Skip to content

G
gitlab-ce
Commit 6f880114 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu Committed by GitLab Release Tools Bot
Browse files
Options

Prevent quick actions regex from backtracking

parent 08c95ed3
Show whitespace changes
Inline Side-by-side
Showing with 9 additions and 3 deletions
lib/gitlab/quick_actions/extractor.rb
View file @ 6f880114
...@@ -29,9 +29,7 @@ module Gitlab ...@@ -29,9 +29,7 @@ module Gitlab
# Anything, including `/cmd arg` which are ignored by this filter # Anything, including `/cmd arg` which are ignored by this filter
# ` # `
`\n* `.+?`
.+?
\n*`
) )
}mix.freeze }mix.freeze
......
spec/lib/gitlab/quick_actions/extractor_spec.rb
View file @ 6f880114
...@@ -352,6 +352,14 @@ RSpec.describe Gitlab::QuickActions::Extractor do ...@@ -352,6 +352,14 @@ RSpec.describe Gitlab::QuickActions::Extractor do
expect(commands).to eq(expected_commands) expect(commands).to eq(expected_commands)
expect(msg).to eq expected_msg expect(msg).to eq expected_msg
end end
it 'fails fast for strings with many newlines' do
msg = '`' + "\n" * 100_000
expect do
Timeout.timeout(3.seconds) { extractor.extract_commands(msg) }
end.not_to raise_error
end
end end
describe '#redact_commands' do describe '#redact_commands' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7