Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
219d24fe
Commit
219d24fe
authored
6 years ago
by
Heinrich Lee Yu
Committed by
Yorick Peterse
5 years ago
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix slow project reference pattern regex
parent
68d13322
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
14 additions
and
1 deletion
+14
-1
app/models/project.rb
app/models/project.rb
+1
-0
changelogs/unreleased/security-fix-regex-dos.yml
changelogs/unreleased/security-fix-regex-dos.yml
+5
-0
lib/gitlab/path_regex.rb
lib/gitlab/path_regex.rb
+2
-1
spec/lib/banzai/filter/project_reference_filter_spec.rb
spec/lib/banzai/filter/project_reference_filter_spec.rb
+6
-0
No files found.
app/models/project.rb
View file @
219d24fe
...
...
@@ -530,6 +530,7 @@ class Project < ActiveRecord::Base
def
reference_pattern
%r{
(?<!
#{
Gitlab
::
PathRegex
::
PATH_START_CHAR
}
)
((?<namespace>
#{
Gitlab
::
PathRegex
::
FULL_NAMESPACE_FORMAT_REGEX
}
)
\/
)?
(?<project>
#{
Gitlab
::
PathRegex
::
PROJECT_PATH_FORMAT_REGEX
}
)
}x
...
...
This diff is collapsed.
Click to expand it.
changelogs/unreleased/security-fix-regex-dos.yml
0 → 100644
View file @
219d24fe
---
title
:
Fix slow regex in project reference pattern
merge_request
:
author
:
type
:
security
This diff is collapsed.
Click to expand it.
lib/gitlab/path_regex.rb
View file @
219d24fe
...
...
@@ -125,7 +125,8 @@ module Gitlab
# allow non-regex validations, etc), `NAMESPACE_FORMAT_REGEX_JS` serves as a Javascript-compatible version of
# `NAMESPACE_FORMAT_REGEX`, with the negative lookbehind assertion removed. This means that the client-side validation
# will pass for usernames ending in `.atom` and `.git`, but will be caught by the server-side validation.
PATH_REGEX_STR
=
'[a-zA-Z0-9_\.][a-zA-Z0-9_\-\.]*'
.
freeze
PATH_START_CHAR
=
'[a-zA-Z0-9_\.]'
.
freeze
PATH_REGEX_STR
=
PATH_START_CHAR
+
'[a-zA-Z0-9_\-\.]*'
.
freeze
NAMESPACE_FORMAT_REGEX_JS
=
PATH_REGEX_STR
+
'[a-zA-Z0-9_\-]|[a-zA-Z0-9_]'
.
freeze
NO_SUFFIX_REGEX
=
/(?<!\.git|\.atom)/
.
freeze
...
...
This diff is collapsed.
Click to expand it.
spec/lib/banzai/filter/project_reference_filter_spec.rb
View file @
219d24fe
...
...
@@ -26,6 +26,12 @@ describe Banzai::Filter::ProjectReferenceFilter do
expect
(
reference_filter
(
act
).
to_html
).
to
eq
(
CGI
.
escapeHTML
(
exp
))
end
it
'fails fast for long invalid string'
do
expect
do
Timeout
.
timeout
(
5
.
seconds
)
{
reference_filter
(
"A"
*
50000
).
to_html
}
end
.
not_to
raise_error
end
it
'allows references with text after the > character'
do
doc
=
reference_filter
(
"Hey
#{
reference
}
foo"
)
expect
(
doc
.
css
(
'a'
).
first
.
attr
(
'href'
)).
to
eq
urls
.
project_url
(
subject
)
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment