diff options
-rw-r--r-- | changelogs/unreleased/security-dos-via-asciidoc-includes.yml | 5 | ||||
-rw-r--r-- | doc/user/asciidoc.md | 5 | ||||
-rw-r--r-- | lib/gitlab/asciidoc.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/asciidoc/include_processor.rb | 11 | ||||
-rw-r--r-- | spec/lib/gitlab/asciidoc/include_processor_spec.rb | 44 | ||||
-rw-r--r-- | spec/lib/gitlab/asciidoc_spec.rb | 18 | ||||
-rwxr-xr-x[-rw-r--r--] | vendor/gitignore/C++.gitignore | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vendor/gitignore/Java.gitignore | 0 |
8 files changed, 2 insertions, 83 deletions
diff --git a/changelogs/unreleased/security-dos-via-asciidoc-includes.yml b/changelogs/unreleased/security-dos-via-asciidoc-includes.yml deleted file mode 100644 index 8fc3bd32316..00000000000 --- a/changelogs/unreleased/security-dos-via-asciidoc-includes.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Limit number of AsciiDoc includes per document -merge_request: -author: -type: security diff --git a/doc/user/asciidoc.md b/doc/user/asciidoc.md index da6bf287955..b4d3cb58e97 100644 --- a/doc/user/asciidoc.md +++ b/doc/user/asciidoc.md @@ -221,11 +221,6 @@ include::basics.adoc[] include::https://example.org/installation.adoc[] ``` -To guarantee good system performance and prevent malicious documents causing -problems, GitLab enforces a **maximum limit** on the number of include directives -processed in any one document. Currently a total of 32 documents can be -included, a number that is inclusive of transitive dependencies. - ### Blocks ```asciidoc diff --git a/lib/gitlab/asciidoc.rb b/lib/gitlab/asciidoc.rb index 8d072422e17..da65caa6c9c 100644 --- a/lib/gitlab/asciidoc.rb +++ b/lib/gitlab/asciidoc.rb @@ -11,7 +11,6 @@ module Gitlab # the resulting HTML through HTML pipeline filters. module Asciidoc MAX_INCLUDE_DEPTH = 5 - MAX_INCLUDES = 32 DEFAULT_ADOC_ATTRS = { 'showtitle' => true, 'sectanchors' => true, @@ -41,7 +40,6 @@ module Gitlab extensions: extensions } context[:pipeline] = :ascii_doc - context[:max_includes] = [MAX_INCLUDES, context[:max_includes]].compact.min plantuml_setup diff --git a/lib/gitlab/asciidoc/include_processor.rb b/lib/gitlab/asciidoc/include_processor.rb index 53d1135a2d7..6e0b7ce60ba 100644 --- a/lib/gitlab/asciidoc/include_processor.rb +++ b/lib/gitlab/asciidoc/include_processor.rb @@ -14,8 +14,6 @@ module Gitlab @context = context @repository = context[:repository] || context[:project].try(:repository) - @max_includes = context[:max_includes].to_i - @included = [] # Note: Asciidoctor calls #freeze on extensions, so we can't set new # instance variables after initialization. @@ -30,11 +28,8 @@ module Gitlab def include_allowed?(target, reader) doc = reader.document - max_include_depth = doc.attributes.fetch('max-include-depth').to_i - - return false if max_include_depth < 1 + return false if doc.attributes.fetch('max-include-depth').to_i < 1 return false if target_uri?(target) - return false if included.size >= max_includes true end @@ -67,7 +62,7 @@ module Gitlab private - attr_reader :context, :repository, :cache, :max_includes, :included + attr_accessor :context, :repository, :cache # Gets a Blob at a path for a specific revision. # This method will check that the Blob exists and contains readable text. @@ -82,8 +77,6 @@ module Gitlab raise 'Blob not found' unless blob raise 'File is not readable' unless blob.readable_text? - included << filename - blob end diff --git a/spec/lib/gitlab/asciidoc/include_processor_spec.rb b/spec/lib/gitlab/asciidoc/include_processor_spec.rb deleted file mode 100644 index 5fec4d9e208..00000000000 --- a/spec/lib/gitlab/asciidoc/include_processor_spec.rb +++ /dev/null @@ -1,44 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' -require 'nokogiri' - -describe Gitlab::Asciidoc::IncludeProcessor do - let_it_be(:project) { create(:project, :repository) } - - let(:processor_context) do - { - project: project, - max_includes: max_includes, - ref: ref - } - end - let(:ref) { project.repository.root_ref } - let(:max_includes) { 10 } - - let(:reader) { Asciidoctor::PreprocessorReader.new(document, lines, 'file.adoc') } - let(:document) { Asciidoctor::Document.new(lines) } - - subject(:processor) { described_class.new(processor_context) } - - let(:a_blob) { double(:Blob, readable_text?: true, data: a_data) } - let(:a_data) { StringIO.new('include::b.adoc[]') } - - let(:lines) { [':max-include-depth: 1000'] + Array.new(10, 'include::a.adoc[]') } - - before do - allow(project.repository).to receive(:blob_at).with(ref, 'a.adoc').and_return(a_blob) - end - - describe '#include_allowed?' do - it 'allows the first include' do - expect(processor.send(:include_allowed?, 'foo.adoc', reader)).to be_truthy - end - - it 'disallows the Nth + 1 include' do - max_includes.times { processor.send(:read_blob, ref, 'a.adoc') } - - expect(processor.send(:include_allowed?, 'foo.adoc', reader)).to be_falsey - end - end -end diff --git a/spec/lib/gitlab/asciidoc_spec.rb b/spec/lib/gitlab/asciidoc_spec.rb index c7156a500d0..c8d159d1e84 100644 --- a/spec/lib/gitlab/asciidoc_spec.rb +++ b/spec/lib/gitlab/asciidoc_spec.rb @@ -425,24 +425,6 @@ module Gitlab create_file(current_file, "= AsciiDoc\n") end - def many_includes(target) - Array.new(10, "include::#{target}[]").join("\n") - end - - context 'cyclic imports' do - before do - create_file('doc/api/a.adoc', many_includes('b.adoc')) - create_file('doc/api/b.adoc', many_includes('a.adoc')) - end - - let(:include_path) { 'a.adoc' } - let(:requested_path) { 'doc/api/README.md' } - - it 'completes successfully' do - is_expected.to include('<p>Include this:</p>') - end - end - context 'with path to non-existing file' do let(:include_path) { 'not-exists.adoc' } diff --git a/vendor/gitignore/C++.gitignore b/vendor/gitignore/C++.gitignore index 259148fa18f..259148fa18f 100644..100755 --- a/vendor/gitignore/C++.gitignore +++ b/vendor/gitignore/C++.gitignore diff --git a/vendor/gitignore/Java.gitignore b/vendor/gitignore/Java.gitignore index a1c2a238a96..a1c2a238a96 100644..100755 --- a/vendor/gitignore/Java.gitignore +++ b/vendor/gitignore/Java.gitignore |