Skip to content

Self-DoS on a Job (CI) page

Summary

Self-DoS bug on a Job (CI) page in some conditions.

Steps to reproduce

See https://gitlab.com/gitlab-org/gitlab-ce/issues/27724#reproduce

What is the current bug behavior?

XHR requests to the server occur every 4.0 s when browsing a specific Job (formally Build) page. Especially when the response of the XHR is slower than 4.0 sec (typically large and complicated build trace), multiple requests happen, which may cause DoS.

What is the expected correct behavior?

Requests should not be overlapped even if the response is slow (#27724 (closed)).

Relevant logs and/or screenshots

gl-build-trace-json

404 is out of scope of this issue.

You can reproduce this on any Build page listed on and linked from https://gitlab.com/gitlab-org/gitlab-ce/builds?scope=running .

Output of checks

This bug happens on GitLab.com (at least as of 2017-02-14) as well as on a GitLab CE instance.

Possible fixes

Replace setInterval in JS with setTimeout.