Fix crash in secret scanning middleware for invalid versions (#58792)

2025-12-19 09:57:42 -05:00 · 2025-12-10 10:56:23 -08:00
parent 5b4430431c
commit 29a79eb623
2 changed files with 12 additions and 0 deletions
--- a/src/secret-scanning/middleware/secret-scanning.ts
+++ b/src/secret-scanning/middleware/secret-scanning.ts
@@ -30,6 +30,10 @@ export default async function secretScanning(

  const { isEnterpriseCloud, isEnterpriseServer } = getVersionInfo(currentVersion)

+  if (isEnterpriseServer && !allVersions[currentVersion]) {
+    return next()
+  }
+
  const versionPath = isEnterpriseCloud
    ? 'ghec'
    : isEnterpriseServer
--- a/src/secret-scanning/tests/rendering.ts
+++ b/src/secret-scanning/tests/rendering.ts
@@ -17,4 +17,12 @@ describe('secret-scanning pipeline', () => {
    const page = await get(`/${targetFilename}`, { followRedirects: true })
    expect(page.statusCode).toBe(200)
  })
+
+  test('should not crash on malformed URL with double version', async () => {
+    const url =
+      '/en/enterprise-server@3.11/enterprise-cloud@latest/code-security/secret-scanning/introduction/supported-secret-scanning-patterns'
+    const res = await get(url)
+    // It should probably be a 404 because the URL is invalid, but definitely not a 500
+    expect(res.statusCode).not.toBe(500)
+  })
 })