From abceda6cc5fa796d9bd0d7311b386787e6919266 Mon Sep 17 00:00:00 2001
From: Fabio Pitino <fpitino@gitlab.com>
Date: Tue, 2 Jul 2019 06:23:06 +0000
Subject: Prevent Billion Laughs attack

It keeps track of the memory being used when loading the YAML file
as well as the depth of nesting.
Track exception when YAML is too big
---
 spec/lib/gitlab/ci/config_spec.rb | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'spec/lib/gitlab/ci/config_spec.rb')

diff --git a/spec/lib/gitlab/ci/config_spec.rb b/spec/lib/gitlab/ci/config_spec.rb
index 7f336ee853e..4e8bff3d738 100644
--- a/spec/lib/gitlab/ci/config_spec.rb
+++ b/spec/lib/gitlab/ci/config_spec.rb
@@ -90,6 +90,27 @@ describe Gitlab::Ci::Config do
       end
     end
 
+    context 'when yml is too big' do
+      let(:yml) do
+        <<~YAML
+          --- &1
+          - hi
+          - *1
+        YAML
+      end
+
+      describe '.new' do
+        it 'raises error' do
+          expect(Gitlab::Sentry).to receive(:track_exception)
+
+          expect { config }.to raise_error(
+            described_class::ConfigError,
+            /The parsed YAML is too big/
+          )
+        end
+      end
+    end
+
     context 'when config logic is incorrect' do
       let(:yml) { 'before_script: "ls"' }
 
-- 
cgit v1.2.1