Ensure timeout is a number (!35) · Merge requests · GitLab.org / GitLab Markup

I was looking at !33 (merged) to see what it was about as I was including it in the changelog of !34 (c67459fb) and I figured I'd do this quick change while I'm here and we're about to cut a release.

This MR forces GITLAB_MARKUP_TIMEOUT to be an integer to avoid command injection. This is very much defense in depth as if we're in a situation where an attacker can control an environment variable we're probably in deep trouble but it was low effort.

Edited Dec 02, 2021 by Dominic Couture

Ensure timeout is a number

Merge request reports