Automatic merge of gitlab-org/gitlab master

app/services/projects/create_service.rb

@@ -210,16 +210,22 @@ module Projects
     end
 
     def set_project_name_from_path
-      # Set project name from path
-      if @project.name.present? && @project.path.present?
-        # if both name and path set - everything is ok
-      elsif @project.path.present?
+      # if both name and path set - everything is ok
+      return if @project.name.present? && @project.path.present?
+
+      if @project.path.present?
         # Set project name from path
         @project.name = @project.path.dup
       elsif @project.name.present?
         # For compatibility - set path from name
-        # TODO: remove this in 8.0
-        @project.path = @project.name.dup.parameterize
+        @project.path = @project.name.dup
+
+        # TODO: Retained for backwards compatibility. Remove in API v5.
+        #       When removed, validation errors will get bubbled up automatically.
+        #       See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52725
+        unless @project.path.match?(Gitlab::PathRegex.project_path_format_regex)
+          @project.path = @project.path.parameterize
+        end
       end
     end
 

changelogs/unreleased/18292-project-name-to-path-conversion-in-api-mangles-dots.yml

+---
+title: "API: do not mangle dots when creating project with a name"
+merge_request: 52725
+author:
+type: fixed

doc/administration/geo/replication/datatypes.md

@@ -201,4 +201,4 @@ successfully, you must replicate their data using some other means.
 | [GitLab Pages](../../pages/index.md)                                                                           | [No](https://gitlab.com/groups/gitlab-org/-/epics/589)                             | No                                                        | No                                                                                   |                                                                                                                                                                                                                                                                                                                            |
 | [CI Pipeline Artifacts](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/models/ci/pipeline_artifact.rb) | [No](https://gitlab.com/gitlab-org/gitlab/-/issues/238464)                         | No                                                        | Via Object Storage provider if supported. Native Geo support (Beta).                 | Persists additional artifacts after a pipeline completes                                                                                                                                                                                                                                                                   |
 | [Dependency proxy images](../../../user/packages/dependency_proxy/index.md)                                    | [No](https://gitlab.com/gitlab-org/gitlab/-/issues/259694)                         | No                                                        | No                                                                                   | Blocked on [Geo: Secondary Mimicry](https://gitlab.com/groups/gitlab-org/-/epics/1528). Note that replication of this cache is not needed for Disaster Recovery purposes because it can be recreated from external sources.                                                                                                |
-| [Vulnerability Export](../../../user/application_security/security_dashboard/#export-vulnerabilities)          | [Not planned](https://gitlab.com/groups/gitlab-org/-/epics/3111)                   | No                                                        | Via Object Storage provider if supported. Native Geo support (Beta).                 | Not planned because they are ephemeral and sensitive. They can be regenerated on demand.                                                                                                                                                                                                                                   |
+| [Vulnerability Export](../../../user/application_security/vulnerability_report/#export-vulnerabilities)          | [Not planned](https://gitlab.com/groups/gitlab-org/-/epics/3111)                   | No                                                        | Via Object Storage provider if supported. Native Geo support (Beta).                 | Not planned because they are ephemeral and sensitive. They can be regenerated on demand.                                                                                                                                                                                                                                   |

doc/development/export_csv.md

@@ -14,7 +14,7 @@ This document lists the different implementations of CSV export in GitLab codeba
 | Downloading | - Query and write data in batches to a temporary file.<br>- Loads the file into memory.<br>- Sends the file to the client. | - Report available immediately. | - Large amount of data might cause request timeout.<br>- Memory intensive.<br>- Request expires when user navigates to a different page. | [Export Chain of Custody Report](../user/compliance/compliance_dashboard/#chain-of-custody-report) |
 | As email attachment | - Asynchronously process the query with background job.<br>- Email uses the export as an attachment. | - Asynchronous processing. | - Requires users use a different app (email) to download the CSV.<br>- Email providers may limit attachment size. | - [Export Issues](../user/project/issues/csv_export.md)<br>- [Export Merge Requests](../user/project/merge_requests/csv_export.md) |
 | As downloadable link in email (*) | - Asynchronously process the query with background job.<br>- Email uses an export link. | - Asynchronous processing.<br>- Bypasses email provider attachment size limit. | - Requires users use a different app (email).<br>- Requires additional storage and cleanup. | [Export User Permissions](https://gitlab.com/gitlab-org/gitlab/-/issues/1772) |
-| Polling (non-persistent state) | - Asynchronously processes the query with the background job.<br>- Frontend(FE) polls every few seconds to check if CSV file is ready. | - Asynchronous processing.<br>- Automatically downloads to local machine on completion.<br>- In-app solution. | - Non-persistable request - request expires when user navigates to a different page.<br>- API is processed for each polling request. | [Export Vulnerabilities](../user/application_security/security_dashboard/#export-vulnerabilities) |
+| Polling (non-persistent state) | - Asynchronously processes the query with the background job.<br>- Frontend(FE) polls every few seconds to check if CSV file is ready. | - Asynchronous processing.<br>- Automatically downloads to local machine on completion.<br>- In-app solution. | - Non-persistable request - request expires when user navigates to a different page.<br>- API is processed for each polling request. | [Export Vulnerabilities](../user/application_security/vulnerability_report/#export-vulnerabilities) |
 | Polling (persistent state) (*) | - Asynchronously processes the query with background job.<br>- Backend (BE) maintains the export state<br>- FE polls every few seconds to check status.<br>- FE shows 'Download link' when export is ready.<br>- User can download or regenerate a new report. | - Asynchronous processing.<br>- No database calls made during the polling requests (HTTP 304 status is returned until export status changes).<br>- Does not require user to stay on page until export is complete.<br>- In-app solution.<br>- Can be expanded into a generic CSV feature (such as dashboard / CSV API). | - Requires to maintain export states in DB.<br>- Does not automatically download the CSV export to local machine, requires users to click 'Download' button. | [Export Merge Commits Report](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/43055) |
 
 NOTE:

doc/user/application_security/security_dashboard/index.md

@@ -5,13 +5,13 @@ group: Threat Insights
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
-# GitLab Security Dashboard, Security Center, and Vulnerability Reports **(ULTIMATE)**
+# GitLab Security Dashboards and Security Center **(ULTIMATE)**
 
 GitLab provides a comprehensive set of features for viewing and managing vulnerabilities:
 
 - Security dashboards: An overview of the security status in your instance, [groups](#group-security-dashboard), and
   [projects](#project-security-dashboard).
-- [Vulnerability reports](#vulnerability-report): Detailed lists of all vulnerabilities for the instance, group, project, or
+- [Vulnerability reports](../vulnerability_report/index.md): Detailed lists of all vulnerabilities for the instance, group, project, or
   pipeline. This is where you triage and manage vulnerabilities.
 - [Security Center](#instance-security-center): A dedicated area for vulnerability management at the instance level. This
   includes a security dashboard, vulnerability report, and settings.
@@ -27,7 +27,7 @@ To benefit from these features, you must first configure one of the
 
 ## Supported reports
 
-The vulnerability report displays vulnerabilities detected by scanners such as:
+The security dashboard and vulnerability report displays information about vulnerabilities detected by scanners such as:
 
 - [Container Scanning](../container_scanning/index.md)
 - [Dynamic Application Security Testing](../dast/index.md)
@@ -68,7 +68,7 @@ the analyzer outputs an
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/235558) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.6.
 
 At the project level, the Security Dashboard displays a chart with the number of vulnerabilities over time.
-Access it by navigating to **Security & Compliance > Security Dashboard**. Currently, we display historical
+Access it by navigating to **Security & Compliance > Security Dashboard**. We display historical
 data up to 365 days.
 
 ![Project Security Dashboard](img/project_security_dashboard_chart_v13_6.png)
@@ -76,43 +76,6 @@ data up to 365 days.
 Filter the historical data by clicking on the corresponding legend name. The image above, for example, shows
 only the graph for vulnerabilities with **high** severity.
 
-### Vulnerability Report
-
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/6165) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.1.
-
-The vulnerabilities that exist in your project's
-[default branch](../../project/repository/branches/index.md#default-branch) are accessed by navigating to
-**Security & Compliance > Vulnerability Report**. By default, the Vulnerability Report is filtered to
-display all detected and confirmed vulnerabilities.
-
-The Vulnerability Report first displays the time at which the last pipeline completed on the project's
-default branch. There's also a link to view this in more detail. In the case of any pipeline failures,
-the number of failures is indicated. The failure notification takes you directly to
-the **Failed jobs** tab of the pipeline page.
-
-The Vulnerability Report next displays the total number of vulnerabilities by severity (for example,
-Critical, High, Medium, Low, Info, Unknown). Below this, a table shows each vulnerability's status, severity,
-description and if there is a Merge Request related to it. Clicking a vulnerability takes you to its
-[Vulnerability Details](../vulnerabilities)
-page to view more information about that vulnerability.
-
-![Project Vulnerability Report](img/project_security_dashboard_v13_5.png)
-
-You can filter the vulnerabilities by one or more of the following:
-
-| Filter | Available Options |
-| --- | --- |
-| Status | Detected, Confirmed, Dismissed, Resolved |
-| Severity | Critical, High, Medium, Low, Info, Unknown |
-| Scanner | [Available Scanners](../index.md#security-scanning-tools) |
-
-You can also dismiss vulnerabilities in the table:
-
-1. Select the checkbox for each vulnerability you want to dismiss.
-1. In the menu that appears, select the reason for dismissal and click **Dismiss Selected**.
-
-![Project Vulnerability Report](img/project_security_dashboard_dismissal_v13_4.png)
-
 ## Group Security Dashboard
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/6709) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.5.
@@ -146,7 +109,7 @@ Next to the timeline chart is a list of projects, grouped and sorted by the seve
 Projects with no vulnerability tests configured don't appear in the list. Additionally, dismissed
 vulnerabilities are excluded.
 
-Navigate to the group's [vulnerability report](#vulnerability-report-1) to view the vulnerabilities found.
+Navigate to the group's [vulnerability report](../vulnerability_report/index.md) to view the vulnerabilities found.
 
 ## Instance Security Center
 
@@ -157,7 +120,7 @@ vulnerabilities present in the default branches of all the projects you configur
 following:
 
 - The [group security dashboard's](#group-security-dashboard) features.
-- A [vulnerability report](#vulnerability-report).
+- A [vulnerability report](../vulnerability_report/index.md).
 - A dedicated settings area to configure which projects to display.
 
 ![Instance Security Dashboard with projects](img/instance_security_dashboard_v13_4.png)
@@ -184,36 +147,6 @@ To add projects to the Security Center:
 After you add projects, the security dashboard and vulnerability report display the vulnerabilities
 found in those projects' default branches.
 
-## Export vulnerabilities
-
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213014) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.10.
-
-You can export all your vulnerabilities in CSV (comma separated values) format by clicking the
-**{upload}** **Export** button located at top right of the Security Dashboard. When the report is
-ready, the CSV report downloads to your local machine. The report contains all vulnerabilities for
-the projects defined in the Security Dashboard, as filters don't apply to the export function.
-
-NOTE:
-It may take several minutes for the download to start if your project contains
-thousands of vulnerabilities. Don't close the page until the download finishes.
-
-The fields in the export include:
-
-- Group Name
-- Project Name
-- Scanner Type
-- Scanner Name
-- Status
-- Vulnerability
-- Details
-- Additional Info
-- Severity
-- [CVE](https://cve.mitre.org/) (Common Vulnerabilities and Exposures)
-- [CWE](https://cwe.mitre.org/) (Common Weakness Enumeration)
-- Other Identifiers
-
-![Export vulnerabilities](img/instance_security_dashboard_export_csv_v13_4.png)
-
 ## Keeping the dashboards up to date
 
 The Security Dashboard displays information from the results of the most recent
@@ -245,35 +178,6 @@ When using [Auto DevOps](../../../topics/autodevops/index.md), use
 [special environment variables](../../../topics/autodevops/customize.md#environment-variables)
 to configure daily security scans.
 
-## Vulnerability report
-
-Each vulnerability report contains vulnerabilities from the latest scans that were merged
-into the default branch.
-
-![Vulnerability Report](img/group_vulnerability_report_v13_7.png)
-
-You can filter which vulnerabilities the vulnerability report displays by:
-
-| Filter | Available Options |
-| --- | --- |
-| Status | Detected, Confirmed, Dismissed, Resolved |
-| Severity | Critical, High, Medium, Low, Info, Unknown |
-| Scanner | [Available Scanners](../index.md#security-scanning-tools) |
-| Project | Projects configured in the Security Center settings |
-
-Clicking any vulnerability in the table takes you to its
-[Vulnerability Details](../vulnerabilities) page to see more information on that vulnerability.
-To create an issue associated with the vulnerability, click the **Create Issue** button.
-
-![Create an issue for the vulnerability](img/vulnerability_details_create_issue_v13_7.png)
-
-After you create the issue, the linked issue icon in the vulnerability list:
-
-- Indicates that an issue has been created for that vulnerability.
-- Shows a tooltip that contains a link to the issue.
-
-![Display attached issues](img/vulnerability_list_table_v13_4.png)
-
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues

