Fix missing JSON serialization in custom webhook template field interpolation
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.
What does this MR do and why?
This MR fixes an issue with custom webhook templates where interpolated field values were not properly JSON-serialized. As a result, characters such as quotes (") and backslashes (\) have led to invalid JSON in the final webhook payload, e.g.:
Internal error occurred while delivering this webhook.
Error: Error while parsing rendered custom webhook template: unexpected character (after description) at line 1, column 27 [parse.c:774] in '{"description": "Quotes " and backslashes \ must be escaped"}Field values are now JSON-serialized using <var>.to_json and leading/trailing quotes are stripped before being interpolated into the template. This ensures special characters are properly escaped and that the final payload is valid JSON. Stripping leading/trailing quotes is necessary, as a raw field value of type string will be quoted after serialization, but the placeholder is simply substituted with the value.
I've checked !142738 (merged) for inspiration regarding testing but couldn't find much there. If you'd like tests to cover this fix, I'd appreciate some guidance, as I'm new to GitLab (and Ruby).
/cc @Quintasan @ameyadarshan because of their familiarity with !142738 (merged) as reviewers
References
Fixes #511476
Follow-up of !142738 (merged)
Related to gitlab-ci-utils/gitlab-webhook-renovate-proxy#6 (closed)
How to set up and validate locally
-
Open https://public.requestbin.com/r and copy the endpoint URL.
-
Visit any GitLab project.
-
Create a webhook at
Settings > Webhooks > Add new webhookwith the following form input:Field Value URL (Request Bin endpoint URL) Trigger ☑️ Merge request eventsCustom webhook template (optional) {"description": "{{object_attributes.description}}"} -
Create a MR with a description containing characters that require escaping, e.g.
Quotes " and backslashes \ must be escaped. -
Check the Request Bin for the incoming request (check that the body is
{"description": "Quotes \" and backslashes \\ must be escaped"}).