Add latest changes from gitlab-org/security/gitlab@15-11-stable-ee

5 files changed, 13 insertions, 6 deletions

diff --git a/.rubocop_todo/gitlab/strong_memoize_attr.yml b/.rubocop_todo/gitlab/strong_memoize_attr.yml
index 21b8a2c9dec..c9ed5041ab8 100644
--- a/.rubocop_todo/gitlab/strong_memoize_attr.yml
+++ b/.rubocop_todo/gitlab/strong_memoize_attr.yml
@@ -363,7 +363,6 @@ Gitlab/StrongMemoizeAttr:
     - 'ee/app/models/vulnerabilities/finding.rb'
     - 'ee/app/presenters/approval_rule_presenter.rb'
     - 'ee/app/presenters/ci/minutes/usage_presenter.rb'
-    - 'ee/app/presenters/merge_request_approver_presenter.rb'
     - 'ee/app/serializers/dashboard_operations_project_entity.rb'
     - 'ee/app/serializers/ee/member_user_entity.rb'
     - 'ee/app/services/app_sec/dast/pipelines/find_latest_service.rb'
diff --git a/.rubocop_todo/rspec/missing_feature_category.yml b/.rubocop_todo/rspec/missing_feature_category.yml
index c94541ad8a2..8018d9ab050 100644
--- a/.rubocop_todo/rspec/missing_feature_category.yml
+++ b/.rubocop_todo/rspec/missing_feature_category.yml
@@ -1069,7 +1069,6 @@ RSpec/MissingFeatureCategory:
     - 'ee/spec/models/approval_merge_request_rule_spec.rb'
     - 'ee/spec/models/approval_state_spec.rb'
     - 'ee/spec/models/approval_wrapped_any_approver_rule_spec.rb'
-    - 'ee/spec/models/approval_wrapped_code_owner_rule_spec.rb'
     - 'ee/spec/models/approval_wrapped_rule_spec.rb'
     - 'ee/spec/models/approvals/scan_finding_wrapped_rule_set_spec.rb'
     - 'ee/spec/models/approvals/wrapped_rule_set_spec.rb'
diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb
index 5ccbc926a71..1ee47bc63cc 100644
--- a/app/models/hooks/web_hook.rb
+++ b/app/models/hooks/web_hook.rb
@@ -135,6 +135,7 @@ class WebHook < ApplicationRecord
 
     return if url_variables_were.blank? || interpolated_url_was == interpolated_url
 
+    self.url_variables = {} if url_variables_were.keys.intersection(url_variables.keys).any?
     self.url_variables = {} if url_changed? && url_variables_were.to_a.intersection(url_variables.to_a).any?
   end
 
diff --git a/spec/controllers/admin/hooks_controller_spec.rb b/spec/controllers/admin/hooks_controller_spec.rb
index 4e68ffdda2a..86c3405863a 100644
--- a/spec/controllers/admin/hooks_controller_spec.rb
+++ b/spec/controllers/admin/hooks_controller_spec.rb
@@ -55,12 +55,13 @@ RSpec.describe Admin::HooksController do
       hook.update!(url_variables: { 'foo' => 'bar', 'baz' => 'woo' })
 
       hook_params = {
-        url: 'http://example.com/{baz}?token={token}',
+        url: 'http://example.com/{bar}?token={token}',
         enable_ssl_verification: false,
         url_variables: [
           { key: 'token', value: 'some secret value' },
-          { key: 'baz', value: 'qux' },
-          { key: 'foo', value: nil }
+          { key: 'baz', value: nil },
+          { key: 'foo', value: nil },
+          { key: 'bar', value: 'qux' }
         ]
       }
 
@@ -72,7 +73,7 @@ RSpec.describe Admin::HooksController do
       expect(flash[:notice]).to include('was updated')
       expect(hook).to have_attributes(hook_params.except(:url_variables))
       expect(hook).to have_attributes(
-        url_variables: { 'token' => 'some secret value', 'baz' => 'qux' }
+        url_variables: { 'token' => 'some secret value', 'bar' => 'qux' }
       )
     end
   end
diff --git a/spec/models/hooks/web_hook_spec.rb b/spec/models/hooks/web_hook_spec.rb
index 254b8c2520b..4c7317de903 100644
--- a/spec/models/hooks/web_hook_spec.rb
+++ b/spec/models/hooks/web_hook_spec.rb
@@ -258,6 +258,13 @@ RSpec.describe WebHook, feature_category: :integrations do
         expect(hook.url_variables).to eq({})
       end
 
+      it 'resets url variables if url variables are overwritten' do
+        hook.url_variables = hook.url_variables.merge('abc' => 'baz')
+
+        expect(hook).not_to be_valid
+        expect(hook.url_variables).to eq({})
+      end
+
       it 'does not reset url variables if both url and url variables are changed' do
         hook.url = 'http://example.com/{one}/{two}'
         hook.url_variables = { 'one' => 'foo', 'two' => 'bar' }