diff options
author | Felipe Artur <felipefac@gmail.com> | 2018-09-05 16:41:59 -0300 |
---|---|---|
committer | Felipe Artur <felipefac@gmail.com> | 2018-09-22 12:15:53 -0300 |
commit | 1fcc7f9ba23a5ca02773e080ccb66f37435150ff (patch) | |
tree | 7da14469edc854dd004f38ba6a31ba89a689663e | |
parent | 7dd8d37984efb93c58f0f56fe7394ff5d90fbe11 (diff) | |
download | gitlab-ce-1fcc7f9ba23a5ca02773e080ccb66f37435150ff.tar.gz |
Render 412 for invalid UTF-8 parametersfa-handle_invalid_utf8_errors
Renders 412 error page when invalid UTF-8 is passed
as parameters in controllers.
-rw-r--r-- | app/controllers/application_controller.rb | 1 | ||||
-rw-r--r-- | app/controllers/concerns/invalid_utf8_error_handler.rb | 25 | ||||
-rw-r--r-- | app/views/errors/precondition_failed.html.haml | 8 | ||||
-rw-r--r-- | changelogs/unreleased/fa-handle_invalid_utf8_errors.yml | 5 | ||||
-rw-r--r-- | spec/controllers/application_controller_spec.rb | 34 |
5 files changed, 73 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7e2b2cf3ad3..04460e184c2 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -10,6 +10,7 @@ class ApplicationController < ActionController::Base include WorkhorseHelper include EnforcesTwoFactorAuthentication include WithPerformanceBar + include InvalidUTF8ErrorHandler before_action :authenticate_sessionless_user! before_action :authenticate_user! diff --git a/app/controllers/concerns/invalid_utf8_error_handler.rb b/app/controllers/concerns/invalid_utf8_error_handler.rb new file mode 100644 index 00000000000..a7ea0d00a43 --- /dev/null +++ b/app/controllers/concerns/invalid_utf8_error_handler.rb @@ -0,0 +1,25 @@ +module InvalidUTF8ErrorHandler + extend ActiveSupport::Concern + + included do + rescue_from ArgumentError, with: :handle_invalid_utf8 + end + + private + + def handle_invalid_utf8(error) + if error.message == "invalid byte sequence in UTF-8" + render_412 + else + raise(error) + end + end + + def render_412 + respond_to do |format| + format.html { render "errors/precondition_failed", layout: "errors", status: 412 } + format.js { render json: { error: 'Invalid UTF-8' }, status: :precondition_failed, content_type: 'application/json' } + format.any { head :precondition_failed } + end + end +end diff --git a/app/views/errors/precondition_failed.html.haml b/app/views/errors/precondition_failed.html.haml new file mode 100644 index 00000000000..aa3869f33a9 --- /dev/null +++ b/app/views/errors/precondition_failed.html.haml @@ -0,0 +1,8 @@ +- content_for(:title, 'Encoding Error') +%img{ :alt => "GitLab Logo", :src => image_path('logo.svg') } + %h1 + 412 +.container + %h3 Precondition failed + %hr + %p Page can't be loaded because of invalid parameters. diff --git a/changelogs/unreleased/fa-handle_invalid_utf8_errors.yml b/changelogs/unreleased/fa-handle_invalid_utf8_errors.yml new file mode 100644 index 00000000000..9cae193d858 --- /dev/null +++ b/changelogs/unreleased/fa-handle_invalid_utf8_errors.yml @@ -0,0 +1,5 @@ +--- +title: Render 412 when invalid UTF-8 parameters are passed to controller +merge_request: +author: +type: other diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index fbf116e533b..7202cee04ea 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -694,4 +694,38 @@ describe ApplicationController do expect(response).to have_gitlab_http_status(403) end end + + context 'when invalid UTF-8 parameters are received' do + controller(described_class) do + def index + params[:text].split(' ') + + render json: :ok + end + end + + before do + sign_in user + end + + context 'html' do + it 'renders 412' do + get :index, text: "hi \255" + + expect(response).to have_gitlab_http_status(412) + expect(response).to render_template :precondition_failed + end + end + + context 'js' do + it 'renders 412' do + get :index, text: "hi \255", format: :js + + json_response = JSON.parse(response.body) + + expect(response).to have_gitlab_http_status(412) + expect(json_response['error']).to eq('Invalid UTF-8') + end + end + end end |