Limit extendable CI/CD config entry nesting levels

author: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2018-09-05 10:57:36 +0300
committer: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2018-09-05 10:57:36 +0300
commit: afbe5490f0d092382774eef2a9695d0ac655826b (patch)
tree: 62727b3ebf4eb435dbf7a94928be4f2eca9699cd /lib
parent: d2f46c3025cd2735ad020c400725c6ad5e98723c (diff)
2 files changed, 18 insertions, 4 deletions
diff --git a/lib/gitlab/ci/config/extendable/collection.rb b/lib/gitlab/ci/config/extendable/collection.rb
index 123219c90f2..13d81987b7a 100644
--- a/lib/gitlab/ci/config/extendable/collection.rb
+++ b/lib/gitlab/ci/config/extendable/collection.rb
@@ -8,6 +8,7 @@ module Gitlab
           ExtensionError = Class.new(StandardError)
           InvalidExtensionError = Class.new(ExtensionError)
           CircularDependencyError = Class.new(ExtensionError)
+          NestingTooDeepError = Class.new(ExtensionError)
 
           def initialize(hash)
             @hash = hash.to_h.deep_dup
diff --git a/lib/gitlab/ci/config/extendable/entry.rb b/lib/gitlab/ci/config/extendable/entry.rb
index f14d2c1817c..d1fd8005b71 100644
--- a/lib/gitlab/ci/config/extendable/entry.rb
+++ b/lib/gitlab/ci/config/extendable/entry.rb
@@ -3,6 +3,8 @@ module Gitlab
     class Config
       module Extendable
         class Entry
+          MAX_NESTING_LEVELS = 10
+
           attr_reader :key
 
           def initialize(key, context, parent = nil)
@@ -10,7 +12,9 @@ module Gitlab
             @context = context
             @parent = parent
 
-            raise StandardError, 'Invalid entry key!' unless @context.key?(@key)
+            unless @context.key?(@key)
+              raise StandardError, 'Invalid entry key!'
+            end
           end
 
           def extensible?
@@ -31,8 +35,8 @@ module Gitlab
             value.fetch(:extends).to_s.to_sym if extensible?
           end
 
-          def path
-            Array(@parent&.path).compact.push(key)
+          def ancestors
+            @ancestors ||= Array(@parent&.ancestors) + Array(@parent&.key)
           end
 
           def extend!
@@ -48,6 +52,11 @@ module Gitlab
                     "Invalid base hash in extended `#{key}`!"
             end
 
+            if nesting_too_deep?
+              raise Extendable::Collection::NestingTooDeepError,
+                    "`extends` nesting too deep in `#{key}`!"
+            end
+
             if circular_dependency?
               raise Extendable::Collection::CircularDependencyError,
                     "Circular dependency detected in extended `#{key}`!"
@@ -58,8 +67,12 @@ module Gitlab
 
           private
 
+          def nesting_too_deep?
+            ancestors.count > MAX_NESTING_LEVELS
+          end
+
           def circular_dependency?
-            path.count(key) > 1
+            ancestors.include?(key)
           end
 
           def unknown_extension?
author	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2018-09-05 10:57:36 +0300
committer	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2018-09-05 10:57:36 +0300
commit	afbe5490f0d092382774eef2a9695d0ac655826b (patch)
tree	62727b3ebf4eb435dbf7a94928be4f2eca9699cd /lib
parent	d2f46c3025cd2735ad020c400725c6ad5e98723c (diff)