From e34cba8c9c127203e56f3679cd627d2d1d72f54e Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Mon, 28 Aug 2017 15:51:00 -0400
Subject: Bug 1393643 - Add whitelist to rate limiting code (#220)

* Bug 1393643 - Add whitelist to rate limiting code

* use version that has new module

* add memcache to bloomfilter loading
---
 Bugzilla.pm | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'Bugzilla.pm')

diff --git a/Bugzilla.pm b/Bugzilla.pm
index cf004d4fc..bf8f99625 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -42,6 +42,7 @@ use Bugzilla::Token;
 use Bugzilla::User;
 use Bugzilla::Util;
 use Bugzilla::CPAN;
+use Bugzilla::Bloomfilter;
 
 use Bugzilla::Metrics::Collector;
 use Bugzilla::Metrics::Template;
@@ -765,7 +766,7 @@ sub elastic {
 }
 
 sub check_rate_limit {
-    my ($class, $name, $id) = @_;
+    my ($class, $name, $ip) = @_;
     my $params = Bugzilla->params;
     if ($params->{rate_limit_active}) {
         my $rules = decode_json($params->{rate_limit_rules});
@@ -774,9 +775,15 @@ sub check_rate_limit {
              warn "no rules for $name!";
              return 0;
         }
-        if (Bugzilla->memcached->should_rate_limit("$name:$id", @$limit)) {
-            Bugzilla->audit("[rate_limit] $id exceeds rate limit $name: " . join("/", @$limit));
-            ThrowUserError("rate_limit");
+        if (Bugzilla->memcached->should_rate_limit("$name:$ip", @$limit)) {
+            my $action = 'block';
+            my $filter = Bugzilla::Bloomfilter->lookup("rate_limit_whitelist");
+            if ($filter && $filter->test($ip)) {
+                $action = 'ignore';
+            }
+            my $limit = join("/", @$limit);
+            Bugzilla->audit("[rate_limit] action=$action, ip=$ip, limit=$limit");
+            ThrowUserError("rate_limit") if $action eq 'block';
         }
     }
 }
-- 
cgit v1.2.3-24-g4f1b