Skip to content

GitLab

Closed
Created by Administrator@rootOwner

search: internal server error if merge request refers to a removed project

Created by: lindi2

Steps to reproduce:

  1. as user Timo: create project p1
  2. as user Timo: add some commits to p1
  3. as user lindi: fork project p1
  4. as user lindi: add some commits to lindi/p1
  5. as user lindi: create merge request from lindi1/p1 to Timo /p1
  6. as user Timo: accept the merge request
  7. as user lindi: remove the project lindi/p1
  8. as any user: try to do a search for XqtXmRXXEJ7a on the main dashboard. You can do this also by trying to visit https://gitlab.com/search?utf8=%E2%9C%93&search=XqtXmRXXEJ7a&group_id=&repository_ref= where I have created repositories that reproduce the problem on gitlab.com

Expected results: 8) Merge request is shown

Actual results: 8) Server generates the following error message:

500

We're sorry, but something went wrong.

Please contact your GitLab administrator if this problem persists.

More info:

  1. On our local instance I can see the following errors in logs:
Started GET "/search?utf8=%E2%9C%93&search=nessus&group_id=&repository_ref=" for 127.0.0.1 at 2014-05-28 07:45:00 +0300
Processing by SearchController#show as HTML
  Parameters: {"utf8"=>"✓", "search"=>"nessus", "group_id"=>"", "repository_ref"=>""}
  Rendered search/_filter.html.haml (48.4ms)
  Rendered search/results/_project.html.haml (1.8ms)
  Rendered search/results/_merge_request.html.haml (4.2ms)
  Rendered search/_global_results.html.haml (8.1ms)
  Rendered search/_results.html.haml (8.3ms)
  Rendered search/show.html.haml within layouts/search (58.6ms)
Completed 500 Internal Server Error in 180ms

ActionView::Template::Error (undefined method `name_with_namespace' for nil:NilClass):
     5:     %strong.term
     6:       = truncate merge_request.title, length: 50
     7:   - if merge_request.for_fork?
     8:     %span.light (#{merge_request.source_project.name_with_namespace}:#{merge_request.source_branch} → #{merge_request.target_project.name_with_namespace}:#{merge_request.target_branch})
     9:   - else
    10:     %span.light (#{merge_request.source_branch} → #{merge_request.target_branch})
    11:   - if merge_request.closed?
  app/views/search/results/_merge_request.html.haml:8:in `_app_views_search_results__merge_request_html_haml___4531042144150949273_70125126118800'
  app/views/search/_global_results.html.haml:4:in `_app_views_search__global_results_html_haml__3428260917401271915_70125126844620'
  app/views/search/_results.html.haml:13:in `_app_views_search__results_html_haml___2698521179269603994_70125125761400'
  app/views/search/show.html.haml:20:in `block in _app_views_search_show_html_haml__989800632865470255_70125117770440'
  app/views/search/show.html.haml:1:in `_app_views_search_show_html_haml__989800632865470255_70125117770440'
  app/controllers/application_controller.rb:58:in `set_current_user_for_thread'

  1. It seems that merge_request.source_project in app/views/search/results/_merge_request.html.haml is nil since the project has been removed.

  2. This allows any user to cause a denial of service if they mention popular search terms in the merge request description.