SONAR-17780 Fix SSF-352

author: Mathieu Suen <mathieu.suen@sonarsource.com> 2022-12-16 14:09:33 +0100
committer: sonartech <sonartech@sonarsource.com> 2022-12-19 20:02:46 +0000
commit: 69f310f938e903bdc6b1131e81e9c4ff32388cca (patch)
tree: b2ad262be26859ce5c908d303bbc719993ceff96 /server/sonar-web/src/main/js/apps/create
parent: 416df50ac7d403213f16ae9961e253e6151de728 (diff)
download: sonarqube-69f310f938e903bdc6b1131e81e9c4ff32388cca.tar.gz
sonarqube-69f310f938e903bdc6b1131e81e9c4ff32388cca.zip
2 files changed, 22 insertions, 1 deletions
diff --git a/server/sonar-web/src/main/js/apps/create/project/GitHubProjectCreate.tsx b/server/sonar-web/src/main/js/apps/create/project/GitHubProjectCreate.tsx
index 85ec7fafe2c..4928ff0b779 100644
--- a/server/sonar-web/src/main/js/apps/create/project/GitHubProjectCreate.tsx
+++ b/server/sonar-web/src/main/js/apps/create/project/GitHubProjectCreate.tsx
@@ -19,6 +19,7 @@
  */
 import { debounce } from 'lodash';
 import * as React from 'react';
+import { isWebUri } from 'valid-url';
 import {
   getGithubClientId,
   getGithubOrganizations,
@@ -173,7 +174,11 @@ export default class GitHubProjectCreate extends React.Component<Props, State> {
 
     // strip the trailing /
     instanceRootUrl = instanceRootUrl.replace(/\/$/, '');
-    window.location.replace(`${instanceRootUrl}/login/oauth/authorize?${queryParams}`);
+    if (!isWebUri(instanceRootUrl)) {
+      this.setState({ error: true });
+    } else {
+      window.location.replace(`${instanceRootUrl}/login/oauth/authorize?${queryParams}`);
+    }
   }
 
   async fetchOrganizations(selectedAlmInstance: AlmSettingsInstance, token: string) {
diff --git a/server/sonar-web/src/main/js/apps/create/project/__tests__/GitHub-it.tsx b/server/sonar-web/src/main/js/apps/create/project/__tests__/GitHub-it.tsx
index 3d82ec14110..8eabe80f533 100644
--- a/server/sonar-web/src/main/js/apps/create/project/__tests__/GitHub-it.tsx
+++ b/server/sonar-web/src/main/js/apps/create/project/__tests__/GitHub-it.tsx
@@ -81,6 +81,22 @@ it('should redirect to github authorization page when not already authorized', a
   ).toBeInTheDocument();
 });
 
+it('should not redirect to github when url is malformated', async () => {
+  const user = userEvent.setup();
+  renderCreateProject();
+
+  expect(ui.githubCreateProjectButton.get()).toBeInTheDocument();
+
+  await user.click(ui.githubCreateProjectButton.get());
+  expect(screen.getByText('onboarding.create_project.github.title')).toBeInTheDocument();
+  expect(screen.getByText('alm.configuration.selector.placeholder')).toBeInTheDocument();
+  expect(ui.instanceSelector.get()).toBeInTheDocument();
+
+  await selectEvent.select(ui.instanceSelector.get(), [/conf-github-3/]);
+
+  expect(window.location.replace).not.toHaveBeenCalled();
+});
+
 it('should show import project feature when the authentication is successfull', async () => {
   const user = userEvent.setup();
   let repoItem;
author	Mathieu Suen <mathieu.suen@sonarsource.com>	2022-12-16 14:09:33 +0100
committer	sonartech <sonartech@sonarsource.com>	2022-12-19 20:02:46 +0000
commit	69f310f938e903bdc6b1131e81e9c4ff32388cca (patch)
tree	b2ad262be26859ce5c908d303bbc719993ceff96 /server/sonar-web/src/main/js/apps/create
parent	416df50ac7d403213f16ae9961e253e6151de728 (diff)
download	sonarqube-69f310f938e903bdc6b1131e81e9c4ff32388cca.tar.gz sonarqube-69f310f938e903bdc6b1131e81e9c4ff32388cca.zip