diff options
| author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 15:50:42 +0300 |
|---|---|---|
| committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 15:50:45 +0300 |
| commit | 6a5a90d3c71f6b8f3f012f42edf85b73a4a28e50 (patch) | |
| tree | dca21f20091bf896ea3c07f87e91b29e44fc302b /app | |
| parent | 6aa48a51e40525d4815397fa458bf1eecd653b80 (diff) | |
Merge branch 'security-fix-regex-dos-11-7' into 'security-11-7'
[11.7] Fix DoS in reference extraction regexes
See merge request gitlab/gitlabhq!2777
(cherry picked from commit f6d9535085c5d155545865e3443dd96b5d6ecc5a)
cfa6bf24 Fix slow project reference pattern regex
Diffstat (limited to 'app')
| -rw-r--r-- | app/models/project.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/models/project.rb b/app/models/project.rb index e897aa53c24..6324e816e3f 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -538,6 +538,7 @@ class Project < ActiveRecord::Base def reference_pattern %r{ + (?<!#{Gitlab::PathRegex::PATH_START_CHAR}) ((?<namespace>#{Gitlab::PathRegex::FULL_NAMESPACE_FORMAT_REGEX})\/)? (?<project>#{Gitlab::PathRegex::PROJECT_PATH_FORMAT_REGEX}) }x |