Bug 2002037 - JiraWebhookSync Extension: Incorrect hostname used for see_also urls added to outgoing webhook payloads

dklawren · web-flow · commit 7125406c3e50 · 2025-11-26T09:15:43.000-05:00
diff --git a/extensions/JiraWebhookSync/Extension.pm b/extensions/JiraWebhookSync/Extension.pm
@@ -20,7 +20,7 @@ use Bugzilla::Logging;
 use Bugzilla::Util qw(trim);
 
 use JSON::MaybeXS qw(decode_json);
-use List::Util    qw(uniq);
+use List::Util    qw(none uniq);
 use Mojo::URL;
 use Mojo::Util qw(dumper);
 
@@ -35,16 +35,38 @@ sub db_schema_abstract_schema {
         NOTNULL    => 1,
         REFERENCES => {TABLE => 'bugs', COLUMN => 'bug_id', DELETE => 'CASCADE',}
       },
-      jira_id          => {TYPE => 'VARCHAR(255)', NOTNULL => 1,},
+      jira_url => {TYPE => 'VARCHAR(255)', NOTNULL => 1,},
       jira_project_key => {TYPE => 'VARCHAR(100)', NOTNULL => 1,},
     ],
     INDEXES => [
-      jira_bug_map_bug_id_idx => {FIELDS => ['bug_id', 'jira_id'], TYPE => 'UNIQUE',},
+      jira_bug_map_bug_id_idx => {FIELDS => ['bug_id', 'jira_url'], TYPE => 'UNIQUE',},
       jira_bug_map_project_idx => ['jira_project_key'],
     ],
   };
 }
 
+sub install_update_db {
+  my ($self) = @_;
+  my $dbh = Bugzilla->dbh;
+
+  if (!$dbh->bz_column_info('jira_bug_map', 'jira_url')) {
+    $dbh->bz_add_column('jira_bug_map', 'jira_url', {TYPE => 'VARCHAR(255)'});
+
+    my $jira_rows
+      = $dbh->selectall_arrayref('SELECT id, jira_id FROM jira_bug_map');
+    foreach my $row (@{$jira_rows}) {
+      my ($id, $jira_id) = @{$row};
+      my $jira_url = "https://mozilla-hub.atlassian.net/browse/$jira_id";
+      $dbh->do('UPDATE jira_bug_map SET jira_url = ? WHERE id = ?', undef, $jira_url,
+        $id);
+    }
+
+    $dbh->bz_drop_column('jira_bug_map', 'jira_id');
+    $dbh->bz_alter_column('jira_bug_map', 'jira_url',
+      {TYPE => 'VARCHAR(255)', NOTNULL => 1});
+  }
+}
+
 # Adds the JiraWebhookSync configuration panel to the admin interface.
 # This hook allows administrators to configure Jira webhook synchronization settings.
 sub config_add_panels {
@@ -61,24 +83,27 @@ sub bug_start_of_update {
   my $new_bug = $args->{bug};
 
   foreach my $see_also (@{$new_bug->see_also}) {
+    my $see_also_url = $see_also->name;
 
     # Check if this see_also URL corresponds to a Jira ticket
-    my ($jira_id, $project_key)
-      = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->extract_jira_info(
-      $see_also->name);
+    my $project_key
+      = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->extract_jira_project_key(
+      $see_also_url);
 
-    next unless $jira_id && $project_key;
+    next unless $project_key;
 
-    INFO("Intercepting see_also for Jira ticket: $jira_id (project: $project_key)");
+    INFO(
+      "Intercepting see_also for Jira ticket: $see_also_url (project: $project_key)");
 
-    # Add the jira id and project key to the jira_bug_map table unless it already exists
+# Add the jira id and project key to the jira_bug_map table unless it already exists
     my $existing_map
-      = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->get_by_bug_id($new_bug->id);
+      = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->get_by_bug_id(
+      $new_bug->id);
     if (!$existing_map) {
       INFO('Creating new Jira mapping for bug ' . $new_bug->id);
       Bugzilla::Extension::JiraWebhookSync::JiraBugMap->create({
         bug_id           => $new_bug->id,
-        jira_id          => $jira_id,
+        jira_url         => $see_also_url,
         jira_project_key => $project_key,
       });
     }
@@ -112,25 +137,15 @@ sub webhook_before_send {
   INFO("Processing webhook for bug $bug_id to Jira host $hostname");
 
   # Check if there's a Jira mapping for this bug
-  my $jira_map
-    = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->get_by_bug_id($bug_id);
-
-  if ($jira_map) {
-
-    # Construct the Jira URL from the mapping
-    my $jira_url = "https://$hostname/browse/" . $jira_map->jira_id;
-
-    INFO("Adding Jira see_also to webhook payload: $jira_url");
-
-    # Add the Jira URL to the see_also array in the payload
-    if (!exists $payload->{bug}->{see_also}) {
-      $payload->{bug}->{see_also} = [];
-    }
-
-    # Only add if not already present
-    my %existing_see_also = map { $_ => 1 } @{$payload->{bug}->{see_also}};
-    if (!$existing_see_also{$jira_url}) {
-      push @{$payload->{bug}->{see_also}}, $jira_url;
+  if (my $jira_map
+    = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->get_by_bug_id($bug_id))
+  {
+    INFO('Adding Jira see_also to webhook payload: ' . $jira_map->jira_url);
+
+    # Add the Jira URL to the see_also array in the payload if not already present
+    $payload->{bug}->{see_also} ||= [];
+    if (none { $_ eq $jira_map->jira_url } @{$payload->{bug}->{see_also}}) {
+      push @{$payload->{bug}->{see_also}}, $jira_map->jira_url;
     }
   }
 
diff --git a/extensions/JiraWebhookSync/lib/JiraBugMap.pm b/extensions/JiraWebhookSync/lib/JiraBugMap.pm
@@ -15,13 +15,14 @@ use base qw(Bugzilla::Object);
 
 use Bugzilla;
 use Bugzilla::Bug;
+use Bugzilla::Constants;
 use Bugzilla::Error;
 use Bugzilla::Logging;
 use Bugzilla::Util qw(detaint_natural trim);
 
 use JSON::MaybeXS qw(decode_json);
 use List::Util qw(none);
-use Mojo::URL;
+use URI;
 use Scalar::Util qw(blessed);
 
 ###############################
@@ -33,31 +34,31 @@ use constant DB_TABLE => 'jira_bug_map';
 use constant DB_COLUMNS => qw(
   id
   bug_id
-  jira_id
   jira_project_key
+  jira_url
 );
 
 use constant UPDATE_COLUMNS => qw(
-  jira_id
+  jira_url
   jira_project_key
 );
 
 use constant VALIDATORS => {
   bug_id           => \&_check_bug_id,
-  jira_id          => \&_check_jira_id,
+  jira_url         => \&_check_jira_url,
   jira_project_key => \&_check_jira_project_key,
 };
 
 use constant VALIDATOR_DEPENDENCIES => {
-  jira_id => ['jira_project_key'],
+  jira_url => ['jira_project_key'],
 };
 
 ###############################
 ####      Accessors      ######
 ###############################
 
 sub bug_id           { return $_[0]->{bug_id}; }
-sub jira_id          { return $_[0]->{jira_id}; }
+sub jira_url         { return $_[0]->{jira_url}; }
 sub jira_project_key { return $_[0]->{jira_project_key}; }
 
 sub bug {
@@ -69,7 +70,7 @@ sub bug {
 ####       Mutators       #####
 ###############################
 
-sub set_jira_id          { $_[0]->set('jira_id',          $_[1]); }
+sub set_jira_url         { $_[0]->set('jira_url',         $_[1]); }
 sub set_jira_project_key { $_[0]->set('jira_project_key', $_[1]); }
 
 ###############################
@@ -85,13 +86,26 @@ sub _check_bug_id {
   return $bug_id;
 }
 
-sub _check_jira_id {
-  my ($invocant, $jira_id) = @_;
+sub _check_jira_url {
+  my ($invocant, $jira_url) = @_;
 
-  $jira_id = trim($jira_id);
-  $jira_id || ThrowUserError('jira_id_required');
+  $jira_url = trim($jira_url);
+  $jira_url || ThrowUserError('jira_url_required');
 
-  return $jira_id;
+  $jira_url = URI->new($jira_url);
+
+  if ( !$jira_url
+    || ($jira_url->scheme ne 'http' && $jira_url->scheme ne 'https')
+    || !$jira_url->authority
+    || length($jira_url->path) > MAX_BUG_URL_LENGTH)
+  {
+    ThrowUserError('jira_url_required');
+  }
+
+  # always https
+  $jira_url->scheme('https');
+
+  return $jira_url->as_string;
 }
 
 sub _check_jira_project_key {
@@ -117,38 +131,28 @@ sub get_by_bug_id {
   });
 }
 
-# Get mapping by jira_id
-sub get_by_jira_id {
-  my ($class, $jira_id) = @_;
-
-  return $class->new({
-    condition => 'jira_id = ?',
-    values    => [$jira_id],
-  });
-}
-
-# Extract Jira project key from a Jira URL or ID
-sub extract_jira_info {
+# Extract Jira project key from a Jira URL
+sub extract_jira_project_key {
   my ($class, $see_also) = @_;
   my $params = Bugzilla->params;
 
