Fix DOS when rendering issue/MR comments
This commit is contained in:
parent
20bdbc3d0c
commit
ef5fdd3f3c
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Fix Denial of Service for comments when rendering issues/MR comments
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
|
@ -100,7 +100,7 @@ module Banzai
|
|||
end
|
||||
|
||||
def relative_file_path(uri)
|
||||
path = Addressable::URI.unescape(uri.path)
|
||||
path = Addressable::URI.unescape(uri.path).delete("\0")
|
||||
request_path = Addressable::URI.unescape(context[:requested_path])
|
||||
nested_path = build_relative_path(path, request_path)
|
||||
file_exists?(nested_path) ? nested_path : path
|
||||
|
|
|
@ -83,6 +83,11 @@ describe Banzai::Filter::RelativeLinkFilter do
|
|||
expect { filter(act) }.not_to raise_error
|
||||
end
|
||||
|
||||
it 'does not explode with an escaped null byte' do
|
||||
act = link("/%00")
|
||||
expect { filter(act) }.not_to raise_error
|
||||
end
|
||||
|
||||
it 'does not raise an exception with a space in the path' do
|
||||
act = link("/uploads/d18213acd3732630991986120e167e3d/Landscape_8.jpg \nBut here's some more unexpected text :smile:)")
|
||||
expect { filter(act) }.not_to raise_error
|
||||
|
|
Loading…
Reference in New Issue