diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-02 18:18:39 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-02 18:18:39 +0000 |
| commit | b9ce0fe1e6311105b7a748126621f9bfbe37fb2e (patch) | |
| tree | c73b711a72de036cf3f48be9365038fea171c8c6 /app/controllers | |
| parent | 6f991190fe4dbb93070b090a9a31d71b25e8101d (diff) | |
| download | gitlab-ce-b9ce0fe1e6311105b7a748126621f9bfbe37fb2e.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/concerns/search_rate_limitable.rb | 18 | ||||
| -rw-r--r-- | app/controllers/projects/settings/ci_cd_controller.rb | 2 |
2 files changed, 19 insertions, 1 deletions
diff --git a/app/controllers/concerns/search_rate_limitable.rb b/app/controllers/concerns/search_rate_limitable.rb index a77ebd276b6..7cce30dbb3c 100644 --- a/app/controllers/concerns/search_rate_limitable.rb +++ b/app/controllers/concerns/search_rate_limitable.rb @@ -7,9 +7,25 @@ module SearchRateLimitable def check_search_rate_limit! if current_user - check_rate_limit!(:search_rate_limit, scope: [current_user]) + # Because every search in the UI typically runs concurrent searches with different + # scopes to get counts, we apply rate limits on the search scope if it is present. + # + # If abusive search is detected, we have stricter limits and ignore the search scope. + check_rate_limit!(:search_rate_limit, scope: [current_user, safe_search_scope].compact) else check_rate_limit!(:search_rate_limit_unauthenticated, scope: [request.ip]) end end + + def safe_search_scope + # Sometimes search scope can have abusive length or invalid keyword. We don't want + # to send those to redis for rate limit checks, so we guard against that here. + return if Feature.disabled?(:search_rate_limited_scopes) || abuse_detected? + + params[:scope] + end + + def abuse_detected? + Gitlab::Search::Params.new(params, detect_abuse: true).abusive? + end end diff --git a/app/controllers/projects/settings/ci_cd_controller.rb b/app/controllers/projects/settings/ci_cd_controller.rb index 626587deb71..ce760051f79 100644 --- a/app/controllers/projects/settings/ci_cd_controller.rb +++ b/app/controllers/projects/settings/ci_cd_controller.rb @@ -16,6 +16,8 @@ module Projects push_frontend_feature_flag(:ci_variables_pages, current_user) push_frontend_feature_flag(:ci_limit_environment_scope, @project) push_frontend_feature_flag(:create_runner_workflow_for_namespace, @project.namespace) + push_frontend_feature_flag(:frozen_outbound_job_token_scopes, @project) + push_frontend_feature_flag(:frozen_outbound_job_token_scopes_override, @project) end helper_method :highlight_badge |