Fix error creating a merge request when diff includes a null byte

If a diff happened to include a single null byte anywhere, insertion into the database would fail with an Error 500 since the column is text and not a byte array. To fix this, we mark the diff as binary if we detect a single null byte and Base64-encode it. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57710

Fix error creating a merge request when diff includes a null byte
If a diff happened to include a single null byte anywhere, insertion into the database would fail with an Error 500 since the column is text and not a byte array. To fix this, we mark the diff as binary if we detect a single null byte and Base64-encode it. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57710
6552197e · Stan Hu · 1715622c · 6552197e · 6552197e · 6552197e
Commit 6552197e authored Mar 14, 2019 by Stan Hu
4 changed files
--- a/app/models/merge_request_diff.rb
+++ b/app/models/merge_request_diff.rb
@@ -296,6 +296,11 @@ class MergeRequestDiff < ActiveRecord::Base
  private
+  def encode_in_base64?(diff_text)
+    (diff_text.encoding == Encoding::BINARY && !diff_text.ascii_only?) ||
+      diff_text.include?("\0")
+  end
  def create_merge_request_diff_files(diffs)
    rows =
      if has_attribute?(:external_diff) && Gitlab.config.external_diffs.enabled
@@ -348,7 +353,7 @@ class MergeRequestDiff < ActiveRecord::Base
      diff_hash.tap do |hash|
        diff_text = hash[:diff]
-        if diff_text.encoding == Encoding::BINARY && !diff_text.ascii_only?
+        if encode_in_base64?(diff_text)
          hash[:binary] = true
          hash[:diff] = [diff_text].pack('m0')
        end

--- a/changelogs/unreleased/sh-handle-null-bytes-in-merge-request-diffs.yml
+++ b/changelogs/unreleased/sh-handle-null-bytes-in-merge-request-diffs.yml
+---
+title: Fix error creating a merge request when diff includes a null byte
+merge_request: 26190
+author:
+type: fixed
--- a/spec/models/merge_request_diff_spec.rb
+++ b/spec/models/merge_request_diff_spec.rb
 require 'spec_helper'
 describe MergeRequestDiff do
+  include RepoHelpers
  let(:diff_with_commits) { create(:merge_request).merge_request_diff }
  describe 'validations' do
@@ -194,6 +196,25 @@ describe MergeRequestDiff do
        expect(diff_file).to be_binary
        expect(diff_file.diff).to eq(mr_diff.compare.diffs(paths: [path]).to_a.first.diff)
      end
+      context 'with diffs that contain a null byte' do
+        let(:filename) { 'test-null.txt' }
+        let(:content) { "a" * 10000 + "\x00" }
+        let(:project) { create(:project, :repository) }
+        let(:branch) { 'null-data' }
+        let(:target_branch) { 'master' }
+        it 'saves diffs correctly' do
+          create_file_in_repo(project, target_branch, branch, filename, content)
+          mr_diff = create(:merge_request, target_project: project, source_project: project, source_branch: branch, target_branch: target_branch).merge_request_diff
+          diff_file = mr_diff.merge_request_diff_files.find_by(new_path: filename)
+          expect(diff_file).to be_binary
+          expect(diff_file.diff).to eq(mr_diff.compare.diffs(paths: [filename]).to_a.first.diff)
+          expect(diff_file.diff).to include(content)
+        end
+      end
    end
  end

--- a/spec/support/helpers/repo_helpers.rb
+++ b/spec/support/helpers/repo_helpers.rb
@@ -115,4 +115,18 @@ eos
      commits: commits
    )
  end
+  def create_file_in_repo(
+        project, start_branch, branch_name, filename, content,
+        commit_message: 'Add new content')
+    Files::CreateService.new(
+      project,
+      project.owner,
+      commit_message: commit_message,
+      start_branch: start_branch,
+      branch_name: branch_name,
+      file_path: filename,
+      file_content: content
+    ).execute
+  end
 end