From 6a5fe8e74390f235dccd1f962024fce0a97f3214 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 30 Aug 2023 19:46:39 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@16-3-stable-ee

---
 app/services/error_tracking/list_projects_service.rb     |  8 +++-----
 doc/user/application_security/dast/proxy-based.md        |  3 +++
 locale/gitlab.pot                                        |  3 +++
 .../error_tracking/list_projects_service_spec.rb         | 16 +++++++++++++++-
 4 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/app/services/error_tracking/list_projects_service.rb b/app/services/error_tracking/list_projects_service.rb
index 35a8179d54d..1539e24df9d 100644
--- a/app/services/error_tracking/list_projects_service.rb
+++ b/app/services/error_tracking/list_projects_service.rb
@@ -20,22 +20,20 @@ module ErrorTracking
 
     def project_error_tracking_setting
       (super || project.build_error_tracking_setting).tap do |setting|
-        url_changed = !setting.api_url&.start_with?(params[:api_host])
-
         setting.api_url = ErrorTracking::ProjectErrorTrackingSetting.build_api_url_from(
           api_host: params[:api_host],
           organization_slug: 'org',
           project_slug: 'proj'
         )
 
-        setting.token = token(setting, url_changed)
+        setting.token = token(setting)
         setting.enabled = true
       end
     end
     strong_memoize_attr :project_error_tracking_setting
 
-    def token(setting, url_changed)
-      return if url_changed && masked_token?
+    def token(setting)
+      return if setting.api_url_changed? && masked_token?
 
       # Use param token if not masked, otherwise use database token
       return params[:token] unless masked_token?
diff --git a/doc/user/application_security/dast/proxy-based.md b/doc/user/application_security/dast/proxy-based.md
index 3052fd3a72d..7538bd38d9f 100644
--- a/doc/user/application_security/dast/proxy-based.md
+++ b/doc/user/application_security/dast/proxy-based.md
@@ -646,6 +646,9 @@ NOTE:
 If a site profile is linked to a security policy, you cannot edit the profile from this page. See
 [Scan execution policies](../policies/scan-execution-policies.md) for more information.
 
+NOTE:
+If a site profile's Target URL or Authenticated URL is updated, the request headers and password fields associated with that profile are cleared.
+
 When a validated site profile's file, header, or meta tag is edited, the site's
 [validation status](#site-profile-validation) is revoked.
 
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 45493cfb068..e55389fd74a 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -14964,6 +14964,9 @@ msgstr ""
 msgid "DastProfiles|Minimum = 1 second, Maximum = 3600 seconds"
 msgstr ""
 
+msgid "DastProfiles|Modifying the URL will clear any previously entered values for the additional request headers and password fields."
+msgstr ""
+
 msgid "DastProfiles|Monitors all HTTP requests sent to the target to find potential vulnerabilities."
 msgstr ""
 
diff --git a/spec/services/error_tracking/list_projects_service_spec.rb b/spec/services/error_tracking/list_projects_service_spec.rb
index 8408adcc21d..d91808edc8d 100644
--- a/spec/services/error_tracking/list_projects_service_spec.rb
+++ b/spec/services/error_tracking/list_projects_service_spec.rb
@@ -6,7 +6,7 @@ RSpec.describe ErrorTracking::ListProjectsService, feature_category: :integratio
   let_it_be(:user) { create(:user) }
   let_it_be(:project, reload: true) { create(:project) }
 
-  let(:sentry_url) { 'https://sentrytest.gitlab.com/api/0/projects/sentry-org/sentry-project' }
+  let(:sentry_url) { 'https://sentrytest.gitlab.com/api/0/projects/org/proj/' }
   let(:token) { 'test-token' }
   let(:new_api_host) { 'https://gitlab.com/' }
   let(:new_token) { 'new-token' }
@@ -66,6 +66,20 @@ RSpec.describe ErrorTracking::ListProjectsService, feature_category: :integratio
           end
         end
 
+        context 'with the similar api host' do
+          let(:api_host) { 'https://sentrytest.gitlab.co' }
+
+          it 'returns an error' do
+            expect(result[:message]).to start_with('Token is a required field')
+            expect(error_tracking_setting).not_to be_valid
+            expect(error_tracking_setting).not_to receive(:list_sentry_projects)
+          end
+
+          it 'resets the token' do
+            expect { subject.execute }.to change { error_tracking_setting.token }.from(token).to(nil)
+          end
+        end
+
         context 'with a new api host' do
           let(:api_host) { new_api_host }
 
-- 
cgit v1.2.3