Merge branch 'fa-handle_invalid_utf8_errors' into 'master'

Render 412 when invalid UTF-8 is passed as parameter See merge request gitlab-org/gitlab-ce!21774
2018-09-25 16:35:10 +00:00 · 2018-09-25 16:35:10 +00:00 · 0920342094
parent 45b365b0e5 1fcc7f9ba2
commit 0920342094
5 changed files with 73 additions and 0 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -12,6 +12,7 @@ class ApplicationController < ActionController::Base
  include WorkhorseHelper
  include EnforcesTwoFactorAuthentication
  include WithPerformanceBar
+  include InvalidUTF8ErrorHandler

  before_action :authenticate_sessionless_user!
  before_action :authenticate_user!
--- a/app/controllers/concerns/invalid_utf8_error_handler.rb
+++ b/app/controllers/concerns/invalid_utf8_error_handler.rb
@ -0,0 +1,25 @@
+module InvalidUTF8ErrorHandler
+  extend ActiveSupport::Concern
+
+  included do
+    rescue_from ArgumentError, with: :handle_invalid_utf8
+  end
+
+  private
+
+  def handle_invalid_utf8(error)
+    if error.message == "invalid byte sequence in UTF-8"
+      render_412
+    else
+      raise(error)
+    end
+  end
+
+  def render_412
+    respond_to do |format|
+      format.html { render "errors/precondition_failed", layout: "errors", status: 412 }
+      format.js { render json: { error: 'Invalid UTF-8' }, status: :precondition_failed, content_type: 'application/json' }
+      format.any { head :precondition_failed }
+    end
+  end
+end
--- a/app/views/errors/precondition_failed.html.haml
+++ b/app/views/errors/precondition_failed.html.haml
@ -0,0 +1,8 @@
+- content_for(:title, 'Encoding Error')
+%img{ :alt => "GitLab Logo", :src => image_path('logo.svg') }
+  %h1
+    412
+.container
+  %h3 Precondition failed
+  %hr
+  %p Page can't be loaded because of invalid parameters.
--- a/changelogs/unreleased/fa-handle_invalid_utf8_errors.yml
+++ b/changelogs/unreleased/fa-handle_invalid_utf8_errors.yml
@ -0,0 +1,5 @@
+---
+title: Render 412 when invalid UTF-8 parameters are passed to controller
+merge_request:
+author:
+type: other
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@ -694,4 +694,38 @@ describe ApplicationController do
      expect(response).to have_gitlab_http_status(403)
    end
  end
+
+  context 'when invalid UTF-8 parameters are received' do
+    controller(described_class) do
+      def index
+        params[:text].split(' ')
+
+        render json: :ok
+      end
+    end
+
+    before do
+      sign_in user
+    end
+
+    context 'html' do
+      it 'renders 412' do
+        get :index, text: "hi \255"
+
+        expect(response).to have_gitlab_http_status(412)
+        expect(response).to render_template :precondition_failed
+      end
+    end
+
+    context 'js' do
+      it 'renders 412' do
+        get :index, text: "hi \255", format: :js
+
+        json_response = JSON.parse(response.body)
+
+        expect(response).to have_gitlab_http_status(412)
+        expect(json_response['error']).to eq('Invalid UTF-8')
+      end
+    end
+  end
 end