Commit 78b1ad16 authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch 'sy-add-embeds-limit' into 'master'

Limit max metrics embeds to 100

See merge request gitlab-org/gitlab!21356
parents 3c207363 75a88416
---
title: Limit max metrics embeds in GFM to 100
merge_request: 21356
author:
type: performance
...@@ -476,7 +476,7 @@ Prometheus server. ...@@ -476,7 +476,7 @@ Prometheus server.
> [Introduced][ce-29691] in GitLab 12.2. > [Introduced][ce-29691] in GitLab 12.2.
It is possible to display metrics charts within [GitLab Flavored Markdown](../../markdown.md#gitlab-flavored-markdown-gfm). It is possible to display metrics charts within [GitLab Flavored Markdown](../../markdown.md#gitlab-flavored-markdown-gfm). The maximum number of embeds allowed in a GitLab Flavored Markdown field is 100.
NOTE: **Note:** NOTE: **Note:**
Requires [Kubernetes](prometheus_library/kubernetes.md) metrics. Requires [Kubernetes](prometheus_library/kubernetes.md) metrics.
......
...@@ -8,6 +8,7 @@ module Banzai ...@@ -8,6 +8,7 @@ module Banzai
include Gitlab::Utils::StrongMemoize include Gitlab::Utils::StrongMemoize
METRICS_CSS_CLASS = '.js-render-metrics' METRICS_CSS_CLASS = '.js-render-metrics'
EMBED_LIMIT = 100
URL = Gitlab::Metrics::Dashboard::Url URL = Gitlab::Metrics::Dashboard::Url
Embed = Struct.new(:project_path, :permission) Embed = Struct.new(:project_path, :permission)
...@@ -35,9 +36,16 @@ module Banzai ...@@ -35,9 +36,16 @@ module Banzai
# Returns all nodes which the FE will identify as # Returns all nodes which the FE will identify as
# a metrics embed placeholder element # a metrics embed placeholder element
# #
# Removes any nodes beyond the first 100
#
# @return [Nokogiri::XML::NodeSet] # @return [Nokogiri::XML::NodeSet]
def nodes def nodes
@nodes ||= doc.css(METRICS_CSS_CLASS) strong_memoize(:nodes) do
nodes = doc.css(METRICS_CSS_CLASS)
nodes.drop(EMBED_LIMIT).each(&:remove)
nodes
end
end end
# Maps a node to key properties of an embed. # Maps a node to key properties of an embed.
......
...@@ -55,11 +55,29 @@ describe Banzai::Filter::InlineMetricsRedactorFilter do ...@@ -55,11 +55,29 @@ describe Banzai::Filter::InlineMetricsRedactorFilter do
it_behaves_like 'a supported metrics dashboard url' it_behaves_like 'a supported metrics dashboard url'
end end
context 'for an internal non-dashboard url' do context 'the user has requisite permissions' do
let(:url) { urls.project_url(project) } let(:user) { create(:user) }
let(:doc) { filter(input, current_user: user) }
it 'leaves the placeholder' do before do
expect(doc.to_s).to be_empty project.add_maintainer(user)
end
context 'for an internal non-dashboard url' do
let(:url) { urls.project_url(project) }
it 'leaves the placeholder' do
expect(doc.to_s).to be_empty
end
end
context 'with over 100 embeds' do
let(:embed) { %(<div class="js-render-metrics" data-dashboard-url="#{url}"></div>) }
let(:input) { embed * 150 }
it 'redacts ill-advised embeds' do
expect(doc.to_s.length).to eq(embed.length * 100)
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment