OTWO-7262 Fixed null timespan in vulnerabilities (#1792)

blackducksoftware · Jul 25, 2024 · 36ac735 · 36ac735
1 parent 9cda888
commit 36ac735
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/app/helpers/vulnerabilities_helper.rb b/app/helpers/vulnerabilities_helper.rb
@@ -24,21 +24,28 @@ def filter_severity_param
   end
 
   def filter_version_param
-    params.fetch(:filter, {})[:version]
+    decoded_params.fetch(:filter, {})[:version]
   end
 
   def filter_major_version_param
-    params.fetch(:filter, {})[:major_version]
+    decoded_params.fetch(:filter, {})[:major_version]
   end
 
   def filter_period_param
-    params.fetch(:filter, {})[:period]
+    decoded_params.fetch(:filter, {})[:period]
   end
 
   def sort_col_param
     params.fetch(:sort, {})[:col]
   end
 
+  def decoded_params
+    return params unless params.fetch(:filter, {})[:period].to_s.match(/filter/)
+
+    decoded_params = URI.decode_www_form(CGI.unescape(request.query_string))
+    decoded_params.to_h
+  end
+
   def no_versions_available
     [Release.new(id: '', version: t('.vulnerabilities.filter.no_versions_available'))]
   end

diff --git a/test/controllers/vulnerabilities_controller_test.rb b/test/controllers/vulnerabilities_controller_test.rb
@@ -100,6 +100,14 @@ class VulnerabilitiesControllerTest < ActionController::TestCase
         _(assigns(:vulnerabilities).to_a).must_equal r1_3.vulnerabilities.order_by
       end
 
+      it 'should parse the filters correctly and return the vulnerabilities' do
+        get :index,
+            params: { id: security_set.project.to_param, filter: { major_version: '1', period: '&filter[version]=1' } }
+        _(assigns(:release)).must_equal r1_3
+        _(assigns(:minor_versions).to_a).must_equal [r1_3]
+        _(assigns(:vulnerabilities).to_a).must_equal r1_3.vulnerabilities.order_by
+      end
+
       it 'Release timespan should be disable if there are no releases availble within the timespan' do
         security_set = create(:project_security_set)
         create(:release, version: '1.0', released_on: 5.years.ago, project_security_set: security_set)