Add latest changes from gitlab-org/security/gitlab@15-1-stable-ee

2 files changed, 40 insertions, 17 deletions

diff --git a/lib/gitlab/jira/dvcs.rb b/lib/gitlab/jira/dvcs.rb
index ddf2cd76709..41a039674b3 100644
--- a/lib/gitlab/jira/dvcs.rb
+++ b/lib/gitlab/jira/dvcs.rb
@@ -38,7 +38,8 @@ module Gitlab
       # @param [String] namespace
       def self.restore_full_path(namespace:, project:)
         if project.include?(ENCODED_SLASH)
-          project.gsub(ENCODED_SLASH, SLASH)
+          # Replace multiple slashes with single ones to make sure the redirect stays on the same host
+          project.gsub(ENCODED_SLASH, SLASH).gsub(%r{\/{2,}}, '/')
         else
           "#{namespace}/#{project}"
         end
diff --git a/spec/requests/jira_routing_spec.rb b/spec/requests/jira_routing_spec.rb
index a627eea33a8..e0e170044de 100644
--- a/spec/requests/jira_routing_spec.rb
+++ b/spec/requests/jira_routing_spec.rb
@@ -25,27 +25,49 @@ RSpec.describe 'Jira referenced paths', type: :request do
     expect(response).to redirect_to(redirect_path)
   end
 
-  context 'with encoded subgroup path' do
-    where(:jira_path, :redirect_path) do
-      '/group/group@sub_group@sub_group_project'                | '/group/sub_group/sub_group_project'
-      '/group@sub_group/group@sub_group@sub_group_project'      | '/group/sub_group/sub_group_project'
-      '/group/group@sub_group@sub_group_project/commit/1234567' | '/group/sub_group/sub_group_project/commit/1234567'
-      '/group/group@sub_group@sub_group_project/tree/1234567'   | '/group/sub_group/sub_group_project/-/tree/1234567'
+  shared_examples 'redirects to jira path' do
+    it 'redirects to canonical path with legacy prefix' do
+      redirects_to_canonical_path "/-/jira#{jira_path}", redirect_path
     end
 
-    with_them do
-      context 'with legacy prefix' do
-        it 'redirects to canonical path' do
-          redirects_to_canonical_path "/-/jira#{jira_path}", redirect_path
-        end
-      end
-
-      it 'redirects to canonical path' do
-        redirects_to_canonical_path jira_path, redirect_path
-      end
+    it 'redirects to canonical path' do
+      redirects_to_canonical_path jira_path, redirect_path
     end
   end
 
+  let(:jira_path) { '/group/group@sub_group@sub_group_project' }
+  let(:redirect_path) { '/group/sub_group/sub_group_project' }
+
+  it_behaves_like 'redirects to jira path'
+
+  context 'contains @ before the first /' do
+    let(:jira_path) { '/group@sub_group/group@sub_group@sub_group_project' }
+    let(:redirect_path) { '/group/sub_group/sub_group_project' }
+
+    it_behaves_like 'redirects to jira path'
+  end
+
+  context 'including commit path' do
+    let(:jira_path) { '/group/group@sub_group@sub_group_project/commit/1234567' }
+    let(:redirect_path) { '/group/sub_group/sub_group_project/commit/1234567' }
+
+    it_behaves_like 'redirects to jira path'
+  end
+
+  context 'including tree path' do
+    let(:jira_path) { '/group/group@sub_group@sub_group_project/tree/1234567' }
+    let(:redirect_path) { '/group/sub_group/sub_group_project/-/tree/1234567' }
+
+    it_behaves_like 'redirects to jira path'
+  end
+
+  context 'malicious path' do
+    let(:jira_path) { '/group/@@malicious.server' }
+    let(:redirect_path) { '/malicious.server' }
+
+    it_behaves_like 'redirects to jira path'
+  end
+
   context 'regular paths with legacy prefix' do
     where(:jira_path, :redirect_path) do
       '/-/jira/group/group_project'                | '/group/group_project'