Merge branch 'security-psk-fix-external-wiki-integration-dos-17-1' into '17-1-stable-ee'

Fix external wiki integration DoS by changing request to HEAD See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4383 Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by: Terri Chu <tchu@gitlab.com> Co-authored-by: Piotr Skorupa <pskorupa@gitlab.com>

Merge branch 'security-psk-fix-external-wiki-integration-dos-17-1' into '17-1-stable-ee'
3863794e · GitLab Release Tools Bot · c4e9c071 · 8ae880e3 · 3863794e · 3863794e
Commit 3863794e authored 5 months ago by GitLab Release Tools Bot
--- a/app/models/integrations/external_wiki.rb
+++ b/app/models/integrations/external_wiki.rb
@@ -41,8 +41,9 @@ def sections
    end
  
    def execute(_data)
-      response = Gitlab::HTTP.get(properties['external_wiki_url'], verify: true)
-      response.body if response.code == 200
+      response = Gitlab::HTTP.head(properties['external_wiki_url'], verify: true)
+
+      true if response.code == 200
    rescue StandardError
      nil
    end

--- a/spec/models/integrations/external_wiki_spec.rb
+++ b/spec/models/integrations/external_wiki_spec.rb
@@ -34,7 +34,7 @@
  
    context 'the URL is not reachable' do
      before do
-        WebMock.stub_request(:get, url).to_return(status: 404, body: 'not a page')
+        WebMock.stub_request(:head, url).to_return(status: 404)
      end
  
      it 'is not successful' do
@@ -44,7 +44,7 @@
  
    context 'the URL is reachable' do
      before do
-        WebMock.stub_request(:get, url).to_return(status: 200, body: 'foo')
+        WebMock.stub_request(:head, url).to_return(status: 200)
      end
  
      it 'is successful' do