diff --git a/app/helpers/vulnerabilities_helper.rb b/app/helpers/vulnerabilities_helper.rb index 97ac08425..19df88d4a 100644 --- a/app/helpers/vulnerabilities_helper.rb +++ b/app/helpers/vulnerabilities_helper.rb @@ -24,21 +24,28 @@ def filter_severity_param end def filter_version_param - params.fetch(:filter, {})[:version] + decoded_params.fetch(:filter, {})[:version] end def filter_major_version_param - params.fetch(:filter, {})[:major_version] + decoded_params.fetch(:filter, {})[:major_version] end def filter_period_param - params.fetch(:filter, {})[:period] + decoded_params.fetch(:filter, {})[:period] end def sort_col_param params.fetch(:sort, {})[:col] end + def decoded_params + return params unless params.fetch(:filter, {})[:period].to_s.match(/filter/) + + decoded_params = URI.decode_www_form(CGI.unescape(request.query_string)) + decoded_params.to_h + end + def no_versions_available [Release.new(id: '', version: t('.vulnerabilities.filter.no_versions_available'))] end diff --git a/test/controllers/vulnerabilities_controller_test.rb b/test/controllers/vulnerabilities_controller_test.rb index cff6a94a7..3a8f43af0 100644 --- a/test/controllers/vulnerabilities_controller_test.rb +++ b/test/controllers/vulnerabilities_controller_test.rb @@ -100,6 +100,14 @@ class VulnerabilitiesControllerTest < ActionController::TestCase _(assigns(:vulnerabilities).to_a).must_equal r1_3.vulnerabilities.order_by end + it 'should parse the filters correctly and return the vulnerabilities' do + get :index, + params: { id: security_set.project.to_param, filter: { major_version: '1', period: '&filter[version]=1' } } + _(assigns(:release)).must_equal r1_3 + _(assigns(:minor_versions).to_a).must_equal [r1_3] + _(assigns(:vulnerabilities).to_a).must_equal r1_3.vulnerabilities.order_by + end + it 'Release timespan should be disable if there are no releases availble within the timespan' do security_set = create(:project_security_set) create(:release, version: '1.0', released_on: 5.years.ago, project_security_set: security_set)