Merge pull request #1103 from nscuro/backport-pr-1098

Author: nscuro

src/views/globalAudit/VulnerabilityAuditByOccurrence.vue

@@ -491,7 +491,10 @@ export default {
           sortable: true,
           formatter(value, row, index) {
             let url = xssFilters.uriInUnQuotedAttr(
-              '../vulnerabilities/' + row.vulnerability.source + '/' + value,
+              '../vulnerabilities/' +
+                row.vulnerability.source +
+                '/' +
+                encodeURIComponent(value),
             );
             return (
               common.formatSourceLabel(row.vulnerability.source) +

src/views/globalAudit/VulnerabilityAuditGroupedByVulnerability.vue

@@ -456,7 +456,10 @@ export default {
           sortable: true,
           formatter(value, row, index) {
             let url = xssFilters.uriInUnQuotedAttr(
-              '../vulnerabilities/' + row.vulnerability.source + '/' + value,
+              '../vulnerabilities/' +
+                row.vulnerability.source +
+                '/' +
+                encodeURIComponent(value),
             );
             return (
               common.formatSourceLabel(row.vulnerability.source) +

src/views/portfolio/projects/ProjectFindings.vue

@@ -238,7 +238,7 @@ export default {
               '../../../vulnerabilities/' +
                 row.vulnerability.source +
                 '/' +
-                value,
+                encodeURIComponent(value),
             );
             return (
               common.formatSourceLabel(row.vulnerability.source) +
@@ -263,7 +263,7 @@ export default {
                   '../../../vulnerabilities/' +
                     alias.source +
                     '/' +
-                    alias.vulnId,
+                    encodeURIComponent(alias.vulnId),
                 );
                 label +=
                   common.formatSourceLabel(alias.source) +

src/views/portfolio/vulnerabilities/AffectedProjects.vue

@@ -118,7 +118,7 @@ export default {
   },
   methods: {
     apiUrl: function () {
-      let url = `${this.$api.BASE_URL}/${this.$api.URL_VULNERABILITY}/source/${this.source}/vuln/${this.vulnId}/projects`;
+      let url = `${this.$api.BASE_URL}/${this.$api.URL_VULNERABILITY}/source/${this.source}/vuln/${encodeURIComponent(this.vulnId)}/projects`;
       if (this.showInactiveProjects === undefined) {
         url += '?excludeInactive=true';
       } else {

src/views/portfolio/vulnerabilities/Vulnerability.vue

@@ -66,7 +66,7 @@
             <span v-for="alias in resolveVulnAliases(vulnerability.aliases)">
               <b-link
                 style="margin-right: 1rem"
-                :href="`/vulnerabilities/${alias.source}/${alias.vulnId}`"
+                :href="`/vulnerabilities/${alias.source}/${encodeURIComponent(alias.vulnId)}`"
                 >{{ alias.vulnId }}</b-link
               >
             </span>
@@ -446,7 +446,7 @@ export default {
       if (this.uuid) {
         url = `${this.$api.BASE_URL}/${this.$api.URL_VULNERABILITY}/${this.uuid}`;
       } else {
-        url = `${this.$api.BASE_URL}/${this.$api.URL_VULNERABILITY}/source/${this.source}/vuln/${this.vulnId}`;
+        url = `${this.$api.BASE_URL}/${this.$api.URL_VULNERABILITY}/source/${this.source}/vuln/${encodeURIComponent(this.vulnId)}`;
       }
       this.axios.get(url).then((response) => {
         this.vulnerability = response.data;
@@ -467,7 +467,7 @@ export default {
     initializeData: function () {
       this.uuid = this.$route.params.uuid;
       this.source = this.$route.params.source;
-      this.vulnId = this.$route.params.vulnId;
+      this.vulnId = decodeURIComponent(this.$route.params.vulnId);
     },
     routeTo(path) {
       if (path) {
@@ -479,19 +479,31 @@ export default {
               '/vulnerabilities/' +
               this.source +
               '/' +
-              this.vulnId +
+              encodeURIComponent(this.vulnId) +
               '/' +
               path,
           });
         }
       } else if (
         this.$route.fullPath !==
-          '/vulnerabilities/' + this.source + '/' + this.vulnId &&
+          '/vulnerabilities/' +
+            this.source +
+            '/' +
+            encodeURIComponent(this.vulnId) &&
         this.$route.fullPath !==
-          '/vulnerabilities/' + this.source + '/' + this.vulnId + '/'
+          '/vulnerabilities/' +
+            this.source +
+            '/' +
+            encodeURIComponent(this.vulnId) +
+            '/'
       ) {
         this.$router.push({
-          path: '/vulnerabilities/' + this.source + '/' + this.vulnId + '/',
+          path:
+            '/vulnerabilities/' +
+            this.source +
+            '/' +
+            encodeURIComponent(this.vulnId) +
+            '/',
         });
       }
     },
@@ -500,7 +512,7 @@ export default {
         '/vulnerabilities\\/' +
           this.source +
           '\\/' +
-          this.vulnId +
+          encodeURIComponent(this.vulnId) +
           '\\/([^\\/]*)',
         'gi',
       );
@@ -533,7 +545,12 @@ export default {
     } catch (e) {
       this.$toastr.e(this.$t('condition.forbidden'));
       this.$router.replace({
-        path: '/vulnerabilities/' + this.source + '/' + this.vulnId + '/',
+        path:
+          '/vulnerabilities/' +
+          this.source +
+          '/' +
+          encodeURIComponent(this.vulnId) +
+          '/',
       });
       this.$refs.overview.active = true;
     }

src/views/portfolio/vulnerabilities/VulnerabilityCreateVulnerabilityModal.vue

@@ -1508,7 +1508,9 @@ export default {
           this.$emit('refreshTable');
           this.$toastr.s(this.$t('message.vulnerability_created'));
           this.$router.replace({
-            path: '/vulnerabilities/INTERNAL/' + this.vulnerability.vulnId,
+            path:
+              '/vulnerabilities/INTERNAL/' +
+              encodeURIComponent(this.vulnerability.vulnId),
           });
         })
         .catch((error) => {

src/views/portfolio/vulnerabilities/VulnerabilityList.vue

@@ -74,7 +74,10 @@ export default {
           sortable: true,
           formatter(value, row, index) {
             let url = xssFilters.uriInUnQuotedAttr(
-              '../vulnerabilities/' + row.source + '/' + value,
+              '../vulnerabilities/' +
+                row.source +
+                '/' +
+                encodeURIComponent(value),
             );
             return (
               common.formatSourceLabel(row.source) +
@@ -93,7 +96,10 @@ export default {
               for (let i = 0; i < aliases.length; i++) {
                 let alias = aliases[i];
                 let url = xssFilters.uriInUnQuotedAttr(
-                  '../vulnerabilities/' + alias.source + '/' + alias.vulnId,
+                  '../vulnerabilities/' +
+                    alias.source +
+                    '/' +
+                    encodeURIComponent(alias.vulnId),
                 );
                 label +=
                   common.formatSourceLabel(alias.source) +