diff options
author | Fabio Pitino <fpitino@gitlab.com> | 2019-07-02 06:23:06 +0000 |
---|---|---|
committer | Marin Jankovski <marin@gitlab.com> | 2019-07-02 06:23:06 +0000 |
commit | abceda6cc5fa796d9bd0d7311b386787e6919266 (patch) | |
tree | 3a6f0cc62d9e0c42267562547be45ea5ea2d858f /spec/lib/gitlab/ci/config_spec.rb | |
parent | 23dedd53a73a01429c0a5c99414548694f1fab0b (diff) | |
download | gitlab-ce-abceda6cc5fa796d9bd0d7311b386787e6919266.tar.gz |
Prevent Billion Laughs attack
It keeps track of the memory being used when loading the YAML file
as well as the depth of nesting.
Track exception when YAML is too big
Diffstat (limited to 'spec/lib/gitlab/ci/config_spec.rb')
-rw-r--r-- | spec/lib/gitlab/ci/config_spec.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/spec/lib/gitlab/ci/config_spec.rb b/spec/lib/gitlab/ci/config_spec.rb index 7f336ee853e..4e8bff3d738 100644 --- a/spec/lib/gitlab/ci/config_spec.rb +++ b/spec/lib/gitlab/ci/config_spec.rb @@ -90,6 +90,27 @@ describe Gitlab::Ci::Config do end end + context 'when yml is too big' do + let(:yml) do + <<~YAML + --- &1 + - hi + - *1 + YAML + end + + describe '.new' do + it 'raises error' do + expect(Gitlab::Sentry).to receive(:track_exception) + + expect { config }.to raise_error( + described_class::ConfigError, + /The parsed YAML is too big/ + ) + end + end + end + context 'when config logic is incorrect' do let(:yml) { 'before_script: "ls"' } |