Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee

5 files changed, 23 insertions, 9 deletions

diff --git a/lib/banzai/filter/front_matter_filter.rb b/lib/banzai/filter/front_matter_filter.rb
index 5900e762244..85a70f51d89 100644
--- a/lib/banzai/filter/front_matter_filter.rb
+++ b/lib/banzai/filter/front_matter_filter.rb
@@ -9,7 +9,7 @@ module Banzai
         html.sub(Gitlab::FrontMatter::PATTERN) do |_match|
           lang = $~[:lang].presence || lang_mapping[$~[:delim]]
 
-          ["```#{lang}", $~[:front_matter], "```", "\n"].join("\n")
+          ["```#{lang}", $~[:front_matter].strip!, "```", "\n"].join("\n")
         end
       end
     end
diff --git a/lib/gitlab/front_matter.rb b/lib/gitlab/front_matter.rb
index 7612bd36aca..5c5c74ca1a0 100644
--- a/lib/gitlab/front_matter.rb
+++ b/lib/gitlab/front_matter.rb
@@ -11,13 +11,11 @@ module Gitlab
     DELIM = Regexp.union(DELIM_LANG.keys)
 
     PATTERN = %r{
-      \A(?:[^\r\n]*coding:[^\r\n]*)?         # optional encoding line
+      \A(?:[^\r\n]*coding:[^\r\n]*\R)?        # optional encoding line
       \s*
-      ^(?<delim>#{DELIM})[ \t]*(?<lang>\S*)  # opening front matter marker (optional language specifier)
-      \s*
-      ^(?<front_matter>.*?)                  # front matter block content (not greedy)
-      \s*
-      ^(\k<delim> | \.{3})                   # closing front matter marker
+      ^(?<delim>#{DELIM})[ \t]*(?<lang>\S*)\R # opening front matter marker (optional language specifier)
+      (?<front_matter>.*?)                    # front matter block content (not greedy)
+      ^(\k<delim> | \.{3})                    # closing front matter marker
       \s*
     }mx.freeze
   end
diff --git a/lib/gitlab/wiki_pages/front_matter_parser.rb b/lib/gitlab/wiki_pages/front_matter_parser.rb
index 45dc6cf7fd1..0ceec39782c 100644
--- a/lib/gitlab/wiki_pages/front_matter_parser.rb
+++ b/lib/gitlab/wiki_pages/front_matter_parser.rb
@@ -54,7 +54,7 @@ module Gitlab
 
         def initialize(delim = nil, lang = '', text = nil)
           @lang = lang.downcase.presence || Gitlab::FrontMatter::DELIM_LANG[delim]
-          @text = text
+          @text = text&.strip!
         end
 
         def data
diff --git a/spec/lib/banzai/filter/front_matter_filter_spec.rb b/spec/lib/banzai/filter/front_matter_filter_spec.rb
index 3f966c94dd3..8ecb8f83571 100644
--- a/spec/lib/banzai/filter/front_matter_filter_spec.rb
+++ b/spec/lib/banzai/filter/front_matter_filter_spec.rb
@@ -139,4 +139,20 @@ RSpec.describe Banzai::Filter::FrontMatterFilter do
       end
     end
   end
+
+  it 'fails fast for strings with many spaces' do
+    content = "coding:" + " " * 50_000 + ";"
+
+    expect do
+      Timeout.timeout(3.seconds) { filter(content) }
+    end.not_to raise_error
+  end
+
+  it 'fails fast for strings with many newlines' do
+    content = "coding:\n" + ";;;" + "\n" * 10_000 + "x"
+
+    expect do
+      Timeout.timeout(3.seconds) { filter(content) }
+    end.not_to raise_error
+  end
 end
diff --git a/spec/lib/gitlab/wiki_pages/front_matter_parser_spec.rb b/spec/lib/gitlab/wiki_pages/front_matter_parser_spec.rb
index c78103f33f4..3152dc2ad2f 100644
--- a/spec/lib/gitlab/wiki_pages/front_matter_parser_spec.rb
+++ b/spec/lib/gitlab/wiki_pages/front_matter_parser_spec.rb
@@ -118,7 +118,7 @@ RSpec.describe Gitlab::WikiPages::FrontMatterParser do
         MD
       end
 
-      it { is_expected.to have_attributes(reason: :not_mapping) }
+      it { is_expected.to have_attributes(reason: :no_match) }
     end
 
     context 'there is a string in the YAML block' do