Add latest changes from gitlab-org/security/gitlab@14-5-stable-ee

2 files changed, 9 insertions, 3 deletions

diff --git a/lib/gitlab/quick_actions/extractor.rb b/lib/gitlab/quick_actions/extractor.rb
index 1294e475145..2e4817e6b17 100644
--- a/lib/gitlab/quick_actions/extractor.rb
+++ b/lib/gitlab/quick_actions/extractor.rb
@@ -29,9 +29,7 @@ module Gitlab
           # Anything, including `/cmd arg` which are ignored by this filter
           # `
 
-          `\n*
-          .+?
-          \n*`
+          `.+?`
         )
       }mix.freeze
 
diff --git a/spec/lib/gitlab/quick_actions/extractor_spec.rb b/spec/lib/gitlab/quick_actions/extractor_spec.rb
index 61fffe3fb6b..c040a70e403 100644
--- a/spec/lib/gitlab/quick_actions/extractor_spec.rb
+++ b/spec/lib/gitlab/quick_actions/extractor_spec.rb
@@ -352,6 +352,14 @@ RSpec.describe Gitlab::QuickActions::Extractor do
       expect(commands).to eq(expected_commands)
       expect(msg).to eq expected_msg
     end
+
+    it 'fails fast for strings with many newlines' do
+      msg = '`' + "\n" * 100_000
+
+      expect do
+        Timeout.timeout(3.seconds) { extractor.extract_commands(msg) }
+      end.not_to raise_error
+    end
   end
 
   describe '#redact_commands' do