fix: BED-6546 URL encode cypher queries

[sirisjo]

Description

Certain cypher queries were breaking when going from the selector overview page to the View in Explore page. This is because the base64 encoded queries were not being encoded as URI components, so certain base64 characters like + were being put into the URL as spaces, which broke decoding on the explore page.

Motivation and Context

Resolves BED-6546

The cypher query mentioned in the ticket was breaking when viewed on the explore page -- these changes fix that issue.

Added encodeURIComponent to the cypher query before creating the URL for the explore page.

How Has This Been Tested?

The cypher query listed in the ticket (not duplicated here for confidentiality reasons) no longer breaks when viewed in the explore page.

Existing queries still function as expected.

Screenshots (optional):

Types of changes

• Bug fix (non-breaking change which fixes an issue)

Checklist:

• I have met the contributing prerequisites
  • Assigned myself to this PR
  • Added the appropriate labels
  • Associated an issue: Issues and Pull Requests README #672
  • Read the Contributing guide: https://github.com/SpecterOps/BloodHound/wiki/Contributing
• I have ensured that related documentation is up-to-date
  • Open API docs
  • Code comments (GoDocs / JSDocs)
• I have followed proper test practices
  • Added/updated tests to cover my changes
  • All new and existing tests passed

Summary by CodeRabbit

• Bug Fixes

  • Corrected URL encoding for the “View in Explore” link in Cypher, ensuring queries with special characters (e.g., +, >, =) are handled properly and links open as expected.

• Tests

  • Updated tests to validate proper percent-encoding of the cypherSearch parameter.
  • Added coverage for special characters to prevent regressions and ensure consistent behavior across edge cases.

[coderabbitai]

Walkthrough

The Cypher "View in Explore" link now URL-encodes the base64 Cypher query using encodeURIComponent. Tests were updated to assert percent-encoded output, including handling of padding (==) and plus-like characters from inputs (e.g., hello>world).

Changes

Cohort / File(s)	Summary
Cypher Explore URL encoding packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Cypher/Cypher.tsx	Wraps encodeCypherQuery result with encodeURIComponent when constructing the Explore URL to ensure URL-safe query parameters.
Cypher tests for URL encoding packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Cypher/Cypher.test.tsx	Adjusts expectations to percent-encoded base64 (%3D%3D for padding), adds a test for input producing +-like encodings (hello>world → aGVsbG8%2Bd29ybGQ%3D).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor U as User
  participant C as Cypher View
  participant E as Explore Page

  U->>C: Click "View in Explore"
  C->>C: encodeCypherQuery(query)
  C->>C: encodeURIComponent(base64Query)
  C-->>U: Navigates to /explore?cypherSearch=<encoded>
  U->>E: HTTP GET with cypherSearch
  E-->>U: Render Explore with provided query

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• mistahj67
• benwaples

Poem

A nibble of bytes, a hop through the link,
I whisk base64 with a URL-safe wink.
Equals tucked neatly, plus signs outgrown,
Explore now understands the seeds I’ve sown.
Thump-thump—encode! and off I go,
A rabbit on routes where queries flow. 🐇🔗

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title concisely summarizes the core change by indicating a fix for BED-6546 and clarifies that Cypher queries will now be URL encoded, making it clear and directly relevant to the main update.
Description Check	✅ Passed	The description follows the repository template by including a clear summary of changes, a motivation and context section referencing the correct ticket number, detailed testing notes, types of changes, and a completed checklist, making the PR description comprehensive and structured.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch BED-6546-cypher-bug

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5adc074 and 8a3049f.

📒 Files selected for processing (2)

• packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Cypher/Cypher.test.tsx (1 hunks)
• packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Cypher/Cypher.tsx (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-09-08T19:01:53.112Z

Learnt from: jvacca-specterops
PR: SpecterOps/BloodHound#1823
File: packages/javascript/bh-shared-ui/src/views/Explore/ExploreSearch/CypherSearch.tsx:108-148
Timestamp: 2025-09-08T19:01:53.112Z
Learning: In BloodHound's CypherSearch component (packages/javascript/bh-shared-ui/src/views/Explore/ExploreSearch/CypherSearch.tsx), the sharing state reset for sharedIds and isPublic after the two-step permissions update is handled elsewhere in the codebase, so additional state reset callbacks in the updateQueryPermissions function are not needed.

Applied to files:

• packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Cypher/Cypher.tsx
• packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Cypher/Cypher.test.tsx

🧬 Code graph analysis (2)

packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Cypher/Cypher.tsx (1)

packages/javascript/bh-shared-ui/src/hooks/useExploreGraph/utils.ts (1)

• encodeCypherQuery (50-52)

packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Cypher/Cypher.test.tsx (1)

packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Cypher/Cypher.tsx (1)

• Cypher (30-157)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Build BloodHound Container Image / Build and Package Container
• GitHub Check: run-analysis
• GitHub Check: run-tests
• GitHub Check: build-ui
• GitHub Check: run-tests

🔇 Additional comments (3)

packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Cypher/Cypher.tsx (1)

81-82: LGTM! Correctly fixes URL encoding for base64 queries.

The addition of encodeURIComponent properly escapes URL-unsafe characters ('+', '/', '=') that appear in base64-encoded queries, preventing them from being misinterpreted in URLs.

packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Cypher/Cypher.test.tsx (2)

73-81: LGTM! Test correctly validates percent-encoding of base64 padding.

The updated assertion properly expects = characters in base64 output to be percent-encoded as %3D in the URL.

---

83-91: LGTM! Good coverage for '+' character encoding.

The new test verifies that + characters in base64-encoded output are correctly percent-encoded as %2B in the URL, addressing the core issue from BED-6546.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mistahj67]

Tested locally 🚀