Skip to content

fix: URL-encode programming language filter values in resource list #2079

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tdruez merged 4 commits into from
Mar 9, 2026
Merged

fix: URL-encode programming language filter values in resource list #2079

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2d7cedb
url-encode programming language filter values
uttam282005 Mar 6, 2026
c070d39
url-encode programming language filter in resource list
uttam282005 Mar 6, 2026
5b2f22d
correct syntax mistake and add tests for rendered html
uttam282005 Mar 9, 2026
5c2f962
remove EOF newlines
uttam282005 Mar 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions scanpipe/templates/scanpipe/panels/scan_summary_panel.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@
{% for entry in scan_summary.primary_language %}
{% if entry.value %}
<li>
<a href="{% url 'project_resources' project.slug %}?programming_language={{ entry.value }}" target="_blank">
<a href="{% url 'project_resources' project.slug %}?programming_language={{ entry.value|urlencode }}" target="_blank">
{{ entry.value }}
{% if entry.count %}
<span class="tag is-rounded">
Expand Down Expand Up @@ -123,7 +123,7 @@
<ul>
{% for entry in scan_summary.other_languages %}
{% if entry.value %}
<a href="{% url 'project_resources' project.slug %}?programming_language={{ entry.value }}" target="_blank">
<a href="{% url 'project_resources' project.slug %}?programming_language={{ entry.value|urlencode }}" target="_blank">
Comment on lines 60 to +126
Copy link
Contributor

@tdruez tdruez Mar 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a unit test in ScanPipeViewsTest to make sure the values are properly encoded in the rendered HTML.

<li>
{{ entry.value }}
{% if entry.count %}
Expand Down
2 changes: 1 addition & 1 deletion scanpipe/templates/scanpipe/project_charts.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ <h3 class="title is-4 has-text-centered mb-3">
// Keep in sync with FilterSetUtilsMixin.(empty_value|other_value)
if (name === "(No value detected)") name = "_EMPTY_";
if (name === "Other") name = "_OTHER_";
let full_url = `${base_url}?${field}=${name}`;
let full_url = `${base_url}?${field}=${encodeURIComponent(name)}`;
if (in_package) full_url += `&in_package=${in_package}`;
if (event.ctrlKey || event.metaKey) window.open(full_url, '_blank');
else window.location.href = full_url;
Expand Down
2 changes: 1 addition & 1 deletion scanpipe/templates/scanpipe/resource_list.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
<a href="?extension={{ resource.extension }}" class="is-black-link">{{ resource.extension }}</a>
</td>
<td class="break-all">
<a href="?programming_language={{ resource.programming_language }}" class="is-black-link">{{ resource.programming_language }}</a>
<a href="?programming_language={{ resource.programming_language|urlencode }}" class="is-black-link">{{ resource.programming_language }}</a>
Copy link
Contributor

@tdruez tdruez Mar 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a unit test in ScanPipeViewsTest to make sure the value is properly encoded in the rendered HTML.

</td>
<td class="break-all">
<a href="?mime_type={{ resource.mime_type }}" class="is-black-link">{{ resource.mime_type }}</a>
Expand Down
12 changes: 12 additions & 0 deletions scanpipe/tests/test_api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -788,6 +788,18 @@ def test_scanpipe_api_project_action_resources_filterset(self):
response = self.csrf_client.get(url + "?slug=aaa")
self.assertEqual(2, response.data["count"])

def test_scanpipe_api_project_action_resources_filterset_special_chars(self):
Copy link
Contributor

@tdruez tdruez Mar 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test is unrelated to the PR changes. What's the reasoning behind testing the API in place of testing your code changes?

Copy link
Contributor Author

@uttam282005 uttam282005 Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i was just confirming whether or not special characters are correctly handled in the api. so, thought of adding a test for it.
on second thought django does handle this automatically.
should i remove this test?

Copy link
Contributor

@tdruez tdruez Mar 9, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's fine let's keep it. I was just wondering about your intent since the actual changes were not tested.

make_resource_file(
self.project1,
path="csharp_file.cs",
programming_language="C#",
)
url = reverse("project-resources", args=[self.project1.uuid])
response = self.csrf_client.get(url + "?programming_language=C%23")
self.assertEqual(1, response.data["count"])
self.assertEqual("csharp_file.cs", response.data["results"][0]["path"])
self.assertEqual("C#", response.data["results"][0]["programming_language"])

def test_scanpipe_api_project_action_packages(self):
url = reverse("project-packages", args=[self.project1.uuid])
response = self.csrf_client.get(url)
Expand Down
23 changes: 23 additions & 0 deletions scanpipe/tests/test_views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -590,6 +590,18 @@ def test_scanpipe_views_project_details_scan_summary_panels(self):
self.assertContains(response, expected1)
self.assertContains(response, expected2)

def test_scanpipe_views_project_details_scan_summary_language_url_encoding(self):
summary_file = self.project1.get_output_file_path("summary", "json")
scan_summary_json = {
"primary_language": [{"value": "C#", "count": 1}],
"other_languages": [{"value": "C#", "count": 1}],
}
summary_file.write_text(json.dumps(scan_summary_json))
url = self.project1.get_absolute_url()
response = self.client.get(url)
self.assertContains(response, "?programming_language=C%23")
self.assertNotContains(response, "?programming_language=C#")

def test_scanpipe_views_project_details_get_license_clarity_data(self):
get_license_clarity_data = ProjectDetailView.get_license_clarity_data

Expand Down Expand Up @@ -1039,6 +1051,17 @@ def test_scanpipe_views_codebase_resource_list_view_bad_search_query(self):
expected_error = "The provided search value is invalid: No closing quotation"
self.assertContains(response, expected_error)

def test_scanpipe_views_codebase_resource_list_programming_language_url_encoding(
self,
):
make_resource_file(
self.project1, path="csharp_file.cs", programming_language="C#"
)
url = reverse("project_resources", args=[self.project1.slug])
response = self.client.get(url)
self.assertContains(response, "?programming_language=C%23")
self.assertNotContains(response, "?programming_language=C#")

def test_scanpipe_views_codebase_resource_details_view_tab_image(self):
resource1 = make_resource_file(self.project1, "file1.ext")
response = self.client.get(resource1.get_absolute_url())
Expand Down