From 0ea350965d2a0fea0dbc1cfa433729dc865acfc6 Mon Sep 17 00:00:00 2001
From: Rajat Jain <rjain@gitlab.com>
Date: Fri, 22 Feb 2019 13:42:25 +0530
Subject: [PATCH] Limit number of characters allowed in mermaidjs

---
 .../behaviors/markdown/render_mermaid.js      | 19 +++++++++++++++++++
 changelogs/unreleased/security-mermaid.yml    |  5 +++++
 locale/gitlab.pot                             |  3 +++
 3 files changed, 27 insertions(+)
 create mode 100644 changelogs/unreleased/security-mermaid.yml

diff --git a/app/assets/javascripts/behaviors/markdown/render_mermaid.js b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
index 35380ca49fb..798114b4b0b 100644
--- a/app/assets/javascripts/behaviors/markdown/render_mermaid.js
+++ b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
@@ -1,4 +1,5 @@
 import flash from '~/flash';
+import { sprintf, __ } from '../../locale';
 
 // Renders diagrams and flowcharts from text using Mermaid in any element with the
 // `js-render-mermaid` class.
@@ -14,6 +15,9 @@ import flash from '~/flash';
 // </pre>
 //
 
+// This is an arbitary number; Can be iterated upon when suitable.
+const MAX_CHAR_LIMIT = 5000;
+
 export default function renderMermaid($els) {
   if (!$els.length) return;
 
@@ -34,6 +38,21 @@ export default function renderMermaid($els) {
       $els.each((i, el) => {
         const source = el.textContent;
 
+        /**
+         * Restrict the rendering to a certain amount of character to
+         * prevent mermaidjs from hanging up the entire thread and
+         * causing a DoS.
+         */
+        if (source && source.length > MAX_CHAR_LIMIT) {
+          el.textContent = sprintf(
+            __(
+              'Cannot render the image. Maximum character count (%{charLimit}) has been exceeded.',
+            ),
+            { charLimit: MAX_CHAR_LIMIT },
+          );
+          return;
+        }
+
         // Remove any extra spans added by the backend syntax highlighting.
         Object.assign(el, { textContent: source });
 
diff --git a/changelogs/unreleased/security-mermaid.yml b/changelogs/unreleased/security-mermaid.yml
new file mode 100644
index 00000000000..ec42b5a1615
--- /dev/null
+++ b/changelogs/unreleased/security-mermaid.yml
@@ -0,0 +1,5 @@
+---
+title: Limit mermaid rendering to 5K characters
+merge_request:
+author:
+type: security
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index fa680cd5ef0..52520b467e4 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -1299,6 +1299,9 @@ msgstr ""
 msgid "Cannot modify managed Kubernetes cluster"
 msgstr ""
 
+msgid "Cannot render the image. Maximum character count (%{charLimit}) has been exceeded."
+msgstr ""
+
 msgid "Certificate"
 msgstr ""