diff options
Diffstat (limited to 'lib/gitlab/middleware/handle_null_bytes.rb')
-rw-r--r-- | lib/gitlab/middleware/handle_null_bytes.rb | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/lib/gitlab/middleware/handle_null_bytes.rb b/lib/gitlab/middleware/handle_null_bytes.rb deleted file mode 100644 index c88dfb6ee0b..00000000000 --- a/lib/gitlab/middleware/handle_null_bytes.rb +++ /dev/null @@ -1,61 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module Middleware - # There is no valid reason for a request to contain a null byte (U+0000) - # so just return HTTP 400 (Bad Request) if we receive one - class HandleNullBytes - NULL_BYTE_REGEX = Regexp.new(Regexp.escape("\u0000")).freeze - - attr_reader :app - - def initialize(app) - @app = app - end - - def call(env) - return [400, {}, ["Bad Request"]] if request_has_null_byte?(env) - - app.call(env) - end - - private - - def request_has_null_byte?(request) - return false if ENV['REJECT_NULL_BYTES'] == "1" - - request = Rack::Request.new(request) - - request.params.values.any? do |value| - param_has_null_byte?(value) - end - end - - def param_has_null_byte?(value, depth = 0) - # Guard against possible attack sending large amounts of nested params - # Should be safe as deeply nested params are highly uncommon. - return false if depth > 2 - - depth += 1 - - if value.respond_to?(:match) - string_contains_null_byte?(value) - elsif value.respond_to?(:values) - value.values.any? do |hash_value| - param_has_null_byte?(hash_value, depth) - end - elsif value.is_a?(Array) - value.any? do |array_value| - param_has_null_byte?(array_value, depth) - end - else - false - end - end - - def string_contains_null_byte?(string) - string.match?(NULL_BYTE_REGEX) - end - end - end -end |