Merge branch 'sanitize_test_report_status_filtering_parameter' into 'master'

Validate last_test_report_state parameter

See merge request gitlab-org/gitlab!55407

ee/app/finders/requirements_management/requirements_finder.rb

@@ -4,10 +4,13 @@ module RequirementsManagement
   class RequirementsFinder
     include Gitlab::Utils::StrongMemoize
 
+    ALLOWED_LAST_TEST_REPORT_STATE_VALUES = TestReport.states.keys.push("missing").freeze
+
     # Params:
     # project_id: integer
     # iids: integer[]
     # state: string[]
+    # last_test_report_state: string
     # sort: string
     # search: string
     # author_username: string
@@ -61,6 +64,7 @@ module RequirementsManagement
 
     def by_last_test_report_state(items)
       return items unless params[:last_test_report_state]
+      return items unless ALLOWED_LAST_TEST_REPORT_STATE_VALUES.include?(params[:last_test_report_state])
 
       if params[:last_test_report_state] == 'missing'
         items.without_test_reports

ee/spec/finders/requirements_management/requirements_finder_spec.rb

@@ -62,6 +62,18 @@ RSpec.describe RequirementsManagement::RequirementsFinder do
 
           is_expected.to match_array([requirement1, requirement3])
         end
+
+        context 'when last_test_report_state is not valid' do
+          let(:params) { { project_id: project.id, last_test_report_state: 'not_valid' } }
+
+          it 'does not filter requirements' do
+            is_expected.to match_array([requirement1, requirement2, requirement3])
+          end
+
+          it 'does not raise error' do
+            expect { subject }.not_to raise_error
+          end
+        end
       end
 
       context 'when user can not read requirements in the project' do