diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:46:39 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:46:47 +0300 |
| commit | 6a5fe8e74390f235dccd1f962024fce0a97f3214 (patch) | |
| tree | daa363b35ad09c2ead25e6afd6e30430bfe79c64 | |
| parent | 1cad287a7b40174786cadaecea9c91a68e49fcba (diff) | |
Add latest changes from gitlab-org/security/gitlab@16-3-stable-ee
| -rw-r--r-- | app/services/error_tracking/list_projects_service.rb | 8 | ||||
| -rw-r--r-- | doc/user/application_security/dast/proxy-based.md | 3 | ||||
| -rw-r--r-- | locale/gitlab.pot | 3 | ||||
| -rw-r--r-- | spec/services/error_tracking/list_projects_service_spec.rb | 16 |
4 files changed, 24 insertions, 6 deletions
diff --git a/app/services/error_tracking/list_projects_service.rb b/app/services/error_tracking/list_projects_service.rb index 35a8179d54d..1539e24df9d 100644 --- a/app/services/error_tracking/list_projects_service.rb +++ b/app/services/error_tracking/list_projects_service.rb @@ -20,22 +20,20 @@ module ErrorTracking def project_error_tracking_setting (super || project.build_error_tracking_setting).tap do |setting| - url_changed = !setting.api_url&.start_with?(params[:api_host]) - setting.api_url = ErrorTracking::ProjectErrorTrackingSetting.build_api_url_from( api_host: params[:api_host], organization_slug: 'org', project_slug: 'proj' ) - setting.token = token(setting, url_changed) + setting.token = token(setting) setting.enabled = true end end strong_memoize_attr :project_error_tracking_setting - def token(setting, url_changed) - return if url_changed && masked_token? + def token(setting) + return if setting.api_url_changed? && masked_token? # Use param token if not masked, otherwise use database token return params[:token] unless masked_token? diff --git a/doc/user/application_security/dast/proxy-based.md b/doc/user/application_security/dast/proxy-based.md index 3052fd3a72d..7538bd38d9f 100644 --- a/doc/user/application_security/dast/proxy-based.md +++ b/doc/user/application_security/dast/proxy-based.md @@ -646,6 +646,9 @@ NOTE: If a site profile is linked to a security policy, you cannot edit the profile from this page. See [Scan execution policies](../policies/scan-execution-policies.md) for more information. +NOTE: +If a site profile's Target URL or Authenticated URL is updated, the request headers and password fields associated with that profile are cleared. + When a validated site profile's file, header, or meta tag is edited, the site's [validation status](#site-profile-validation) is revoked. diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 45493cfb068..e55389fd74a 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -14964,6 +14964,9 @@ msgstr "" msgid "DastProfiles|Minimum = 1 second, Maximum = 3600 seconds" msgstr "" +msgid "DastProfiles|Modifying the URL will clear any previously entered values for the additional request headers and password fields." +msgstr "" + msgid "DastProfiles|Monitors all HTTP requests sent to the target to find potential vulnerabilities." msgstr "" diff --git a/spec/services/error_tracking/list_projects_service_spec.rb b/spec/services/error_tracking/list_projects_service_spec.rb index 8408adcc21d..d91808edc8d 100644 --- a/spec/services/error_tracking/list_projects_service_spec.rb +++ b/spec/services/error_tracking/list_projects_service_spec.rb @@ -6,7 +6,7 @@ RSpec.describe ErrorTracking::ListProjectsService, feature_category: :integratio let_it_be(:user) { create(:user) } let_it_be(:project, reload: true) { create(:project) } - let(:sentry_url) { 'https://sentrytest.gitlab.com/api/0/projects/sentry-org/sentry-project' } + let(:sentry_url) { 'https://sentrytest.gitlab.com/api/0/projects/org/proj/' } let(:token) { 'test-token' } let(:new_api_host) { 'https://gitlab.com/' } let(:new_token) { 'new-token' } @@ -66,6 +66,20 @@ RSpec.describe ErrorTracking::ListProjectsService, feature_category: :integratio end end + context 'with the similar api host' do + let(:api_host) { 'https://sentrytest.gitlab.co' } + + it 'returns an error' do + expect(result[:message]).to start_with('Token is a required field') + expect(error_tracking_setting).not_to be_valid + expect(error_tracking_setting).not_to receive(:list_sentry_projects) + end + + it 'resets the token' do + expect { subject.execute }.to change { error_tracking_setting.token }.from(token).to(nil) + end + end + context 'with a new api host' do let(:api_host) { new_api_host } |