diff options
| author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 12:50:36 +0000 |
|---|---|---|
| committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 12:50:39 +0000 |
| commit | 80dd048222b9da5199195a1b620cc5b651216fd6 (patch) | |
| tree | 619e56c12cbf30f14e1d18dbd55a1a882c2222ee /app/models | |
| parent | 0d22b9b88888d7c339cd678c3baaa83c25c7ccd7 (diff) | |
| download | gitlab-ce-80dd048222b9da5199195a1b620cc5b651216fd6.tar.gz | |
Merge branch 'security-fix-regex-dos-11-6' into 'security-11-6'
[11.6] Fix DoS in reference extraction regexes
See merge request gitlab/gitlabhq!2778
(cherry picked from commit 06f1ea1f540b62aefbaa4f69901de2d29df11e7c)
e73f2f1d Fix slow project reference pattern regex
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/project.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/models/project.rb b/app/models/project.rb index 22e21cd9c8d..2f033d9b87e 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -535,6 +535,7 @@ class Project < ActiveRecord::Base def reference_pattern %r{ + (?<!#{Gitlab::PathRegex::PATH_START_CHAR}) ((?<namespace>#{Gitlab::PathRegex::FULL_NAMESPACE_FORMAT_REGEX})\/)? (?<project>#{Gitlab::PathRegex::PROJECT_PATH_FORMAT_REGEX}) }x |