug by encoding security policy URIs

for security policies whose name contain characters that should be encoded (e.g. /), those characters were not being encoded leading to 404s
encode special characters for URI
Update encoding of merge request settings patg
scan result edit path needed encoding for slashes
update tests

Changelog: fixed

EE: true

Screenshots or screen recordings

Page	Before	After
Scan Execution from `Security & Compliances` => `Policies`
Scan Result from project => `Settings` => `General` => `Merge request approvals`

How to set up and validate locally

Upload a GitLab Ultimate license
Navigate to a project => Security & Compliance => Policies => New policy
Create a policy with all sorts of weird characters (e.g. /, -, , etcetera)
Save the policy and merge the resulting MR
Navigate back to the project => Security & Compliance => Policies => select newly created policy => Edit policy
Ensure there isn't a 404

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Apr 28, 2022 by Alexander Turinske

Fix bug by encoding security policy URIs

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports