Add latest changes from gitlab-org/security/gitlab@16-4-stable-ee

2023-11-29 16:25:29 +00:00 · 2023-11-29 16:25:29 +00:00 · 7bfb929743
parent c2b2b98631
commit 7bfb929743
3 changed files with 4 additions and 6 deletions
--- a/app/models/integrations/jira.rb
+++ b/app/models/integrations/jira.rb
@ -384,9 +384,9 @@ module Integrations
    private

    def jira_issue_match_regex
-      return /\b#{jira_issue_prefix}(?<issue>#{Gitlab::Regex.jira_issue_key_regex})/ if jira_issue_regex.blank?
+      jira_regex = jira_issue_regex.presence || Gitlab::Regex.jira_issue_key_regex.source

-      Gitlab::UntrustedRegexp.new("\\b#{jira_issue_prefix}(?P<issue>#{jira_issue_regex})")
+      Gitlab::UntrustedRegexp.new("\\b#{jira_issue_prefix}(?P<issue>#{jira_regex})")
    end

    def parse_project_from_issue_key(issue_key)
--- a/lib/gitlab/regex.rb
+++ b/lib/gitlab/regex.rb
@ -255,10 +255,8 @@ module Gitlab

    # Based on Jira's project key format
    # https://confluence.atlassian.com/adminjiraserver073/changing-the-project-key-format-861253229.html
-    # Avoids linking CVE IDs (https://cve.mitre.org/cve/identifiers/syntaxchange.html#new) as Jira issues.
-    # CVE IDs use the format of CVE-YYYY-NNNNNNN
    def jira_issue_key_regex(expression_escape: '\b')
-      /#{expression_escape}(?!CVE-\d+-\d+)[A-Z][A-Z_0-9]+-\d+/
+      /#{expression_escape}([A-Z][A-Z_0-9]+-\d+)/
    end

    def jira_issue_key_project_key_extraction_regex
--- a/spec/models/integrations/jira_spec.rb
+++ b/spec/models/integrations/jira_spec.rb
@ -251,7 +251,7 @@ RSpec.describe Integrations::Jira, feature_category: :integrations do
      'EXT_EXT-1234'       | 'EXT_EXT-1234'
      'EXT3_EXT-1234'      | 'EXT3_EXT-1234'
      '3EXT_EXT-1234'      | ''
-      'CVE-2022-123'       | ''
+      'CVE-2022-123'       | 'CVE-2022'
      'CVE-123'            | 'CVE-123'
      'abc-JIRA-1234'      | 'JIRA-1234'
    end