Do not allow too many syntax operators in search terms
Related to gitlab-com/gl-infra/production#16237 (comment 1532286716)
Note: marking as confidential because this is a DOS for search
Summary
Too many OR terms in the search query (specifically for group search, but possible global search and project search) caused high CPU on the search nodes and eventually the system stopped serving search requests.
Need to look into why this is happening from the Elasticsearch side, it might be relevant. The blobs search is doing simple query string with default operator of AND
. The search syntax supported: https://docs.gitlab.com/ee/user/search/advanced_search.html#syntax
relevant links:
Possible fixes
Add something to search params to prevent and alert the user if too many operators are added to the query. We should support some amount but not unlimited and 11 is too many, so less than that.
We should also update documentation to note the limitation