The source project of this merge request has been removed.
Add configurable maximum YAML file size and depth
In order to present a solution to the Billion Laughs Attack problem, Gitlab implemented a :ci_yaml_size_limit flag that, when enabled, will raise an error when CI YAML files over a certain size and/or depth are loaded. However these limits are hardcoded at 1 Megabyte for the max_size and 100 for the max_depth, which may be undesirable in certain situations. Currently the only remedy is to disable that flag.
Instead, we would like these limits to be configurable by server administrators, so we have added two fields to ApplicationSetting (max_yaml_size_bytes and max_yaml_depth), which can be configured in a rails console i.e. ApplicationSetting.update(max_yaml_size_bytes: 2.megabytes, max_yaml_depth: 200)