Skip to content

Commit

Permalink
Merge pull request #1103 from nscuro/backport-pr-1098
Browse files Browse the repository at this point in the history
  • Loading branch information
nscuro authored Nov 29, 2024
2 parents 3e5168b + 0692846 commit dae1564
Show file tree
Hide file tree
Showing 7 changed files with 48 additions and 17 deletions.
5 changes: 4 additions & 1 deletion src/views/globalAudit/VulnerabilityAuditByOccurrence.vue
Original file line number Diff line number Diff line change
Expand Up @@ -491,7 +491,10 @@ export default {
sortable: true,
formatter(value, row, index) {
let url = xssFilters.uriInUnQuotedAttr(
'../vulnerabilities/' + row.vulnerability.source + '/' + value,
'../vulnerabilities/' +
row.vulnerability.source +
'/' +
encodeURIComponent(value),
);
return (
common.formatSourceLabel(row.vulnerability.source) +
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -456,7 +456,10 @@ export default {
sortable: true,
formatter(value, row, index) {
let url = xssFilters.uriInUnQuotedAttr(
'../vulnerabilities/' + row.vulnerability.source + '/' + value,
'../vulnerabilities/' +
row.vulnerability.source +
'/' +
encodeURIComponent(value),
);
return (
common.formatSourceLabel(row.vulnerability.source) +
Expand Down
4 changes: 2 additions & 2 deletions src/views/portfolio/projects/ProjectFindings.vue
Original file line number Diff line number Diff line change
Expand Up @@ -238,7 +238,7 @@ export default {
'../../../vulnerabilities/' +
row.vulnerability.source +
'/' +
value,
encodeURIComponent(value),
);
return (
common.formatSourceLabel(row.vulnerability.source) +
Expand All @@ -263,7 +263,7 @@ export default {
'../../../vulnerabilities/' +
alias.source +
'/' +
alias.vulnId,
encodeURIComponent(alias.vulnId),
);
label +=
common.formatSourceLabel(alias.source) +
Expand Down
2 changes: 1 addition & 1 deletion src/views/portfolio/vulnerabilities/AffectedProjects.vue
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ export default {
},
methods: {
apiUrl: function () {
let url = `${this.$api.BASE_URL}/${this.$api.URL_VULNERABILITY}/source/${this.source}/vuln/${this.vulnId}/projects`;
let url = `${this.$api.BASE_URL}/${this.$api.URL_VULNERABILITY}/source/${this.source}/vuln/${encodeURIComponent(this.vulnId)}/projects`;
if (this.showInactiveProjects === undefined) {
url += '?excludeInactive=true';
} else {
Expand Down
35 changes: 26 additions & 9 deletions src/views/portfolio/vulnerabilities/Vulnerability.vue
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@
<span v-for="alias in resolveVulnAliases(vulnerability.aliases)">
<b-link
style="margin-right: 1rem"
:href="`/vulnerabilities/${alias.source}/${alias.vulnId}`"
:href="`/vulnerabilities/${alias.source}/${encodeURIComponent(alias.vulnId)}`"
>{{ alias.vulnId }}</b-link
>
</span>
Expand Down Expand Up @@ -446,7 +446,7 @@ export default {
if (this.uuid) {
url = `${this.$api.BASE_URL}/${this.$api.URL_VULNERABILITY}/${this.uuid}`;
} else {
url = `${this.$api.BASE_URL}/${this.$api.URL_VULNERABILITY}/source/${this.source}/vuln/${this.vulnId}`;
url = `${this.$api.BASE_URL}/${this.$api.URL_VULNERABILITY}/source/${this.source}/vuln/${encodeURIComponent(this.vulnId)}`;
}
this.axios.get(url).then((response) => {
this.vulnerability = response.data;
Expand All @@ -467,7 +467,7 @@ export default {
initializeData: function () {
this.uuid = this.$route.params.uuid;
this.source = this.$route.params.source;
this.vulnId = this.$route.params.vulnId;
this.vulnId = decodeURIComponent(this.$route.params.vulnId);
},
routeTo(path) {
if (path) {
Expand All @@ -479,19 +479,31 @@ export default {
'/vulnerabilities/' +
this.source +
'/' +
this.vulnId +
encodeURIComponent(this.vulnId) +
'/' +
path,
});
}
} else if (
this.$route.fullPath !==
'/vulnerabilities/' + this.source + '/' + this.vulnId &&
'/vulnerabilities/' +
this.source +
'/' +
encodeURIComponent(this.vulnId) &&
this.$route.fullPath !==
'/vulnerabilities/' + this.source + '/' + this.vulnId + '/'
'/vulnerabilities/' +
this.source +
'/' +
encodeURIComponent(this.vulnId) +
'/'
) {
this.$router.push({
path: '/vulnerabilities/' + this.source + '/' + this.vulnId + '/',
path:
'/vulnerabilities/' +
this.source +
'/' +
encodeURIComponent(this.vulnId) +
'/',
});
}
},
Expand All @@ -500,7 +512,7 @@ export default {
'/vulnerabilities\\/' +
this.source +
'\\/' +
this.vulnId +
encodeURIComponent(this.vulnId) +
'\\/([^\\/]*)',
'gi',
);
Expand Down Expand Up @@ -533,7 +545,12 @@ export default {
} catch (e) {
this.$toastr.e(this.$t('condition.forbidden'));
this.$router.replace({
path: '/vulnerabilities/' + this.source + '/' + this.vulnId + '/',
path:
'/vulnerabilities/' +
this.source +
'/' +
encodeURIComponent(this.vulnId) +
'/',
});
this.$refs.overview.active = true;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1508,7 +1508,9 @@ export default {
this.$emit('refreshTable');
this.$toastr.s(this.$t('message.vulnerability_created'));
this.$router.replace({
path: '/vulnerabilities/INTERNAL/' + this.vulnerability.vulnId,
path:
'/vulnerabilities/INTERNAL/' +
encodeURIComponent(this.vulnerability.vulnId),
});
})
.catch((error) => {
Expand Down
10 changes: 8 additions & 2 deletions src/views/portfolio/vulnerabilities/VulnerabilityList.vue
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,10 @@ export default {
sortable: true,
formatter(value, row, index) {
let url = xssFilters.uriInUnQuotedAttr(
'../vulnerabilities/' + row.source + '/' + value,
'../vulnerabilities/' +
row.source +
'/' +
encodeURIComponent(value),
);
return (
common.formatSourceLabel(row.source) +
Expand All @@ -93,7 +96,10 @@ export default {
for (let i = 0; i < aliases.length; i++) {
let alias = aliases[i];
let url = xssFilters.uriInUnQuotedAttr(
'../vulnerabilities/' + alias.source + '/' + alias.vulnId,
'../vulnerabilities/' +
alias.source +
'/' +
encodeURIComponent(alias.vulnId),
);
label +=
common.formatSourceLabel(alias.source) +
Expand Down

0 comments on commit dae1564

Please sign in to comment.