diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-22 09:10:40 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-22 09:10:40 +0300 |
| commit | ddf03f07a081390feaa19247db3fdd87f8c32843 (patch) | |
| tree | 02ac26592717d728ecfa05887cb68c1715fd98ad /workhorse | |
| parent | 9ff55fb235c23c9260305f5a96e2a1af8fed8f19 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'workhorse')
| -rw-r--r-- | workhorse/internal/upload/rewrite.go | 1 | ||||
| -rw-r--r-- | workhorse/internal/upload/uploads.go | 15 | ||||
| -rw-r--r-- | workhorse/internal/upload/uploads_test.go | 22 |
3 files changed, 33 insertions, 5 deletions
diff --git a/workhorse/internal/upload/rewrite.go b/workhorse/internal/upload/rewrite.go index ad9623f569c..6b7032004bf 100644 --- a/workhorse/internal/upload/rewrite.go +++ b/workhorse/internal/upload/rewrite.go @@ -31,7 +31,6 @@ var ( var ( multipartUploadRequests = promauto.NewCounterVec( prometheus.CounterOpts{ - Name: "gitlab_workhorse_multipart_upload_requests", Help: "How many multipart upload requests have been processed by gitlab-workhorse. Partitioned by type.", }, diff --git a/workhorse/internal/upload/uploads.go b/workhorse/internal/upload/uploads.go index 91a0e0ca79d..efd3d5be0bd 100644 --- a/workhorse/internal/upload/uploads.go +++ b/workhorse/internal/upload/uploads.go @@ -8,6 +8,7 @@ import ( "io" "mime/multipart" "net/http" + "net/textproto" "github.com/golang-jwt/jwt/v5" @@ -64,11 +65,17 @@ func interceptMultipartFiles(w http.ResponseWriter, r *http.Request, h http.Hand fail.WithBody("Failed to process image")) default: if errors.Is(err, context.DeadlineExceeded) { - fail.Request(w, r, err, fail.WithStatus(http.StatusGatewayTimeout), - fail.WithBody("deadline exceeded")) - } else { - fail.Request(w, r, fmt.Errorf("handleFileUploads: extract files from multipart: %v", err)) + fail.Request(w, r, err, fail.WithStatus(http.StatusGatewayTimeout), fail.WithBody("deadline exceeded")) + return } + + var protocolErr textproto.ProtocolError + if errors.As(err, &protocolErr) { + fail.Request(w, r, err, fail.WithStatus(http.StatusBadRequest)) + return + } + + fail.Request(w, r, fmt.Errorf("handleFileUploads: extract files from multipart: %v", err)) } return } diff --git a/workhorse/internal/upload/uploads_test.go b/workhorse/internal/upload/uploads_test.go index 69baa2dab6e..14ad6a92cd9 100644 --- a/workhorse/internal/upload/uploads_test.go +++ b/workhorse/internal/upload/uploads_test.go @@ -357,6 +357,28 @@ func TestBadMultipartHeader(t *testing.T) { require.Equal(t, 400, response.Code) } +func TestMalformedMimeHeader(t *testing.T) { + testhelper.ConfigureSecret() + + h := make(textproto.MIMEHeader) + h.Set("Invalid Header Line\r\nContent-Type", "text/plain\r\n\r\n") + + buffer := &bytes.Buffer{} + writer := multipart.NewWriter(buffer) + file, err := writer.CreatePart(h) + require.NoError(t, err) + fmt.Fprint(file, "test") + writer.Close() + + httpRequest, err := http.NewRequest("POST", "/example", buffer) + require.NoError(t, err) + httpRequest.Header.Set("Content-Type", writer.FormDataContentType()) + + response := httptest.NewRecorder() + testInterceptMultipartFiles(t, response, httpRequest, nilHandler, &SavedFileTracker{Request: httpRequest}) + require.Equal(t, 400, response.Code) +} + func TestContentDispositionRewrite(t *testing.T) { testhelper.ConfigureSecret() |