Verify project id in API

* Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/351520 * Sentry error: https://sentry.gitlab.net/gitlab/gitlabcom/issues/3184048 **Problem** It is possible to skip Grape validation for id for http OPTIONS method. **Solution** Verify that id is present Changelog: fixed

Verify project id in API
* Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/351520 * Sentry error: https://sentry.gitlab.net/gitlab/gitlabcom/issues/3184048 **Problem** It is possible to skip Grape validation for id for http OPTIONS method. **Solution** Verify that id is present Changelog: fixed
f059837f · Vasilii Iakliushin · d088bff9 · f059837f · f059837f
Commit f059837f authored Feb 07, 2022 by Vasilii Iakliushin
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

lib/api/helpers.rb lib/api/helpers.rb +2 -0

spec/lib/api/helpers_spec.rb spec/lib/api/helpers_spec.rb +6 -0

No files found.
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -117,6 +117,8 @@ module API
    # rubocop: disable CodeReuse/ActiveRecord
    def find_project(id)
+      return unless id
      projects = Project.without_deleted
      if id.is_a?(Integer) || id =~ /^\d+$/

--- a/spec/lib/api/helpers_spec.rb
+++ b/spec/lib/api/helpers_spec.rb
@@ -76,6 +76,12 @@ RSpec.describe API::Helpers do
          expect(subject.find_project(non_existing_id)).to be_nil
        end
      end
+      context 'when project id is not provided' do
+        it 'returns nil' do
+          expect(subject.find_project(nil)).to be_nil
+        end
+      end
    end
    context 'when ID is used as an argument' do