doc/user/application_security/vulnerability_report/index.md

+---
+type: reference, howto
+stage: Secure
+group: Threat Insights
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# GitLab Vulnerability Reports **(ULTIMATE)**
+
+Each vulnerability report contains vulnerabilities from the scans of the most recent branch merged into the default branch.
+
+The vulnerability reports display the total number of vulnerabilities by severity (for example,
+Critical, High, Medium, Low, Info, Unknown). Below this, a table shows each vulnerability's detected date, status, severity, description, identifier, the scanner where it was detected, and activity (including related issues or available solutions). By default, the vulnerability report is filtered to display all detected and confirmed vulnerabilities.
+
+![Vulnerability Report](img/group_vulnerability_report_v13_7.png)
+
+You can filter which vulnerabilities display by:
+
+| Filter | Available Options |
+| --- | --- |
+| Status | Detected, Confirmed, Dismissed, Resolved |
+| Severity | Critical, High, Medium, Low, Info, Unknown |
+| Scanner | [Available Scanners](../index.md#security-scanning-tools) |
+| Project | Projects configured in the Security Center settings, or all projects in the group for the group level report. This filter is not displayed on the project level vulnerability report |
+
+Clicking any vulnerability in the table takes you to its
+[vulnerability details](../vulnerabilities) page to see more information on that vulnerability.
+
+To create an issue associated with the vulnerability, click the **Create Issue** button.
+
+![Create an issue for the vulnerability](img/vulnerability_details_create_issue_v13_7.png)
+
+After you create the issue, the linked issue icon in the vulnerability list:
+
+- Indicates that an issue has been created for that vulnerability.
+- Shows a tooltip that contains a link to the issue.
+
+![Display attached issues](img/vulnerability_list_table_v13_4.png)
+
+Contents of the unfiltered vulnerability report can be exported using our [export feature](#export-vulnerabilities)
+
+You can also dismiss vulnerabilities in the table:
+
+1. Select the checkbox for each vulnerability you want to dismiss.
+1. In the menu that appears, select the reason for dismissal and click **Dismiss Selected**.
+
+![Project Vulnerability Report](img/project_security_dashboard_dismissal_v13_4.png)
+
+## Project Vulnerability Report
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/6165) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.1.
+
+The vulnerabilities that exist in your project's
+[default branch](../../project/repository/branches/index.md#default-branch) are accessed by navigating to
+**Security & Compliance > Vulnerability Report**. 
+
+The project vulnerability report first displays the time at which the last pipeline completed on the project's
+default branch. There's also a link to view this in more detail. In the case of any pipeline failures,
+the number of failures is indicated. The failure notification takes you directly to
+the **Failed jobs** tab of the pipeline page.
+
+![Project Vulnerability Report](img/project_security_dashboard_v13_5.png)
+
+## Export vulnerabilities
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213014) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.10.
+
+You can export all your vulnerabilities in CSV (comma separated values) format by clicking the
+**{upload}** **Export** button located at top right of the Security Dashboard. When the report is
+ready, the CSV report downloads to your local machine. The report contains all vulnerabilities for
+the projects defined in the Security Dashboard, as filters don't apply to the export function.
+
+NOTE:
+It may take several minutes for the download to start if your project contains
+thousands of vulnerabilities. Don't close the page until the download finishes.
+
+The fields in the export include:
+
+- Group Name
+- Project Name
+- Scanner Type
+- Scanner Name
+- Status
+- Vulnerability
+- Details
+- Additional Info
+- Severity
+- [CVE](https://cve.mitre.org/) (Common Vulnerabilities and Exposures)
+- [CWE](https://cwe.mitre.org/) (Common Weakness Enumeration)
+- Other Identifiers
+
+![Export vulnerabilities](img/instance_security_dashboard_export_csv_v13_4.png)

qa/qa/specs/features/browser_ui/5_package/composer_registry_spec.rb

@@ -104,9 +104,7 @@ module QA
           index.click_package(package_name)
         end
 
-        Page::Project::Packages::Show.perform do |package|
-          package.click_delete
-        end
+        Page::Project::Packages::Show.perform(&:click_delete)
 
         Page::Project::Packages::Index.perform do |index|
           aggregate_failures 'package deletion' do

qa/qa/specs/features/browser_ui/5_package/conan_repository_spec.rb

@@ -75,9 +75,7 @@ module QA
           index.click_package(package_name)
         end
 
-        Page::Project::Packages::Show.perform do |package|
-          package.click_delete
-        end
+        Page::Project::Packages::Show.perform(&:click_delete)
 
         Page::Project::Packages::Index.perform do |index|
           expect(index).to have_content("Package deleted successfully")

qa/qa/specs/features/browser_ui/5_package/generic_repository_spec.rb

@@ -100,9 +100,7 @@ module QA
           index.click_package(package_name)
         end
 
-        Page::Project::Packages::Show.perform do |package|
-          package.click_delete
-        end
+        Page::Project::Packages::Show.perform(&:click_delete)
 
         Page::Project::Packages::Index.perform do |index|
           aggregate_failures 'package deletion' do

qa/qa/specs/features/browser_ui/5_package/maven_gradle_repository_spec.rb

@@ -112,9 +112,7 @@ module QA
           index.click_package(package_name)
         end
 
-        Page::Project::Packages::Show.perform do |show|
-          show.click_delete
-        end
+        Page::Project::Packages::Show.perform(&:click_delete)
 
         Page::Project::Packages::Index.perform do |index|
           expect(index).to have_content("Package deleted successfully")

qa/qa/specs/features/browser_ui/5_package/nuget_repository_spec.rb

@@ -155,9 +155,7 @@ module QA
           index.click_package(package_name)
         end
 
-        Page::Project::Packages::Show.perform do |package|
-          package.click_delete
-        end
+        Page::Project::Packages::Show.perform(&:click_delete)
 
         Page::Project::Packages::Index.perform do |index|
           expect(index).to have_content("Package deleted successfully")

qa/qa/specs/features/browser_ui/5_package/pypi_repository_spec.rb

@@ -98,9 +98,7 @@ module QA
           index.click_package(package_name)
         end
 
-        Page::Project::Packages::Show.perform do |package|
-          package.click_delete
-        end
+        Page::Project::Packages::Show.perform(&:click_delete)
 
         Page::Project::Packages::Index.perform do |index|
           aggregate_failures do

spec/services/projects/create_service_spec.rb

@@ -40,6 +40,48 @@ RSpec.describe Projects::CreateService, '#execute' do
     end
   end
 
+  describe 'setting name and path' do
+    subject(:project) { create_project(user, opts) }
+
+    context 'when both are set' do
+      let(:opts) { { name: 'one', path: 'two' } }
+
+      it 'keeps them as specified' do
+        expect(project.name).to eq('one')
+        expect(project.path).to eq('two')
+      end
+    end
+
+    context 'when path is set' do
+      let(:opts) { { path: 'one.two_three-four' } }
+
+      it 'sets name == path' do
+        expect(project.path).to eq('one.two_three-four')
+        expect(project.name).to eq(project.path)
+      end
+    end
+
+    context 'when name is a valid path' do
+      let(:opts) { { name: 'one.two_three-four' } }
+
+      it 'sets path == name' do
+        expect(project.name).to eq('one.two_three-four')
+        expect(project.path).to eq(project.name)
+      end
+    end
+
+    context 'when name is not a valid path' do
+      let(:opts) { { name: 'one.two_three-four and five' } }
+
+      # TODO: Retained for backwards compatibility. Remove in API v5.
+      #       See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52725
+      it 'parameterizes the name' do
+        expect(project.name).to eq('one.two_three-four and five')
+        expect(project.path).to eq('one-two_three-four-and-five')
+      end
+    end
+  end
+
   context 'user namespace' do
     it do
       project = create_project(user, opts)
@@ -419,7 +461,7 @@ RSpec.describe Projects::CreateService, '#execute' do
     context 'when another repository already exists on disk' do
       let(:opts) do
         {
-          name: 'Existing',
+          name: 'existing',
           namespace_id: user.namespace.id
         }
       end