diff options
Diffstat (limited to 'app/finders/merge_requests_finder.rb')
-rw-r--r-- | app/finders/merge_requests_finder.rb | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/app/finders/merge_requests_finder.rb b/app/finders/merge_requests_finder.rb index 13696add965..ba709d3bdfc 100644 --- a/app/finders/merge_requests_finder.rb +++ b/app/finders/merge_requests_finder.rb @@ -174,8 +174,8 @@ class MergeRequestsFinder < IssuableFinder def by_deployments(items) env = params[:environment] - before = params[:deployed_before] - after = params[:deployed_after] + before = parse_datetime(params[:deployed_before]) + after = parse_datetime(params[:deployed_after]) id = params[:deployment_id] return items if !env && !before && !after && !id @@ -218,6 +218,13 @@ class MergeRequestsFinder < IssuableFinder items.none end end + + def parse_datetime(input) + # To work around http://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/ + DateTime.parse(input.byteslice(0, 128)) if input + rescue Date::Error + nil + end end MergeRequestsFinder.prepend_mod_with('MergeRequestsFinder') |