Prevent quick actions regex from backtracking

6f880114 · Heinrich Lee Yu · GitLab Release Tools Bot · 08c95ed3 · 6f880114 · 6f880114
Commit 6f880114 authored Dec 02, 2021 by Heinrich Lee Yu Committed by GitLab Release Tools Bot Dec 02, 2021
Showing with 9 additions and 3 deletions

lib/gitlab/quick_actions/extractor.rb lib/gitlab/quick_actions/extractor.rb +1 -3

spec/lib/gitlab/quick_actions/extractor_spec.rb spec/lib/gitlab/quick_actions/extractor_spec.rb +8 -0

No files found.
--- a/lib/gitlab/quick_actions/extractor.rb
+++ b/lib/gitlab/quick_actions/extractor.rb
@@ -29,9 +29,7 @@ module Gitlab
          # Anything, including `/cmd arg` which are ignored by this filter
          # `

-          `\n*
-          .+?
-          \n*`
+          `.+?`
        )
      }mix.freeze


--- a/spec/lib/gitlab/quick_actions/extractor_spec.rb
+++ b/spec/lib/gitlab/quick_actions/extractor_spec.rb
@@ -352,6 +352,14 @@ RSpec.describe Gitlab::QuickActions::Extractor do
      expect(commands).to eq(expected_commands)
      expect(msg).to eq expected_msg
    end
+
+    it 'fails fast for strings with many newlines' do
+      msg = '`' + "\n" * 100_000
+
+      expect do
+        Timeout.timeout(3.seconds) { extractor.extract_commands(msg) }
+      end.not_to raise_error
+    end
  end

  describe '#redact_commands' do