Merge branch 'psk-add-additional-query-params-to-not-mask' into 'master'

Add severity, sortBy, sortDesc, tab to not masked query params See merge request gitlab-org/gitlab!83473

Merge branch 'psk-add-additional-query-params-to-not-mask' into 'master'
Add severity, sortBy, sortDesc, tab to not masked query params See merge request gitlab-org/gitlab!83473
e7983f2e · Sean McGivern · 29faa41c · fe097579 · e7983f2e · e7983f2e
Commit e7983f2e authored Mar 24, 2022 by Sean McGivern
3 changed files
--- a/app/helpers/routing/pseudonymization_helper.rb
+++ b/app/helpers/routing/pseudonymization_helper.rb
@@ -5,7 +5,11 @@ module Routing
    class MaskHelper
      QUERY_PARAMS_TO_NOT_MASK = %w[
        scope
+        severity
+        sortBy
+        sortDesc
        state
+        tab
      ].freeze

      def initialize(request_object, group, project)

--- a/ee/spec/helpers/routing/pseudonymization_helper_spec.rb
+++ b/ee/spec/helpers/routing/pseudonymization_helper_spec.rb
@@ -61,5 +61,27 @@ RSpec.describe ::Routing::PseudonymizationHelper do

      it_behaves_like 'masked url'
    end
+
+    context 'when severity, sortBy, sortDesc is present' do
+      let(:masked_url) { "http://localhost/namespace#{group.id}/project#{project.id}/-/security/vulnerability_report?severity=high&sortBy=reportType&sortDesc=false&state=all" }
+      let(:request) do
+        double(:Request,
+               path_parameters: {
+                controller: 'projects/security/vulnerability_report',
+                action: 'index',
+                namespace_id: group.name,
+                project_id: project.name
+               },
+               protocol: 'http',
+               host: 'localhost',
+               query_string: 'severity=high&sortBy=reportType&sortDesc=false&state=all')
+      end
+
+      before do
+        allow(helper).to receive(:request).and_return(request)
+      end
+
+      it_behaves_like 'masked url'
+    end
  end
 end
--- a/spec/helpers/routing/pseudonymization_helper_spec.rb
+++ b/spec/helpers/routing/pseudonymization_helper_spec.rb
@@ -180,7 +180,7 @@ RSpec.describe ::Routing::PseudonymizationHelper do
    end

    context 'when some query params are not required to be masked' do
-      let(:masked_url) { "http://localhost/dashboard/issues?author_username=masked_author_username&scope=all&state=masked_state" }
+      let(:masked_url) { "http://localhost/dashboard/issues?author_username=masked_author_username&scope=all&state=masked_state&tab=2" }
      let(:request) do
        double(:Request,
               path_parameters: {
@@ -189,11 +189,11 @@ RSpec.describe ::Routing::PseudonymizationHelper do
               },
               protocol: 'http',
               host: 'localhost',
-               query_string: 'author_username=root&scope=all&state=opened')
+               query_string: 'author_username=root&scope=all&state=opened&tab=2')
      end

      before do
-        stub_const('Routing::PseudonymizationHelper::MaskHelper::QUERY_PARAMS_TO_NOT_MASK', %w[scope].freeze)
+        stub_const('Routing::PseudonymizationHelper::MaskHelper::QUERY_PARAMS_TO_NOT_MASK', %w[scope tab].freeze)
        allow(helper).to receive(:request).and_return(request)
      end