10 files changed, 83 insertions, 2 deletions

diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index 684c84c3006..90fbf49be4a 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -220,6 +220,7 @@ module ApplicationSettingsHelper
       :recaptcha_enabled,
       :recaptcha_private_key,
       :recaptcha_site_key,
+      :receive_max_input_size,
       :repository_checks_enabled,
       :repository_storages,
       :require_two_factor_authentication,
diff --git a/app/views/admin/application_settings/_account_and_limit.html.haml b/app/views/admin/application_settings/_account_and_limit.html.haml
index 9121e44d31b..10bc3452d8b 100644
--- a/app/views/admin/application_settings/_account_and_limit.html.haml
+++ b/app/views/admin/application_settings/_account_and_limit.html.haml
@@ -14,7 +14,10 @@
       = f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'label-bold'
       = f.number_field :max_attachment_size, class: 'form-control'
     .form-group
-      = f.label :session_expire_delay, 'Session duration (minutes)', class: 'label-bold'
+      = f.label :receive_max_input_size, 'Maximum push size (MB)', class: 'label-light'
+      = f.number_field :receive_max_input_size, class: 'form-control'
+    .form-group
+      = f.label :session_expire_delay, 'Session duration (minutes)', class: 'label-light'
       = f.number_field :session_expire_delay, class: 'form-control'
       %span.form-text.text-muted#session_expire_delay_help_block GitLab restart is required to apply changes
     .form-group
diff --git a/changelogs/unreleased/rd-26044-new-option-to-prevent-too-big-git-pushes.yml b/changelogs/unreleased/rd-26044-new-option-to-prevent-too-big-git-pushes.yml
new file mode 100644
index 00000000000..f464b6dda5b
--- /dev/null
+++ b/changelogs/unreleased/rd-26044-new-option-to-prevent-too-big-git-pushes.yml
@@ -0,0 +1,5 @@
+---
+title: Allow admins to configure the maximum Git push size
+merge_request: 20758
+author:
+type: added
diff --git a/db/migrate/20180720023512_add_receive_max_input_size_to_application_settings.rb b/db/migrate/20180720023512_add_receive_max_input_size_to_application_settings.rb
new file mode 100644
index 00000000000..4ed851a0780
--- /dev/null
+++ b/db/migrate/20180720023512_add_receive_max_input_size_to_application_settings.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddReceiveMaxInputSizeToApplicationSettings < ActiveRecord::Migration
+  DOWNTIME = false
+
+  def change
+    add_column :application_settings, :receive_max_input_size, :integer
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 66a50dd9acf..13814dd569e 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -173,6 +173,7 @@ ActiveRecord::Schema.define(version: 20180906101639) do
     t.boolean "web_ide_clientside_preview_enabled", default: false, null: false
     t.boolean "user_show_add_ssh_key_message", default: true, null: false
     t.integer "usage_stats_set_by_user_id"
+    t.integer "receive_max_input_size"
   end
 
   create_table "audit_events", force: :cascade do |t|
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index 0990e2a1fba..e3e8cb71c09 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -74,6 +74,7 @@ module API
             gl_repository: gl_repository,
             gl_id: Gitlab::GlId.gl_id(user),
             gl_username: user&.username,
+            git_config_options: [],
 
             # This repository_path is a bogus value but gitlab-shell still requires
             # its presence. https://gitlab.com/gitlab-org/gitlab-shell/issues/135
@@ -81,6 +82,13 @@ module API
 
             gitaly: gitaly_payload(params[:action])
           }
+
+          # Custom option for git-receive-pack command
+          receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i
+          if receive_max_input_size > 0
+            payload[:git_config_options] << "receive.maxInputSize=#{receive_max_input_size.megabytes}"
+          end
+
           response_with_status(**payload)
         when ::Gitlab::GitAccessResult::CustomAction
           response_with_status(code: 300, message: check_result.message, payload: check_result.payload)
diff --git a/lib/gitlab/workhorse.rb b/lib/gitlab/workhorse.rb
index a9629a92a50..30a8c3578d8 100644
--- a/lib/gitlab/workhorse.rb
+++ b/lib/gitlab/workhorse.rb
@@ -22,18 +22,27 @@ module Gitlab
 
         project = repository.project
 
-        {
+        attrs = {
           GL_ID: Gitlab::GlId.gl_id(user),
           GL_REPOSITORY: Gitlab::GlRepository.gl_repository(project, is_wiki),
           GL_USERNAME: user&.username,
           ShowAllRefs: show_all_refs,
           Repository: repository.gitaly_repository.to_h,
           RepoPath: 'ignored but not allowed to be empty in gitlab-workhorse',
+          GitConfigOptions: [],
           GitalyServer: {
             address: Gitlab::GitalyClient.address(project.repository_storage),
             token: Gitlab::GitalyClient.token(project.repository_storage)
           }
         }
+
+        # Custom option for git-receive-pack command
+        receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i
+        if receive_max_input_size > 0
+          attrs[:GitConfigOptions] << "receive.maxInputSize=#{receive_max_input_size.megabytes}"
+        end
+
+        attrs
       end
 
       def send_git_blob(repository, blob)
diff --git a/spec/controllers/admin/application_settings_controller_spec.rb b/spec/controllers/admin/application_settings_controller_spec.rb
index 9d10d725ff3..10e1bfc30f9 100644
--- a/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/spec/controllers/admin/application_settings_controller_spec.rb
@@ -78,5 +78,12 @@ describe Admin::ApplicationSettingsController do
       expect(response).to redirect_to(admin_application_settings_path)
       expect(ApplicationSetting.current.restricted_visibility_levels).to be_empty
     end
+
+    it 'updates the receive_max_input_size setting' do
+      put :update, application_setting: { receive_max_input_size: "1024" }
+
+      expect(response).to redirect_to(admin_application_settings_path)
+      expect(ApplicationSetting.current.receive_max_input_size).to eq(1024)
+    end
   end
 end
diff --git a/spec/lib/gitlab/workhorse_spec.rb b/spec/lib/gitlab/workhorse_spec.rb
index 23869f3d2da..b3f55a2e1bd 100644
--- a/spec/lib/gitlab/workhorse_spec.rb
+++ b/spec/lib/gitlab/workhorse_spec.rb
@@ -336,6 +336,22 @@ describe Gitlab::Workhorse do
         it { expect { subject }.to raise_exception('Unsupported action: download') }
       end
     end
+
+    context 'when receive_max_input_size has been updated' do
+      it 'returns custom git config' do
+        allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { 1 }
+
+        expect(subject[:GitConfigOptions]).to be_present
+      end
+    end
+
+    context 'when receive_max_input_size is empty' do
+      it 'returns an empty git config' do
+        allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { nil }
+
+        expect(subject[:GitConfigOptions]).to be_empty
+      end
+    end
   end
 
   describe '.set_key_and_notify' do
diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb
index 6890f46c724..e0b5b34f9c4 100644
--- a/spec/requests/api/internal_spec.rb
+++ b/spec/requests/api/internal_spec.rb
@@ -369,6 +369,26 @@ describe API::Internal do
             expect(user.reload.last_activity_on).to be_nil
           end
         end
+
+        context 'when receive_max_input_size has been updated' do
+          it 'returns custom git config' do
+            allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { 1 }
+
+            push(key, project)
+
+            expect(json_response["git_config_options"]).to be_present
+          end
+        end
+
+        context 'when receive_max_input_size is empty' do
+          it 'returns an empty git config' do
+            allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { nil }
+
+            push(key, project)
+
+            expect(json_response["git_config_options"]).to be_empty
+          end
+        end
       end
     end