Merge branch 'dj-fix-site-profile-url-validation' into 'master'

Handle invalid URL exception for DAST Site Profile See merge request gitlab-org/gitlab!80170

Merge branch 'dj-fix-site-profile-url-validation' into 'master'
Handle invalid URL exception for DAST Site Profile See merge request gitlab-org/gitlab!80170
753c690d · Stan Hu · 67560a1d · cd73cc9e · 753c690d · 753c690d
Commit 753c690d authored Feb 17, 2022 by Stan Hu
3 changed files
--- a/ee/app/models/dast_site_validation.rb
+++ b/ee/app/models/dast_site_validation.rb
@@ -69,9 +69,9 @@ class DastSiteValidation < ApplicationRecord
  end

  def self.get_normalized_url_base(url)
-    uri = URI(url)
+    uri = Addressable::URI.parse(url)

-    "%{scheme}://%{host}:%{port}" % { scheme: uri.scheme, host: uri.host, port: uri.port }
+    "%{scheme}://%{host}:%{port}" % { scheme: uri.scheme, host: uri.host, port: uri.inferred_port }
  end

  private

--- a/ee/app/services/app_sec/dast/site_tokens/find_or_create_service.rb
+++ b/ee/app/services/app_sec/dast/site_tokens/find_or_create_service.rb
@@ -12,7 +12,7 @@ module AppSec
          return success_response(existing_validation.dast_site_token, existing_validation.state) if existing_validation

          find_or_create_dast_site_token
-        rescue URI::InvalidURIError
+        rescue Addressable::URI::InvalidURIError
          error_response('Invalid target_url')
        end


--- a/ee/spec/graphql/resolvers/dast_site_profile_resolver_spec.rb
+++ b/ee/spec/graphql/resolvers/dast_site_profile_resolver_spec.rb
@@ -13,6 +13,11 @@ RSpec.describe Resolvers::DastSiteProfileResolver do
  let_it_be(:developer) { create(:user, developer_projects: [project]) }
  let_it_be(:dast_site_profile1) { create(:dast_site_profile, project: project) }
  let_it_be(:dast_site_profile2) { create(:dast_site_profile, project: project) }
+  let_it_be(:dast_site_profile3) do
+    dast_site = create(:dast_site, project: project, url: 'https://site1.com/, https://site2.com/')
+
+    create(:dast_site_profile, project: project, dast_site: dast_site)
+  end

  let(:current_user) { developer }

@@ -29,7 +34,7 @@ RSpec.describe Resolvers::DastSiteProfileResolver do
  context 'when resolving multiple DAST site profiles' do
    subject { sync(dast_site_profiles) }

-    it { is_expected.to contain_exactly(dast_site_profile1, dast_site_profile2) }
+    it { is_expected.to contain_exactly(dast_site_profile1, dast_site_profile2, dast_site_profile3) }

    context 'when the feature is disabled' do
      before do