Skip to content

Fix bug by encoding security policy URIs

Alexander Turinske requested to merge 360482-encode-policy-names-for-url into master

What does this MR do and why?

Fix bug by encoding security policy URIs

  • for security policies whose name contain characters that should be encoded (e.g. /), those characters were not being encoded leading to 404s
  • encode special characters for URI
  • Update encoding of merge request settings patg
  • scan result edit path needed encoding for slashes
  • update tests

Changelog: fixed

EE: true

Related to #360482 (closed)

Screenshots or screen recordings

Page Before After
Scan Execution from Security & Compliances => Policies encode_before encode_after
Scan Result from project => Settings => General => Merge request approvals scan_result_-_b scan_result_-_a

How to set up and validate locally

  1. Upload a GitLab Ultimate license
  2. Navigate to a project => Security & Compliance => Policies => New policy
  3. Create a policy with all sorts of weird characters (e.g. /, -, , etcetera)
  4. Save the policy and merge the resulting MR
  5. Navigate back to the project => Security & Compliance => Policies => select newly created policy => Edit policy
  6. Ensure there isn't a 404

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Alexander Turinske

Merge request reports