Skip to content
Snippets Groups Projects
Commit 1759060b authored by Bojan Marjanovic's avatar Bojan Marjanovic :five: Committed by Alex Kalderimis
Browse files

Add rate limit on integration testing feature

Changelog: security
parent 9d08d1cb
No related branches found
No related tags found
1 merge request!90257Rate limit the integration testing feature
......@@ -11,6 +11,7 @@ class IntegrationsController < Projects::ApplicationController
before_action :integration, only: [:edit, :update, :test]
before_action :default_integration, only: [:edit, :update]
before_action :web_hook_logs, only: [:edit, :update]
before_action -> { check_rate_limit!(:project_testing_integration, scope: [@project, current_user]) }, only: :test
respond_to :html
......
......@@ -45,7 +45,8 @@ def rate_limits # rubocop:disable Metrics/AbcSize
search_rate_limit_unauthenticated: { threshold: -> { application_settings.search_rate_limit_unauthenticated }, interval: 1.minute },
gitlab_shell_operation: { threshold: 600, interval: 1.minute },
pipelines_create: { threshold: -> { application_settings.pipeline_limit_per_project_user_sha }, interval: 1.minute },
temporary_email_failure: { threshold: 50, interval: 1.day }
temporary_email_failure: { threshold: 50, interval: 1.day },
project_testing_integration: { threshold: 5, interval: 1.minute }
}.freeze
end
......
......@@ -138,7 +138,7 @@ def do_put
end
end
context 'when unsuccessful' do
context 'when unsuccessful', :clean_gitlab_redis_rate_limiting do
it 'returns an error response when the integration test fails' do
stub_request(:get, 'http://example.com/rest/api/2/serverInfo')
.to_return(status: 404)
......@@ -184,6 +184,26 @@ def do_put
end
end
end
context 'when the endpoint receives requests above the limit', :freeze_time, :clean_gitlab_redis_rate_limiting do
before do
allow(Gitlab::ApplicationRateLimiter).to receive(:rate_limits)
.and_return(project_testing_integration: { threshold: 1, interval: 1.minute })
end
it 'prevents making test requests' do
stub_jira_integration_test
expect_next_instance_of(::Integrations::Test::ProjectService) do |service|
expect(service).to receive(:execute).and_return(http_status: 200)
end
2.times { post :test, params: project_params(service: integration_params) }
expect(response.body).to eq(_('This endpoint has been requested too many times. Try again later.'))
expect(response).to have_gitlab_http_status(:too_many_requests)
end
end
end
describe 'PUT #update' do
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment