Ignore out of range epic IDs

Including a Markdown reference with a large epic ID (e.g. `&1161452270761535925900804973910297`) would cause an Error 500 with `ActiveModel::RangeError`. To fix this, we implement `reference_valid?` for the `Epic` model. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57367

Ignore out of range epic IDs
Including a Markdown reference with a large epic ID (e.g. `&1161452270761535925900804973910297`) would cause an Error 500 with `ActiveModel::RangeError`. To fix this, we implement `reference_valid?` for the `Epic` model. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57367
bb35021c · Stan Hu · 66110570 · bb35021c · bb35021c
Commit bb35021c authored Feb 11, 2019 by Stan Hu
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

ee/app/models/ee/epic.rb ee/app/models/ee/epic.rb +4 -0

ee/spec/lib/banzai/filter/epic_reference_filter_spec.rb ee/spec/lib/banzai/filter/epic_reference_filter_spec.rb +6 -0

No files found.
--- a/ee/app/models/ee/epic.rb
+++ b/ee/app/models/ee/epic.rb
@@ -107,6 +107,10 @@ module EE
        end
      end

+      def reference_valid?(reference)
+        reference.to_i > 0 && reference.to_i <= ::Gitlab::Database::MAX_INT_VALUE
+      end
+
      def link_reference_pattern
        %r{
          (?<url>

--- a/ee/spec/lib/banzai/filter/epic_reference_filter_spec.rb
+++ b/ee/spec/lib/banzai/filter/epic_reference_filter_spec.rb
@@ -69,6 +69,12 @@ describe Banzai::Filter::EpicReferenceFilter do
      expect(doc(text).to_s).to eq(ERB::Util.html_escape_once(text))
    end

+    it 'ignores out of range epic IDs' do
+      text = "Check &1161452270761535925900804973910297"
+
+      expect(doc(text).to_s).to eq(ERB::Util.html_escape_once(text))
+    end
+
    it 'does not process links containing epic numbers followed by text' do
      href = "#{reference}st"
      link = doc("<a href='#{href}'></a>").css('a').first.attr('href')