RubyGems - gitlab-secret_detection - Versions diffs - 0.20.5 → 0.20.6 - Mend

gitlab-secret_detection 0.20.5 → 0.20.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/gitlab/secret_detection/grpc/client/grpc_client.rb +41 -1
data/lib/gitlab/secret_detection/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 23578f20fb18d7b642384e60e58139a77e346ae33ace701fa3712d28df0c95fe
-  data.tar.gz: 4abca422e9f0b3c062e500133419442a77b24982eea786484d189857a68b4ddf
+  metadata.gz: cc65583db26adf76bc2c82147e9a0968d3a492650c674021b1b880999ccac7ae
+  data.tar.gz: 1def241bf981547d439b1c2779b15a23906162c48fb25f341518145154c25a4d
 SHA512:
-  metadata.gz: ddee53db684c615a08a70b1b98177f313a727eae17659b1e3219d6899cca02243d39543588574feabd5b53261d14b28b777bb2297b0bc0c2ec80be4bc4ab393c
-  data.tar.gz: 7a6df06f37dba1999c40bbfb241566560f1fdf347b555cf6fa1e29dd6153fa33f78fe44edb6c649cf9ea2e39d5e7003a85fe18306282284c7ee996f296ca8967
+  metadata.gz: daaa4b44fab4a9bdc6afa35e69d9cc0bdb64821d43ad373ea5660c3875191e060b937f89f09b06f7216e836c86d3174da769037929c5407ab1b217e9f1bc4781
+  data.tar.gz: f454b936f67cb98412b77cb83ddcab017e3a5885b87ea2eef6c6248c06854f24f02273bf3c58466c33781495e80b0cb327bb9f2e9fe3f5ae5bc9ac5b0c564a31

data/lib/gitlab/secret_detection/grpc/client/grpc_client.rb CHANGED Viewed

@@ -17,6 +17,9 @@ module Gitlab
         # Time to wait for the response from the service
         REQUEST_TIMEOUT_SECONDS = 10 # 10 seconds
+        # Total payload size limit allowed per scan request
+        MAX_PAYLOAD_SIZE_PER_REQUEST = 4_000_000 # 3.8MiB (0.2MiB buffer for other request props)
         def initialize(host, secure: false, compression: true, logger: nil)
           @host = host
           @secure = secure
@@ -30,6 +33,20 @@ module Gitlab
         # +Gitlab::SecretDetection::Core::Response+ type by assiging a appropriate +status+ value to it.
         def run_scan(request:, auth_token:, extra_headers: {})
           with_rescued_errors do
+            payload_size = calculate_payload_size(request)
+            if payload_size >= MAX_PAYLOAD_SIZE_PER_REQUEST
+              @logger.info(
+                message: "Skipping to send Scan Request to Secret Detection server due to request size overlimit",
+                payload_size:
+              )
+              next Gitlab::SecretDetection::GRPC::ScanResponse.new(
+                results: [],
+                status: SecretDetection::Core::Status::INPUT_ERROR,
+                applied_exclusions: []
+              )
+            end
             grpc_response = stub.scan(
               request,
               metadata: build_metadata(auth_token, extra_headers),
@@ -52,6 +69,19 @@ module Gitlab
           request_stream = Gitlab::SecretDetection::GRPC::StreamRequestEnumerator.new(requests)
           results = []
           with_rescued_errors do
+            has_oversized_request = requests.any? do |request|
+              payload_size = calculate_payload_size(request)
+              payload_size >= MAX_PAYLOAD_SIZE_PER_REQUEST
+            end
+            if has_oversized_request
+              @logger.info("Skipping to send Scan Request to Secret Detection server due to request size overlimit")
+              response = Gitlab::SecretDetection::GRPC::ScanResponse.new(
+                status: SecretDetection::Core::Status::INPUT_ERROR
+              )
+              next (block_given? ? response : [response])
+            end
             stub.scan_stream(
               request_stream.each_item,
               metadata: build_metadata(auth_token, extra_headers),
@@ -123,13 +153,23 @@ module Gitlab
             results: nil,
             metadata: { message: e.details, **e.metadata }
           )
+        rescue ::GRPC::ResourceExhausted => e
+          @logger.error(message: "Secret Detection Server resource exhausted: #{e.details}", **e.metadata)
+          SecretDetection::Core::Response.new(
+            status: SecretDetection::Core::Status::SCAN_ERROR,
+            metadata: { message: e.details, **e.metadata }
+          )
         rescue ::GRPC::Unknown, ::GRPC::BadStatus => e
           SecretDetection::Core::Response.new(
             status: SecretDetection::Core::Status::SCAN_ERROR,
             results: nil,
-            metadata: { message: e.details }
+            metadata: { message: e.details, **e.metadata }
           )
         end
+        def calculate_payload_size(request)
+          request&.payloads&.reduce(0) { |total, p| total + p.data.size + p.id.size }
+        end
       end
     end
   end

data/lib/gitlab/secret_detection/version.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Gitlab
       #  https://gitlab.com/gitlab-org/gitlab/-/issues/514015
       #
       # Ensure to maintain the same version in CHANGELOG file.
-      VERSION = "0.20.5"
+      VERSION = "0.20.6"
       # SD_ENV env var is used to determine which environment the
       # server is running. This var is defined in `.runway/env-<env>.yml` files.

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-secret_detection
 version: !ruby/object:Gem::Version
-  version: 0.20.5
+  version: 0.20.6
 platform: ruby
 authors:
 - group::secret detection
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-03-11 00:00:00.000000000 Z
+date: 2025-03-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc