diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-09-05 10:57:36 +0300 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-09-05 10:57:36 +0300 |
commit | afbe5490f0d092382774eef2a9695d0ac655826b (patch) | |
tree | 62727b3ebf4eb435dbf7a94928be4f2eca9699cd /lib | |
parent | d2f46c3025cd2735ad020c400725c6ad5e98723c (diff) |
Limit extendable CI/CD config entry nesting levels
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/ci/config/extendable/collection.rb | 1 | ||||
-rw-r--r-- | lib/gitlab/ci/config/extendable/entry.rb | 21 |
2 files changed, 18 insertions, 4 deletions
diff --git a/lib/gitlab/ci/config/extendable/collection.rb b/lib/gitlab/ci/config/extendable/collection.rb index 123219c90f2..13d81987b7a 100644 --- a/lib/gitlab/ci/config/extendable/collection.rb +++ b/lib/gitlab/ci/config/extendable/collection.rb @@ -8,6 +8,7 @@ module Gitlab ExtensionError = Class.new(StandardError) InvalidExtensionError = Class.new(ExtensionError) CircularDependencyError = Class.new(ExtensionError) + NestingTooDeepError = Class.new(ExtensionError) def initialize(hash) @hash = hash.to_h.deep_dup diff --git a/lib/gitlab/ci/config/extendable/entry.rb b/lib/gitlab/ci/config/extendable/entry.rb index f14d2c1817c..d1fd8005b71 100644 --- a/lib/gitlab/ci/config/extendable/entry.rb +++ b/lib/gitlab/ci/config/extendable/entry.rb @@ -3,6 +3,8 @@ module Gitlab class Config module Extendable class Entry + MAX_NESTING_LEVELS = 10 + attr_reader :key def initialize(key, context, parent = nil) @@ -10,7 +12,9 @@ module Gitlab @context = context @parent = parent - raise StandardError, 'Invalid entry key!' unless @context.key?(@key) + unless @context.key?(@key) + raise StandardError, 'Invalid entry key!' + end end def extensible? @@ -31,8 +35,8 @@ module Gitlab value.fetch(:extends).to_s.to_sym if extensible? end - def path - Array(@parent&.path).compact.push(key) + def ancestors + @ancestors ||= Array(@parent&.ancestors) + Array(@parent&.key) end def extend! @@ -48,6 +52,11 @@ module Gitlab "Invalid base hash in extended `#{key}`!" end + if nesting_too_deep? + raise Extendable::Collection::NestingTooDeepError, + "`extends` nesting too deep in `#{key}`!" + end + if circular_dependency? raise Extendable::Collection::CircularDependencyError, "Circular dependency detected in extended `#{key}`!" @@ -58,8 +67,12 @@ module Gitlab private + def nesting_too_deep? + ancestors.count > MAX_NESTING_LEVELS + end + def circular_dependency? - path.count(key) > 1 + ancestors.include?(key) end def unknown_extension? |