Problem/Motivation

When viewing the help page for the "Allowed upload extensions" check at `/admin/reports/security-review/help/security_review/allowed_upload_extensions`, a white screen error occurs with the following exception:

Symfony\Component\Routing\Exception\MissingMandatoryParametersException:
Some mandatory parameters are missing ("storage_type") to generate a URL for route "entity.field_config.storage_field_edit_form".

This happens because the `UploadExtensions::getDetails()` method attempts to generate edit links for field configurations. When the link is rendered, some entity types (such as `group`, `paragraph`, etc.) require a `storage_type` route parameter that isn't being provided.

The code currently catches `RouteNotFoundException` but not `MissingMandatoryParametersException`, and the exception occurs during the rendering phase rather than the link creation phase.

Steps to reproduce

  1. Install Security Review module on a site with custom entity types (e.g., Group module, Paragraphs)
  2. Visit `/admin/reports/security-review/help/security_review/allowed_upload_extensions`
  3. Observe white screen error with `MissingMandatoryParametersException`

Proposed resolution

Update the `UploadExtensions::getDetails()` method to:

  1. Add `MissingMandatoryParametersException` to the catch block
  2. Test URL generation **before** creating the Link object to ensure exceptions are caught during the try block
  3. Fall back to plain text output when URL generation fails

This follows the same pattern used in #2988514: Field check gets fatal error when using Paragraphs (or other entity without edit or canonical routes).

Changes needed in `src/Plugin/SecurityCheck/UploadExtensions.php`:
- Add `use Symfony\Component\Routing\Exception\MissingMandatoryParametersException;`
- Update both try-catch blocks to test URL generation before creating links
- Catch both `RouteNotFoundException` and `MissingMandatoryParametersException`

Remaining tasks

- [ ] Fix the issue
- [ ] Attach a patch/MR
- [ ] Review the fix
- [ ] Commit the fix

User interface changes

None

API changes

None

Data model changes

None

Issue fork security_review-3557440

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

the_g_bomb created an issue. See original summary.

the_g_bomb’s picture

the_g_bomb commented
Version: 3.1.1 » 3.1.x-dev

the_g_bomb opened merge request !85

smustgrave’s picture

smustgrave commented
Issue tags: +Needs tests

This module is lacking test coverage so want to start doing better with that.

smustgrave’s picture

smustgrave commented
Status: Active » Postponed (maintainer needs more info)

Actually not able to replicate this mind providing additional steps.

the_g_bomb’s picture

the_g_bomb commented

Apologies, I will ensure I can replicate with a clean install and add steps if I find them. I guess it is possible that it could be content related.

smustgrave’s picture

smustgrave commented

No worries! Want to make sure we get it fixed

smustgrave’s picture

smustgrave commented

what may help is the scenario that's causing the security_review failure. Think maybe default it's fine but may need to trigger a finding.

smustgrave’s picture

smustgrave commented
Status: Postponed (maintainer needs more info) » Fixed

Cleaned up a bit, but don't mind adding the addition catch case if it helps others.

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.