Investigate vulnerability: Fuzzing injection via '/api/v4/projects/68/terraform/state/32' on 'POST gitlab-review-384040-reo-eahq4p.gitlab-review.app/api/v4/projects/68/terraform/state/32/lock'
Issue created from vulnerability 65173053
Description:
Fuzzing performes non-specific injections into target field in an attempt to cause unexpected behaviour of the target. Fuzzing can find injection style issues, buffer overflows, memory corruption, stability issues, and others. Fuzzing consists of sending mutated/semi-malformed data injections in an automated fashion to the target.
The 'mutator' is the data generator in use when the issue was identified.
Mutator: StringLengthVariance
Parameter Original Value: 32
Parameter Mutated Value: 323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323
- Severity: unknown
- Confidence: unknown
Evidence
API Log
{
"time": "2022-12-13T06:51:44.427Z",
"severity": "INFO",
"duration_s": 0.3883,
"db_duration_s": 0.11688,
"view_duration_s": 0.27142,
"status": 500,
"method": "POST",
"path": "/api/v4/projects/19/terraform/state/323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323/lock",
"params": [
{
"key": "ID",
"value": "string-without-format"
},
{
"key": "Operation",
"value": "string-without-format"
},
{
"key": "Info",
"value": "string-without-format"
},
{
"key": "Who",
"value": "string-without-format"
},
{
"key": "Version",
"value": "string-without-format"
},
{
"key": "Created",
"value": "string-without-format"
},
{
"key": "Path",
"value": "string-without-format"
}
],
"host": "gitlab.localdev",
"remote_ip": "172.16.123.1",
"ua": "PostmanRuntime/7.29.2",
"route": "/api/:version/projects/:id/terraform/state/:name/lock",
"user_id": 1,
"username": "root",
"token_type": "PersonalAccessToken",
"token_id": 3,
"exception.class": "ActiveRecord::ValueTooLong",
"exception.message": "PG::StringDataRightTruncation: ERROR: value too long for type character varying(255)\n",
"exception.backtrace": [
"app/models/concerns/cross_database_modification.rb:92:in `block in transaction'",
"lib/gitlab/database.rb:333:in `block in transaction'",
"lib/gitlab/database.rb:332:in `transaction'",
"app/models/concerns/cross_database_modification.rb:83:in `transaction'",
"app/services/terraform/remote_state_handler.rb:73:in `create_or_find!'",
"app/services/terraform/remote_state_handler.rb:62:in `retrieve_with_lock'",
"app/services/terraform/remote_state_handler.rb:33:in `lock!'",
"lib/api/terraform/state.rb:165:in `block (3 levels) in <class:State>'",
"ee/lib/gitlab/middleware/ip_restrictor.rb:14:in `block in call'",
"ee/lib/gitlab/ip_address_state.rb:10:in `with'",
"ee/lib/gitlab/middleware/ip_restrictor.rb:13:in `call'",
"lib/api/api_guard.rb:215:in `call'",
"lib/gitlab/middleware/memory_report.rb:13:in `call'",
"lib/gitlab/middleware/speedscope.rb:13:in `call'",
"lib/gitlab/query_limiting/middleware.rb:17:in `block in call'",
"lib/gitlab/query_limiting/transaction.rb:45:in `run'",
"lib/gitlab/query_limiting/middleware.rb:16:in `call'",
"lib/gitlab/jira/middleware.rb:19:in `call'",
"lib/gitlab/middleware/go.rb:20:in `call'",
"lib/gitlab/etag_caching/middleware.rb:21:in `call'",
"lib/gitlab/middleware/query_analyzer.rb:11:in `block in call'",
"lib/gitlab/database/query_analyzer.rb:37:in `within'",
"lib/gitlab/middleware/query_analyzer.rb:11:in `call'",
"lib/gitlab/middleware/multipart.rb:173:in `call'",
"lib/gitlab/middleware/read_only/controller.rb:50:in `call'",
"lib/gitlab/middleware/read_only.rb:18:in `call'",
"lib/gitlab/middleware/same_site_cookies.rb:27:in `call'",
"lib/gitlab/middleware/handle_malformed_strings.rb:21:in `call'",
