Prevent Billion Laughs attack

It keeps track of the memory being used when loading the YAML file as well as the depth of nesting. Track exception when YAML is too big
author: Fabio Pitino <fpitino@gitlab.com> 2019-07-02 06:23:06 +0000
committer: Marin Jankovski <marin@gitlab.com> 2019-07-02 06:23:06 +0000
commit: abceda6cc5fa796d9bd0d7311b386787e6919266 (patch)
tree: 3a6f0cc62d9e0c42267562547be45ea5ea2d858f /spec/lib/gitlab/config
parent: 23dedd53a73a01429c0a5c99414548694f1fab0b (diff)
download: gitlab-ce-abceda6cc5fa796d9bd0d7311b386787e6919266.tar.gz
1 files changed, 68 insertions, 4 deletions
diff --git a/spec/lib/gitlab/config/loader/yaml_spec.rb b/spec/lib/gitlab/config/loader/yaml_spec.rb
index 44c9a3896a8..0affeb01f6a 100644
--- a/spec/lib/gitlab/config/loader/yaml_spec.rb
+++ b/spec/lib/gitlab/config/loader/yaml_spec.rb
@@ -8,7 +8,7 @@ describe Gitlab::Config::Loader::Yaml do
 
     describe '#valid?' do
       it 'returns true' do
-        expect(loader.valid?).to be true
+        expect(loader).to be_valid
       end
     end
 
@@ -24,7 +24,7 @@ describe Gitlab::Config::Loader::Yaml do
 
     describe '#valid?' do
       it 'returns false' do
-        expect(loader.valid?).to be false
+        expect(loader).not_to be_valid
       end
     end
 
@@ -43,7 +43,10 @@ describe Gitlab::Config::Loader::Yaml do
 
     describe '#initialize' do
       it 'raises FormatError' do
-        expect { loader }.to raise_error(Gitlab::Config::Loader::FormatError, 'Unknown alias: bad_alias')
+        expect { loader }.to raise_error(
+          Gitlab::Config::Loader::FormatError,
+          'Unknown alias: bad_alias'
+        )
       end
     end
   end
@@ -53,7 +56,68 @@ describe Gitlab::Config::Loader::Yaml do
 
     describe '#valid?' do
       it 'returns false' do
-        expect(loader.valid?).to be false
+        expect(loader).not_to be_valid
+      end
+    end
+  end
+
+  # Prevent Billion Laughs attack: https://gitlab.com/gitlab-org/gitlab-ce/issues/56018
+  context 'when yaml size is too large' do
+    let(:yml) do
+      <<~YAML
+        a: &a ["lol","lol","lol","lol","lol","lol","lol","lol","lol"]
+        b: &b [*a,*a,*a,*a,*a,*a,*a,*a,*a]
+        c: &c [*b,*b,*b,*b,*b,*b,*b,*b,*b]
+        d: &d [*c,*c,*c,*c,*c,*c,*c,*c,*c]
+        e: &e [*d,*d,*d,*d,*d,*d,*d,*d,*d]
+        f: &f [*e,*e,*e,*e,*e,*e,*e,*e,*e]
+        g: &g [*f,*f,*f,*f,*f,*f,*f,*f,*f]
+        h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]
+        i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]
+      YAML
+    end
+
+    describe '#valid?' do
+      it 'returns false' do
+        expect(loader).not_to be_valid
+      end
+
+      it 'returns true if "ci_yaml_limit_size" feature flag is disabled' do
+        stub_feature_flags(ci_yaml_limit_size: false)
+
+        expect(loader).to be_valid
+      end
+    end
+
+    describe '#load!' do
+      it 'raises FormatError' do
+        expect { loader.load! }.to raise_error(
+          Gitlab::Config::Loader::FormatError,
+          'The parsed YAML is too big'
+        )
+      end
+    end
+  end
+
+  # Prevent Billion Laughs attack: https://gitlab.com/gitlab-org/gitlab-ce/issues/56018
+  context 'when yaml has cyclic data structure' do
+    let(:yml) do
+      <<~YAML
+        --- &1
+        - hi
+        - *1
+      YAML
+    end
+
+    describe '#valid?' do
+      it 'returns false' do
+        expect(loader.valid?).to be(false)
+      end
+    end
+
+    describe '#load!' do
+      it 'raises FormatError' do
+        expect { loader.load! }.to raise_error(Gitlab::Config::Loader::FormatError, 'The parsed YAML is too big')
       end
     end
   end
author	Fabio Pitino <fpitino@gitlab.com>	2019-07-02 06:23:06 +0000
committer	Marin Jankovski <marin@gitlab.com>	2019-07-02 06:23:06 +0000
commit	abceda6cc5fa796d9bd0d7311b386787e6919266 (patch)
tree	3a6f0cc62d9e0c42267562547be45ea5ea2d858f /spec/lib/gitlab/config
parent	23dedd53a73a01429c0a5c99414548694f1fab0b (diff)
download	gitlab-ce-abceda6cc5fa796d9bd0d7311b386787e6919266.tar.gz