From f617de3476794b7198f07eba70b84fa401eded71 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Fri, 3 Dec 2021 10:02:00 +0000
Subject: [PATCH] Add latest changes from
 gitlab-org/security/gitlab@14-5-stable-ee

---
 lib/gitlab/quick_actions/extractor.rb           | 4 +---
 spec/lib/gitlab/quick_actions/extractor_spec.rb | 8 ++++++++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/gitlab/quick_actions/extractor.rb b/lib/gitlab/quick_actions/extractor.rb
index 1294e475145..2e4817e6b17 100644
--- a/lib/gitlab/quick_actions/extractor.rb
+++ b/lib/gitlab/quick_actions/extractor.rb
@@ -29,9 +29,7 @@ module Gitlab
           # Anything, including `/cmd arg` which are ignored by this filter
           # `
 
-          `\n*
-          .+?
-          \n*`
+          `.+?`
         )
       }mix.freeze
 
diff --git a/spec/lib/gitlab/quick_actions/extractor_spec.rb b/spec/lib/gitlab/quick_actions/extractor_spec.rb
index 61fffe3fb6b..c040a70e403 100644
--- a/spec/lib/gitlab/quick_actions/extractor_spec.rb
+++ b/spec/lib/gitlab/quick_actions/extractor_spec.rb
@@ -352,6 +352,14 @@ RSpec.describe Gitlab::QuickActions::Extractor do
       expect(commands).to eq(expected_commands)
       expect(msg).to eq expected_msg
     end
+
+    it 'fails fast for strings with many newlines' do
+      msg = '`' + "\n" * 100_000
+
+      expect do
+        Timeout.timeout(3.seconds) { extractor.extract_commands(msg) }
+      end.not_to raise_error
+    end
   end
 
   describe '#redact_commands' do