   # Match pattern
   # https://jira.example.com/browse/PROJ-123
-  my $url = Mojo::URL->new($see_also);
-  my ($project_key, $jira_id);
-  if ($url->path =~ m{^/browse/([[:upper:]]+-\d+)$}) {
-    $jira_id = $1;
-    ($project_key) = $jira_id =~ /^([[:upper:]]+)-/;
+  my $url = URI->new($see_also);
+  my $project_key = undef;
+  if ($url->path =~ m{^/browse/([[:upper:]]+)-\d+$}) {
+    $project_key = $1;
+    return undef if !$project_key;
 
     # Return undef if project key is not in configured list
     if (none { $_ eq $project_key }
       @{decode_json($params->{jira_webhook_sync_project_keys} || '[]')})
     {
-      return (undef, undef);
+      return undef;
     }
   }
 
-  return ($jira_id, $project_key);
+  return $project_key;
 }
 
 1;
diff --git a/extensions/JiraWebhookSync/t/bmo/jira_webhook_sync.t b/extensions/JiraWebhookSync/t/bmo/jira_webhook_sync.t
@@ -117,7 +117,7 @@ $t->get_ok('http://externalapi.test:8001/webhooks/last_payload')
 # bug is updated and the webhook is triggered.
 # Then we look again at the last payload from the webhook, which should
 # contain the see also value that was generated from the mapping table.
-my $jira_url = 'https://externalapi.test/browse/BZFF-100';
+my $jira_url = 'https://example.com/browse/BZFF-100';
 my $update   = {see_also => {add => [$jira_url]}, 'priority' => 'P2'};
 $t->put_ok($config->{browser_url}
     . "/rest/bug/$bug_id_1"                                 =>
diff --git a/extensions/JiraWebhookSync/t/sanity.t b/extensions/JiraWebhookSync/t/sanity.t
@@ -21,31 +21,25 @@ use ok 'Bugzilla::Extension::JiraWebhookSync::JiraBugMap';
 local Bugzilla->params->{jira_webhook_sync_project_keys} = '["FOO","BAZ"]';
 
 # Success
-my ($jira_id, $project_key)
-  = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->extract_jira_info(
+my $project_key
+  = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->extract_jira_project_key(
   'https://externalapi.test/browse/FOO-100');
-ok(
-  $jira_id eq 'FOO-100' && $project_key eq 'FOO',
-  'Correct Jira ID and Project Key extracted'
-);
-($jira_id, $project_key)
-  = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->extract_jira_info(
+ok($project_key eq 'FOO', 'Correct Jira ID and Project Key extracted');
+$project_key
+  = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->extract_jira_project_key(
   'https://externalapi.test/browse/BAZ-300');
-ok(
-  $jira_id eq 'BAZ-300' && $project_key eq 'BAZ',
-  'Correct Jira ID and Project Key extracted'
-);
+ok($project_key eq 'BAZ', 'Correct Jira ID and Project Key extracted');
 
 # Failed
-($jira_id, $project_key)
-  = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->extract_jira_info(
+$project_key
+  = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->extract_jira_project_key(
   'https://externalapi.test/browse/FOO-100/some/more/path');
-ok(!defined $jira_id && !defined $project_key,
+ok(!defined $project_key,
   'No Jira ID or Project Key extracted for improperly formatted url');
-($jira_id, $project_key)
-  = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->extract_jira_info(
+$project_key
+  = Bugzilla::Extension::JiraWebhookSync::JiraBugMap->extract_jira_project_key(
   'https://externalapi.test/browse/BAR-100');
-ok(!defined $jira_id && !defined $project_key,
+ok(!defined $project_key,
   'No Jira ID or Project Key extracted for wrong project key');
 
 done_testing();
diff --git a/extensions/JiraWebhookSync/template/en/default/hook/global/user-error.html.tmpl b/extensions/JiraWebhookSync/template/en/default/hook/global/user-error.html.tmpl
@@ -10,9 +10,9 @@
   [% title = "Bug ID Required" %]
   A [% terms.bug %] ID is required for the Jira issue.
 
-[% ELSIF error == "jira_id_required" %]
-  [% title = "Jira ID Required" %]
-  A Jira issue ID is required.
+[% ELSIF error == "jira_url_required" %]
+  [% title = "Jira Url Required or Invalid" %]
+  A Jira issue url was missing or is not a valid url.
 
 [% ELSIF error == "jira_project_key_required" %]
   [% title = "Jira Project Key Required" %]
