Merge branch 'security-psk-fix-external-wiki-integration-dos-17-3' into '17-3-stable-ee'

Fix external wiki integration DoS by changing request to HEAD See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4381 Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by: Terri Chu <tchu@gitlab.com> Co-authored-by: Piotr Skorupa <pskorupa@gitlab.com>

Merge branch 'security-psk-fix-external-wiki-integration-dos-17-3' into '17-3-stable-ee'
89504a1f · GitLab Release Tools Bot · 8a7a7657 · 20a6c608 · 89504a1f · 89504a1f
Commit 89504a1f authored 5 months ago by GitLab Release Tools Bot
--- a/app/models/integrations/external_wiki.rb
+++ b/app/models/integrations/external_wiki.rb
@@ -43,8 +43,9 @@ def sections
    end
  
    def execute(_data)
-      response = Gitlab::HTTP.get(properties['external_wiki_url'], verify: true)
-      response.body if response.code == 200
+      response = Gitlab::HTTP.head(properties['external_wiki_url'], verify: true)
+
+      true if response.code == 200
    rescue StandardError
      nil
    end

--- a/spec/models/integrations/external_wiki_spec.rb
+++ b/spec/models/integrations/external_wiki_spec.rb
@@ -34,7 +34,7 @@
  
    context 'the URL is not reachable' do
      before do
-        WebMock.stub_request(:get, url).to_return(status: 404, body: 'not a page')
+        WebMock.stub_request(:head, url).to_return(status: 404)
      end
  
      it 'is not successful' do
@@ -44,7 +44,7 @@
  
    context 'the URL is reachable' do
      before do
-        WebMock.stub_request(:get, url).to_return(status: 200, body: 'foo')
+        WebMock.stub_request(:head, url).to_return(status: 200)
      end
  
      it 'is successful' do