Skip to content

Follow-up from "Fix ReDOS in bulk_imports endpoint params"

The following discussion from gitlab-org/security/gitlab!3464 should be addressed:

  • @.luke started a discussion:

    The change in this leaves Gitlab::Regex::BulkImports as a source of error messages only, and no regexes.

    We need to move the error messages somewhere else and delete Gitlab::Regex::BulkImports, but I'd like to do this refactor later in our canonical repo after this security MR merges, to limit the change in this security fix. (I tried this refactor locally, and it does introduce a few extra problems that would be best to work around in canonical rather than make this MR larger).