summaryrefslogtreecommitdiff
path: root/app/finders/merge_requests_finder.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/finders/merge_requests_finder.rb')
-rw-r--r--app/finders/merge_requests_finder.rb11
1 files changed, 9 insertions, 2 deletions
diff --git a/app/finders/merge_requests_finder.rb b/app/finders/merge_requests_finder.rb
index 13696add965..ba709d3bdfc 100644
--- a/app/finders/merge_requests_finder.rb
+++ b/app/finders/merge_requests_finder.rb
@@ -174,8 +174,8 @@ class MergeRequestsFinder < IssuableFinder
def by_deployments(items)
env = params[:environment]
- before = params[:deployed_before]
- after = params[:deployed_after]
+ before = parse_datetime(params[:deployed_before])
+ after = parse_datetime(params[:deployed_after])
id = params[:deployment_id]
return items if !env && !before && !after && !id
@@ -218,6 +218,13 @@ class MergeRequestsFinder < IssuableFinder
items.none
end
end
+
+ def parse_datetime(input)
+ # To work around http://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
+ DateTime.parse(input.byteslice(0, 128)) if input
+ rescue Date::Error
+ nil
+ end
end
MergeRequestsFinder.prepend_mod_with('MergeRequestsFinder')
View Lorry Controller Status