"lib/gitlab/middleware/basic_health_check.rb:25:in `call'",
"lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'",
"lib/gitlab/middleware/request_context.rb:21:in `call'",
"lib/gitlab/middleware/webhook_recursion_detection.rb:15:in `call'",
"config/initializers/fix_local_cache_middleware.rb:11:in `call'",
"lib/gitlab/middleware/compressed_json.rb:37:in `call'",
"lib/gitlab/middleware/static.rb:11:in `call'",
"lib/gitlab/webpack/dev_server_middleware.rb:34:in `perform_request'",
"lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:in `call'",
"lib/gitlab/middleware/sidekiq_web_static.rb:20:in `call'",
"lib/gitlab/metrics/requests_rack_middleware.rb:77:in `call'",
"lib/gitlab/middleware/release_env.rb:13:in `call'"
],
"exception.sql": "INSERT INTO \"terraform_states\" (\"project_id\", \"created_at\", \"updated_at\", \"uuid\", \"name\") VALUES ($1, $2, $3, $4, $5) RETURNING \"id\" /*application:web,correlation_id:01GM541RETWPXG6QGQ6NR74NVZ,endpoint_id:POST /api/:version/projects/:id/terraform/state/:name/lock,db_config_name:main,line:/app/models/concerns/cross_database_modification.rb:92:in `block in transaction'*/",
"redis_calls": 12,
"redis_duration_s": 0.002808,
"redis_read_bytes": 1064,
"redis_write_bytes": 569,
"redis_cache_calls": 6,
"redis_cache_duration_s": 0.002004,
"redis_cache_read_bytes": 1048,
"redis_cache_write_bytes": 347,
"redis_shared_state_calls": 6,
"redis_shared_state_duration_s": 0.000804,
"redis_shared_state_read_bytes": 16,
"redis_shared_state_write_bytes": 222,
"db_count": 0,
"db_write_count": 0,
"db_cached_count": 0,
"db_replica_count": 0,
"db_primary_count": 0,
"db_main_count": 0,
"db_ci_count": 0,
"db_main_replica_count": 0,
"db_ci_replica_count": 0,
"db_replica_cached_count": 0,
"db_primary_cached_count": 0,
"db_main_cached_count": 0,
"db_ci_cached_count": 0,
"db_main_replica_cached_count": 0,
"db_ci_replica_cached_count": 0,
"db_replica_wal_count": 0,
"db_primary_wal_count": 0,
"db_main_wal_count": 0,
"db_ci_wal_count": 0,
"db_main_replica_wal_count": 0,
"db_ci_replica_wal_count": 0,
"db_replica_wal_cached_count": 0,
"db_primary_wal_cached_count": 0,
"db_main_wal_cached_count": 0,
"db_ci_wal_cached_count": 0,
"db_main_replica_wal_cached_count": 0,
"db_ci_replica_wal_cached_count": 0,
"db_replica_duration_s": 0,
"db_primary_duration_s": 0,
"db_main_duration_s": 0,
"db_ci_duration_s": 0,
"db_main_replica_duration_s": 0,
"db_ci_replica_duration_s": 0,
"cpu_s": 1.763957,
"pid": 94483,
"worker_id": "puma_0",
"rate_limiting_gates": [],
"correlation_id": "01GM541RETWPXG6QGQ6NR74NVZ",
"meta.caller_id": "POST /api/:version/projects/:id/terraform/state/:name/lock",
"meta.remote_ip": "172.16.123.1",
"meta.feature_category": "infrastructure_as_code",
"meta.user": "root",
"meta.user_id": 1,
"meta.project": "gitlab-instance-88c4ecd7/Monitoring",
"meta.root_namespace": "gitlab-instance-88c4ecd7",
"meta.client_id": "user/1",
"meta.subscription_plan": "default",
"content_length": "226",
"request_urgency": "low",
"target_duration_s": 5
}Request:
content-type : application/json
Host : gitlab-review-384040-reo-eahq4p.gitlab-review.app:443
Accept : */*
Connection : keep-alive
Via : HTTP/1.1 GitLabApiSecurity 2.0.102
PRIVATE-TOKEN : XXXXXXXXXX
content-length : 226Response:
Date : Tue, 29 Nov 2022 18:48:11 GMT
Content-Type : application/json
Content-Length : 39
Connection : keep-alive
Cache-Control : no-cache
Vary : Origin
X-Request-Id : 01GK2BFGYJWS6ZH9AN6NHX293K
X-Runtime : 1.402420
Strict-Transport-Security : max-age=63072000
Referrer-Policy : strict-origin-when-cross-originIdentifiers:
Scanner:
- Name: GitLab API Fuzzing
Edited by 🤖 GitLab Bot 🤖