diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-28 15:13:13 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-28 15:13:40 +0300 |
commit | a325d3a2c05b8f664a76912c5ac32d0a8e45e562 (patch) | |
tree | 6840627ef29240e1f4da01c36334f9a43549cd65 | |
parent | c49ef67dc34ca5770ca16ce3df17786f82cfbcb2 (diff) |
Add latest changes from gitlab-org/security/gitlab@16-1-stable-ee
-rw-r--r-- | app/models/hooks/web_hook.rb | 1 | ||||
-rw-r--r-- | spec/controllers/admin/hooks_controller_spec.rb | 9 | ||||
-rw-r--r-- | spec/models/hooks/web_hook_spec.rb | 7 |
3 files changed, 13 insertions, 4 deletions
diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb index 6dc1c9f290a..d7a95363337 100644 --- a/app/models/hooks/web_hook.rb +++ b/app/models/hooks/web_hook.rb @@ -135,6 +135,7 @@ class WebHook < ApplicationRecord return if url_variables_were.blank? || interpolated_url_was == interpolated_url + self.url_variables = {} if url_variables_were.keys.intersection(url_variables.keys).any? self.url_variables = {} if url_changed? && url_variables_were.to_a.intersection(url_variables.to_a).any? end diff --git a/spec/controllers/admin/hooks_controller_spec.rb b/spec/controllers/admin/hooks_controller_spec.rb index 4e68ffdda2a..86c3405863a 100644 --- a/spec/controllers/admin/hooks_controller_spec.rb +++ b/spec/controllers/admin/hooks_controller_spec.rb @@ -55,12 +55,13 @@ RSpec.describe Admin::HooksController do hook.update!(url_variables: { 'foo' => 'bar', 'baz' => 'woo' }) hook_params = { - url: 'http://example.com/{baz}?token={token}', + url: 'http://example.com/{bar}?token={token}', enable_ssl_verification: false, url_variables: [ { key: 'token', value: 'some secret value' }, - { key: 'baz', value: 'qux' }, - { key: 'foo', value: nil } + { key: 'baz', value: nil }, + { key: 'foo', value: nil }, + { key: 'bar', value: 'qux' } ] } @@ -72,7 +73,7 @@ RSpec.describe Admin::HooksController do expect(flash[:notice]).to include('was updated') expect(hook).to have_attributes(hook_params.except(:url_variables)) expect(hook).to have_attributes( - url_variables: { 'token' => 'some secret value', 'baz' => 'qux' } + url_variables: { 'token' => 'some secret value', 'bar' => 'qux' } ) end end diff --git a/spec/models/hooks/web_hook_spec.rb b/spec/models/hooks/web_hook_spec.rb index 82cfb3983f8..308e16328d7 100644 --- a/spec/models/hooks/web_hook_spec.rb +++ b/spec/models/hooks/web_hook_spec.rb @@ -258,6 +258,13 @@ RSpec.describe WebHook, feature_category: :webhooks do expect(hook.url_variables).to eq({}) end + it 'resets url variables if url variables are overwritten' do + hook.url_variables = hook.url_variables.merge('abc' => 'baz') + + expect(hook).not_to be_valid + expect(hook.url_variables).to eq({}) + end + it 'does not reset url variables if both url and url variables are changed' do hook.url = 'http://example.com/{one}/{two}' hook.url_variables = { 'one' => 'foo', 'two' => 'bar' } |