alert.rb
code Severe
Denial of Service
Discovered 7 months ago
Source: static code analysis
Category: Denial of Service
Confidence level: Medium

Problem

Model attribute used in regex

Location

app/models/alert_management/alert.rb:194

/
        (#{Project.reference_pattern})?
        #{Regexp.escape(reference_prefix)}(?<alert>\d+)
      /x

Category description: Denial of Service is any attack which causes a service to become unavailable for legitimate clients.

Solution: fix the issue in app/models/alert_management/alert.rb or mark it as false positive.

youtrack_service.rb
code Severe
Denial of Service
Discovered 7 months ago
Source: static code analysis
Category: Denial of Service
Confidence level: Medium

Problem

Model attribute used in regex

Location

app/models/project_services/youtrack_service.rb:11

/(?<issue>\b[A-Za-z][A-Za-z0-9_]*-\d+\b)|(#{Issue.reference_prefix}#{Gitlab::Regex.issue})/

Category description: Denial of Service is any attack which causes a service to become unavailable for legitimate clients.

Solution: fix the issue in app/models/project_services/youtrack_service.rb or mark it as false positive.

issue.rb
code Severe
Denial of Service
Discovered 7 months ago
Source: static code analysis
Category: Denial of Service
Confidence level: Medium

Problem

Model attribute used in regex

Location

app/models/issue.rb:207

/
      (#{Project.reference_pattern})?
      #{Regexp.escape(reference_prefix)}#{Gitlab::Regex.issue}
    /x

Category description: Denial of Service is any attack which causes a service to become unavailable for legitimate clients.

Solution: fix the issue in app/models/issue.rb or mark it as false positive.

referable.rb
code Severe
Denial of Service
Discovered 7 months ago
Source: static code analysis
Category: Denial of Service
Confidence level: Medium

Problem

Model attribute used in regex

Location

app/models/concerns/referable.rb:83

/
        (?<url>
          #{Regexp.escape(Gitlab.config.gitlab.url)}
          \/#{Project.reference_pattern}
          (?:\/\-)?
          \/#{route.is_a?(Regexp) ? (route) : (Regexp.escape(route))}
          \/#{pattern}
          (?<path>
            (\/[a-z0-9_=-]+)*\/*
          )?
          (?<query>
            \?[a-z0-9_=-]+
            (&[a-z0-9_=-]+)*
          )?
          (?<anchor>\#[a-z0-9_-]+)?
        )
      /x

Category description: Denial of Service is any attack which causes a service to become unavailable for legitimate clients.

Solution: fix the issue in app/models/concerns/referable.rb or mark it as false positive.

snippet.rb
code Severe
Denial of Service
Discovered 7 months ago
Source: static code analysis
Category: Denial of Service
Confidence level: Medium

Problem

Model attribute used in regex

Location

app/models/snippet.rb:164

/
      (#{Project.reference_pattern})?
      #{Regexp.escape(reference_prefix)}(?<snippet>\d+)
    /x

Category description: Denial of Service is any attack which causes a service to become unavailable for legitimate clients.

Solution: fix the issue in app/models/snippet.rb or mark it as false positive.

label.rb
code Severe
Denial of Service
Discovered 7 months ago
Source: static code analysis
Category: Denial of Service
Confidence level: Medium

Problem

Model attribute used in regex

Location

app/models/label.rb:113

/
      (#{Project.reference_pattern})?
      #{Regexp.escape(reference_prefix)}
      (?:
          (?<label_id>\d+(?!\S\w)\b)
        | # Integer-based label ID, or
          (?<label_name>
              # String-based single-word label title, or
              [A-Za-z0-9_\-\?\.&]+
              (?<!\.|\?)
            |
              # String-based multi-word label surrounded in quotes
              ".+?"
          )
      )
    /x

Category description: Denial of Service is any attack which causes a service to become unavailable for legitimate clients.

Solution: fix the issue in app/models/label.rb or mark it as false positive.

issue_tracker_service.rb
code Severe
Denial of Service
Discovered 7 months ago
Source: static code analysis
Category: Denial of Service
Confidence level: Medium

Problem

Model attribute used in regex

Location

app/models/project_services/issue_tracker_service.rb:24

/(\b[A-Z][A-Z0-9_]*-|#{Issue.reference_prefix})#{Gitlab::Regex.issue}/

Category description: Denial of Service is any attack which causes a service to become unavailable for legitimate clients.

Solution: fix the issue in app/models/project_services/issue_tracker_service.rb or mark it as false positive.

milestone.rb
code Severe
Denial of Service
Discovered 7 months ago
Source: static code analysis
Category: Denial of Service
Confidence level: Medium

Problem

Model attribute used in regex

Location

app/models/milestone.rb:62

/
      (#{Project.reference_pattern})?
      #{Regexp.escape(reference_prefix)}
      (?:
        (?<milestone_iid>
          \d+(?!\S\w)\b # Integer-based milestone iid, or
        ) |
        (?<milestone_name>
          [^"\s]+\b |  # String-based single-word milestone title, or
          "[^"]+"      # String-based multi-word milestone surrounded in quotes
        )
      )
    /x

Category description: Denial of Service is any attack which causes a service to become unavailable for legitimate clients.

Solution: fix the issue in app/models/milestone.rb or mark it as false positive.

merge_request.rb
code Severe
Denial of Service
Discovered 7 months ago
Source: static code analysis
Category: Denial of Service
Confidence level: Medium

Problem

Model attribute used in regex

Location

app/models/merge_request.rb:387

/
      (#{Project.reference_pattern})?
      #{Regexp.escape(reference_prefix)}(?<merge_request>\d+)
    /x

Category description: Denial of Service is any attack which causes a service to become unavailable for legitimate clients.

Solution: fix the issue in app/models/merge_request.rb or mark it as false positive.

commit.rb
code Severe
Denial of Service
Discovered 7 months ago
Source: static code analysis
Category: Denial of Service
Confidence level: Medium

Problem

Model attribute used in regex

Location

app/models/commit.rb:179

/
      (?:#{Project.reference_pattern}#{reference_prefix})?
      (?<commit>#{/\h{#{Gitlab::Git::Commit::MIN_SHA_LENGTH},40}/.freeze})
    /x

Category description: Denial of Service is any attack which causes a service to become unavailable for legitimate clients.

Solution: fix the issue in app/models/commit.rb or mark it as false positive.

commit_range.rb
code Severe
Denial of Service
Discovered 7 months ago
Source: static code analysis
Category: Denial of Service
Confidence level: Medium

Problem

Model attribute used in regex

Location

app/models/commit_range.rb:47

/
      (?:#{Project.reference_pattern}#{reference_prefix})?
      (?<commit_range>#{/\h{7,40}\.{2,3}\h{7,40}/.freeze})
    /x

Category description: Denial of Service is any attack which causes a service to become unavailable for legitimate clients.

Solution: fix the issue in app/models/commit_range.rb or mark it as false positive.